03-31-2014 08:11 AM - edited 03-10-2019 09:35 PM
We are running NAC 4.9.1 and I am trying to think of a way to deny any Windows XP client from getting full network acces. I created a new check that looks at the registry key under:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
For any string that contains "Windows XP". I have it on Audit right now and I can see in the logs the XP mahcines are hitting this requirement.
Now, how can I deny on this check?
Solved! Go to Solution.
03-31-2014 08:43 PM
Hello,
The NAC itself has on the compliance rules the different OS's that you want to allow on your network.
Just create a compliance rule saying that you only allow windows 7. This will work much better than the registry condition.
I used to support this product back in Cisco but unfortunately I dont have access to one NAC server so I dont remember where is this option exactly.
If you need more assistance feel free to ask and I will be happy to assist.
Regards,
Erdelgad
03-31-2014 08:43 PM
Hello,
The NAC itself has on the compliance rules the different OS's that you want to allow on your network.
Just create a compliance rule saying that you only allow windows 7. This will work much better than the registry condition.
I used to support this product back in Cisco but unfortunately I dont have access to one NAC server so I dont remember where is this option exactly.
If you need more assistance feel free to ask and I will be happy to assist.
Regards,
Erdelgad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide