Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4749
Views
0
Helpful
1
Replies

Windows Mapped Drive Missing if Login with Anyconnect

Go to solution
geeyc5113
Level 1
Level 1

‎04-29-2018 07:36 PM

We have deployed NAC at one of our client sites.  Recently, we just noticed that one of the department is having the Map drive issue.  They have an application will run on the specific Mapped drive.  After we turn on the posture monitoring mode, the whole department PC mapped drive missing, thus causing the application unable to run.  Users have to remap the drive everytime after logon to the windows.

Is there any solution for this?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pcarco
Cisco Employee
Cisco Employee

‎05-03-2018 11:41 AM

Best Practices for Network Drive Mapping with Posture

During posture assessment of a Windows endpoint, the endpoint user may encounter a delay in accessing the desktop. This may be due to Windows trying to restore the file server drive letter mappings before providing the user access to the desktop. The best practices to avoid the delay during posture are: 

  •   Endpoints should be able to reach the Active Directory server because the file server drive letter cannot be mapped without reaching the AD. When posture (with AnyConnect ISE posture agent) triggers, it blocks access to AD, causing delay in login. Use Posture Remediation ACLs to provide access to AD servers before posture is completed. 
  •   You should set a delay for the login script until posture completes and then you have to set the Persistence attribute to NO. Windows tries to reconnect all the network drives during login and this cannot be done until AnyConnect ISE posture agent gains full network access. 

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies [Cisco Identity Ser…

Best regards,

Paul

View solution in original post

0 Helpful
1 Reply 1

Go to solution
pcarco
Cisco Employee
Cisco Employee

‎05-03-2018 11:41 AM

Best Practices for Network Drive Mapping with Posture

During posture assessment of a Windows endpoint, the endpoint user may encounter a delay in accessing the desktop. This may be due to Windows trying to restore the file server drive letter mappings before providing the user access to the desktop. The best practices to avoid the delay during posture are: 

  •   Endpoints should be able to reach the Active Directory server because the file server drive letter cannot be mapped without reaching the AD. When posture (with AnyConnect ISE posture agent) triggers, it blocks access to AD, causing delay in login. Use Posture Remediation ACLs to provide access to AD servers before posture is completed. 
  •   You should set a delay for the login script until posture completes and then you have to set the Persistence attribute to NO. Windows tries to reconnect all the network drives during login and this cannot be done until AnyConnect ISE posture agent gains full network access. 

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies [Cisco Identity Ser…

Best regards,

Paul

0 Helpful
Customers Also Viewed These Support Documents