Solved: Hello, The NAC itself has on

Pete89 · ‎03-31-2014

We are running NAC 4.9.1 and I am trying to think of a way to deny any Windows XP client from getting full network acces. I created a new check that looks at the registry key under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName

For any string that contains "Windows XP". I have it on Audit right now and I can see in the logs the XP mahcines are hitting this requirement.

Now, how can I deny on this check?

edelgado · ‎03-31-2014

Hello,

The NAC itself has on the compliance rules the different OS's that you want to allow on your network.

Just create a compliance rule saying that you only allow windows 7. This will work much better than the registry condition.

I used to support this product back in Cisco but unfortunately I dont have access to one NAC server so I dont remember where is this option exactly.

If you need more assistance feel free to ask and I will be happy to assist.

Regards,

Erdelgad

View solution in original post

edelgado · ‎03-31-2014