Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
3
Replies

ISE Lockdown user

cisco8887
Level 2
Level 2

‎08-23-2017 07:22 AM - edited ‎02-21-2020 10:32 AM

All,

few questions on topic of ISE today :) and think this one deserves its own thread

 

Can you lock down users in windows not to type their login details and use single sign on ?

I suppose use by using group policy and on the machine configuring dot1x for the user only and not machine( we are not authenticating the machine)

 

Thanks

 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎08-23-2017 10:21 AM

Yes, you can configure a group policy to configure 802.1x on a computer to authenticate a user, this can be transparent. Either EAP-TLS (certificate) or PEAP/MSCHAPv2 (username and password) - both methods can be transparent, assuming the computer is trusting the certificates.

 

Any reason why not doing computer authentication? You can do both, the benefit of authenticating the computer is that computer gpo are processed.

 

HTH

0 Helpful

cisco8887
Level 2
Level 2
In response to Rob Ingram

‎08-23-2017 11:56 AM

thanks for this

 

do you have any article to show the process for wlc 8 and ise 2.2?

 

what do you mean by it applies GPOs?

0 Helpful

Rob Ingram
VIP
VIP
In response to cisco8887

‎08-23-2017 12:30 PM

Here is the best place for ISE configuration guides

https://communities.cisco.com/docs/DOC-64012

 

What I mean by gpo i was referring to the windows group policies. When the computer boots up it updates the computer group policies, when a user logins it processes user group policies. So you may want to authenticate the user and computer to ensure all group policies are updated.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents