Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
1
Replies

Permissions required for ISE 2.4 psexec Agentless in the Visibility Wizard

jonaowen
Cisco Employee
Cisco Employee

‎06-26-2018 07:47 PM

Can we clarify with an official response document.. what are the permissions required for that 'Agentless' deployment to happen? Can this definitely run in user space, or does it required escalated privileges?

This is required to satisfy two Banking agencies who are looking to role out ISE from their existing Wireless Guest deployment to a full blown deployment and an opportunity for thousands of devices. But we need to deliver answer on capability. Thanks in advance.

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎06-29-2018 03:51 PM

This is a Proof-of-Concept (PoC) feature so no official documentation and the support limited.

iseExec (or sometimes referring as psExec) requires using user credentials with Administrative privileges to the Windows computers.

If the account is a local user but not an Active Directory domain user, then it also needs updating the remote UAC LocalAccountTokenFilterPolicy registry settings as below:

  • On the client OS, launch regedit.exe
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • Add a new DWORD with name LocalAccountTokenFilterPolicy; set its value to 1

This is due to the User Account Control (UAC) by default does not allow a local user account to remote administer the computer

0 Helpful
Customers Also Viewed These Support Documents