cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

398
Views
0
Helpful
8
Replies
Highlighted
Beginner

Cisco ISE with Trustsec for Multiple Windows Session

Hi all,

Currently I have PoV in my customer with a use case where they want to secure multiple user session from single Windows Host PC.

So it basically like this:

  • They have Host PC where the actual Windows is installed
  • Then they have some sort of thin client to make RDP session to this Host PC.
  • One Host PC can be RDP by more than one client using some sort of software. So it will be like having multiple user login in Windows. the difference is all the user can use simultaneously.
  • The goal is to separate access from multiple user logging in to a same Host PC using ISE. Because sometime different user with different access permission connecting to a single Host PC.

Anyone have idea or experience how to achieve this?

Maybe with implement Trustsec SGT can achieve this?

I tried to use multi-auth in switch port, but failed. only the first user have to authenticate, the rest will be automatically authenticated.

Any idea will help.

Thank you in advanced.

Regards,

Kevin

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

You're saying that at one time on same operating system multiple people will be logged in?

No there is no way for the client to do this

The client would have to provide a Dot1x session for each user that logs in so that we can authenticate and provide different access permissions (Tag)

View solution in original post

8 REPLIES 8
Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

I tried to use multi-auth in switch port, but failed. only the first user have to authenticate, the rest will be automatically authenticated.

This is a limitation of RDP.  Microsoft has no plans (publicly) to change this.

Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

You're saying that at one time on same operating system multiple people will be logged in?

No there is no way for the client to do this

The client would have to provide a Dot1x session for each user that logs in so that we can authenticate and provide different access permissions (Tag)

View solution in original post

Highlighted
Beginner

Re: Cisco ISE with Trustsec for Multiple Windows Session

Hi Jason,

So you're saying that there's no way to authenticate each user that log in from same windows OS at the same time?

Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

Correct. 802.1X is for the endpoint client device as a whole. Thus, either allow one user login at a time, or authenticate computer instead of user.

Highlighted
Beginner

Re: Cisco ISE with Trustsec for Multiple Windows Session

Hi hslai,

You say that authenticate computer instead, is it mean machine authentication? Can this be use to authenticate multiple user login?

Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

The computer auth is on the 802.1X supplicant level for network access. RDP user login will be done by the regular Windows remote terminal access, either local or by Active Directory.

Highlighted
Beginner

Re: Cisco ISE with Trustsec for Multiple Windows Session

So it means, for the time being, there's no way to authenticate multiple users that are login to a single windows, even with Trustsec SGT solution? I just need to clarified that so I can move to alternative solution to secure the environment with ISE.

Highlighted
Cisco Employee

Re: Cisco ISE with Trustsec for Multiple Windows Session

That is correct.