Is it any way to configure ISE Posture Policy (some conditions) that ISE analyzes user level of priviliges on remote computer (on computer from which he trys to orginize anyconnect VPN connection)? If user has priviliges of administrator on remote machine it's non-compliant variant. If user doesn`t have administraton`s privilege on remote computer it`s compliant variant.
Are these RA clients not a part of your domain? If they are IMO it would be easier to rely on GPOs for your local admin concern and AD username mapping to steer authorization policy accordingly for non admin users. I am not 100% sure on an exact reg key. This would need to be researched to determine if possible and then properly tested. I was sharing it as a suggestion. HTH!
AFAIK there is nothing out of the box that would meet this desire. However, that does not mean that it is completely out of question. I would suggest trying to determine if it's possible via registry keys or something along those lines. What is the desire for this?
Are these RA clients not a part of your domain? If they are IMO it would be easier to rely on GPOs for your local admin concern and AD username mapping to steer authorization policy accordingly for non admin users. I am not 100% sure on an exact reg key. This would need to be researched to determine if possible and then properly tested. I was sharing it as a suggestion. HTH!
