09-27-2019 11:48 PM - edited 02-21-2020 11:10 AM
Hi All.
I want to classify my Clients as Win7 32bit and Win7 64 bit( I want to install some Apps based on os architectures via ISE Posture File remediation and I know this procedure) in Cisco ISE v2.4. Ho can I do that classification? already, I have configured an authorization rule based on Attribute "Session OS-Architecture:32bit/64bit", but it doesn't work(only profile Microsoft-workstation).
Thanks so much,
Sina HR.
Solved! Go to Solution.
09-29-2019 01:29 PM
Thanks Colby.lemaire.
when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.
09-30-2019 06:09 AM
Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD. If you want to push files out to a machine, that would be under the Posture Policy. You check to see if the file exists and if not, have a file remediation action.
09-28-2019 08:21 AM
First thought is that ISE is not meant to be a software distribution or patch management system. I would highly recommend looking into something like SCCM to accomplish what you are looking for.
With that said, if you still want to be able to profile the endpoints based on OS details, you will probably need to enable the Active Directory probe and ISE will get the information about the client from AD. But it will probably not be 100% which is why I wouldn't rely on ISE for pushing files out.
09-29-2019 01:29 PM
Thanks Colby.lemaire.
when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.
09-30-2019 06:09 AM
Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD. If you want to push files out to a machine, that would be under the Posture Policy. You check to see if the file exists and if not, have a file remediation action.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide