ā09-27-2019 11:48 PM - edited ā02-21-2020 11:10 AM
Hi All.
I want to classify my Clients as Win7 32bit and Win7 64 bit( I want to install some Apps based on os architectures via ISE Posture File remediation and I know this procedure) in Cisco ISE v2.4. Ho can I do that classification? already, I have configured an authorization rule based on Attribute "Session OS-Architecture:32bit/64bit", but it doesn't work(only profile Microsoft-workstation).
Thanks so much,
Sina HR.
Solved! Go to Solution.
ā09-29-2019 01:29 PM
Thanks Colby.lemaire.
when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.
ā09-30-2019 06:09 AM
Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD. If you want to push files out to a machine, that would be under the Posture Policy. You check to see if the file exists and if not, have a file remediation action.
ā09-28-2019 08:21 AM
First thought is that ISE is not meant to be a software distribution or patch management system. I would highly recommend looking into something like SCCM to accomplish what you are looking for.
With that said, if you still want to be able to profile the endpoints based on OS details, you will probably need to enable the Active Directory probe and ISE will get the information about the client from AD. But it will probably not be 100% which is why I wouldn't rely on ISE for pushing files out.
ā09-29-2019 01:29 PM
Thanks Colby.lemaire.
when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.
ā09-30-2019 06:09 AM
Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD. If you want to push files out to a machine, that would be under the Posture Policy. You check to see if the file exists and if not, have a file remediation action.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: