Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1802
Views
3
Helpful
5
Replies

ISE - NAC agent profile

Go to solution
eng.malak
Level 1
Level 1

‎06-22-2013 09:52 AM - edited ‎03-10-2019 08:34 PM

Dears

I want to deploy NAC agent via GPO and I need to create agent profile , I know how to create it on ISE but how i get the file in xml format to be distributed ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eduardo Aliaga
Level 4
Level 4
In response to eng.malak

‎06-23-2013 07:08 AM

You can try installing only one PC (either by manual installation or by captive portal). If you have configured the posture rules in ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml available.

Then you could browse the following directory and find the NACAgentcfg.xml file in your PC.

C:\Program Files (x86)\Cisco\Cisco NAC Agent

After that you can mass deploy the NAC agent along with the xml file. Although is not mandatory to deploy the xml file  because as a I said, every time there's a posture rule the NAC agent will download the last NACAgentcfg.xml available from ISE server.

Please rate if it helps.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Octavian Szolga
Level 4
Level 4

‎06-22-2013 10:12 AM

You can deploy a NAC Agent Profile to all your domain users using ISE itself (Client Provisioning).

Even though the rule will also provision domain users with NAC Agent client itself (mandatory), the users won't be able to install it manually.

Still, any other settings related to NAC Agent functionality (xml file, customization settings, etc) will be applied for that specific user and will be persistent.

0 Helpful

Go to solution
Eduardo Aliaga
Level 4
Level 4
In response to Octavian Szolga

‎06-22-2013 11:51 PM

Hi. You must put the NACagentsetup-win-4.9.xxx.msi and the NACAgentcfg.xml in the same directory and share it with all the machines you want to deploy .

Then you can trigger remotely the following installation command.

msiexec.exe /i \\sharedfolder\NACAgentSetup-win-4.9.0.51.msi /qn /l*v c:\tempNAC\agent-install.log

There are lots of ways and Windows tools to trigger that command remotely. For example you could use "pstools".

http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

Please rate if that helps.

0 Helpful

Go to solution
eng.malak
Level 1
Level 1
In response to Eduardo Aliaga

‎06-23-2013 01:53 AM

Dears

My question is about how to get and customize the agent profile in xml format to put it with installer in the same directory

0 Helpful

Go to solution
Eduardo Aliaga
Level 4
Level 4
In response to eng.malak

‎06-23-2013 07:08 AM

You can try installing only one PC (either by manual installation or by captive portal). If you have configured the posture rules in ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml available.

Then you could browse the following directory and find the NACAgentcfg.xml file in your PC.

C:\Program Files (x86)\Cisco\Cisco NAC Agent

After that you can mass deploy the NAC agent along with the xml file. Although is not mandatory to deploy the xml file  because as a I said, every time there's a posture rule the NAC agent will download the last NACAgentcfg.xml available from ISE server.

Please rate if it helps.

0 Helpful

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎06-30-2013 09:22 AM

Chek this link it may be of help, its related to Creating Agent Customization Files

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_client_prov.html#wp1217482

Customers Also Viewed These Support Documents