Solved: ISE 1.3 Issues with domain computer and remote desktop?

KhayaZondo · ‎12-30-2021

I have a rather large problem that is causing grief with an ISE rollout.

The workstations that we have are 99% running windows 7.

We have administrators that want to be able to log in via remote desktop when the users aren't present (i.e. after a Wake on LAN request) and troubleshoot issues.

When they do this windows does not treat the remote desktop session as an interactive login and hence the computer does not jump from the domain to the user policy.

I am after suggestions on how we can get this working.

Is it possible for the Anyconnect supplicant to treat the remote login as an interactive login (we aren't using AnyConnect as a supplicant at the moment)?

Or is there another way - I can't believe that we there isn't a known function for bypassing this issue.

Alternatively I could just move back to computer authentication and give the computer account full access.

Thanks in advance

VidMate Mobdro

thomas · ‎01-15-2022

First, ISE 1.3 is no longer supported so you should upgrade. https://cs.co/ise-software

Microsoft does not consider an RDP login to be worthy of an 802.1x user authentication. This has been an issue for years.

You may want to try using Cisco AnyConnect with the NAM module and Single Sign On "Single User" Enforcement.

View solution in original post

thomas · ‎01-15-2022

First, ISE 1.3 is no longer supported so you should upgrade. https://cs.co/ise-software

Microsoft does not consider an RDP login to be worthy of an 802.1x user authentication. This has been an issue for years.

You may want to try using Cisco AnyConnect with the NAM module and Single Sign On "Single User" Enforcement.