Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3138
Views
0
Helpful
3
Replies

How to Configure ISE posture to check windows 10 is running the latest update

Go to solution
Drthrax
Level 1
Level 1

‎03-10-2020 05:19 AM

Hello guys , 

How can I configure ISE 2.6 posture to check that windows is running the latest update otherwise it will mark the endpoint as non-compliant.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Drthrax

‎03-10-2020 08:33 AM

Step by step deployment can be found here: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273
Leveraging a reg key to accomplish your goal would require you to update the key when new OS versions are released. The good thing is that you can support a check for multiple versions by utilizing the greater than or equal to condition. Check out labminutes.com as well for free vid tutorials.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-10-2020 06:16 AM

One option is via reg check: SOFTWARE\Microsoft\Windows NT\CurrentVersion\
You will need to determine the value data for the key and the corresponding version you wish to target. I currently use this in our environment and works great. You can do greater than or equal to, etc. HTH!
0 Helpful

Go to solution
Drthrax
Level 1
Level 1
In response to Mike.Cifelli

‎03-10-2020 07:45 AM

Can you please elaborate how did you do that , step by step .
In addition in your case don't you need to change the reg info on ISE everytime we have a new windows update ?
0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Drthrax

‎03-10-2020 08:33 AM

Step by step deployment can be found here: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273
Leveraging a reg key to accomplish your goal would require you to update the key when new OS versions are released. The good thing is that you can support a check for multiple versions by utilizing the greater than or equal to condition. Check out labminutes.com as well for free vid tutorials.
0 Helpful
Customers Also Viewed These Support Documents