Solved: It is not possible. The

Phillip Macey · ‎02-23-2015

Does anyone know if it is possible (or not) to have a windows machine posture assessed on boot? ie. before anyone logs in on it. Currently, I have to log in on my machine before the assessment starts. It would be good to have assessment begin as soon as the machine boots so that (assuming the machine passes assessment) it is completed by the time I log in. We are using the NAC Agent with ISE1.2.

Thanks in advance for your thoughts.

jan.nielsen · ‎02-24-2015

As far as i know, the posture agent does not do anything before user has logged in, i have never seen a posture report in ise, that indicates anything else, because you would get many failed posture compliance checks, if it did (checking user keys, user files, av status and so on in machine land).

View solution in original post

nspasov · ‎02-25-2015

It is not possible. The Windows Logon process and similar functions happen before the NAC/Posture agent starts/loads up.

Thank you for rating helpful posts!

View solution in original post

jan.nielsen · ‎02-24-2015

What things where you thinking you could check when the machine is booting ?

Phillip Macey · ‎02-24-2015

Stuff that is not (I assume) dependent on the user logging in. eg. AV is installed (and running?), some registry keys.

jan.nielsen · ‎02-24-2015

As far as i know, the posture agent does not do anything before user has logged in, i have never seen a posture report in ise, that indicates anything else, because you would get many failed posture compliance checks, if it did (checking user keys, user files, av status and so on in machine land).

nspasov · ‎02-25-2015

It is not possible. The Windows Logon process and similar functions happen before the NAC/Posture agent starts/loads up.

Thank you for rating helpful posts!

Pre-login posture assessment - possible with ISE?