01-24-2019 08:25 AM - edited 02-21-2020 09:33 PM
Hi All,
Have deployed Cisco ISE 2.3 and I am trying to do some Posture with Anyconnect. However I am having issues with requirement to start a service on users computer. It appears as if the application I am trying to launch runs in user context and thus might not have necessary permissions to start the service.
I have created Condition for Service to check if "acwebsecagent" is running (Cisco Cloud Web Security service)
Then I created Launch Program Remediation - which starts cmd.exe with Program Parameters /c sc start acwebsecagent
Any advice would be appreciated.
01-24-2019 11:29 AM
01-24-2019 11:49 PM
Hi Surendra, thanks for your reply.
Sure, here are the details below:
It might be useful to know, application which get launched as part of the ISE Posture, are they meant to run in user context of the computer?
01-25-2019 02:32 AM
01-25-2019 04:57 PM
Sorry for the confusion, I did not state that it worked before.
So apart from checking and doing basic remedies, Anyconnect is not able to start a service if it requires admin permissions. (Even when Anyconnect service is running on PC at system level) Even more odd part is that I explicitly run this Posture process on user which is already admin of the local machine. It appears as it just did not work as it could have been Windows UAC which did not prompt for the elevation request.
I did include other commands with CMD in my tests, like creating a folder, just to confirm that application launch and command switches worked, and it did.
So if we say, Anyconnect is not able to start services like, this what is the general solution people use to achieve this, as having user just not compliant and been off the Compliant network is not quite an option, and having to raise a case with helpdesk, would also not count forward real remediation process.
01-25-2019 04:59 PM
01-29-2019 02:21 AM
Ok, thanks will give it a try
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide