Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
5
Helpful
3
Replies

Looking for Results of DAP for historic purposes

Go to solution
lhoyle
Level 1
Level 1

‎03-22-2016 02:13 PM

In an effort to eliminate some of our Dynamic Access Policies, I am wondering if there is any log entries made from DAP? I see the DAP hits in my real time log viewer, it just doesn't provide very much information. I am specifically wondering if any of our users are using EOL Operating Systems like XP and ugh, Vista.

TIA,

Lee

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Unger
Level 7
Level 7

‎03-25-2016 11:50 AM

Hi There,


You can see the Windows build version inside of the DAP trace if your ASDM log viewer is set to the debug level.

For example, here is a screenshot of the ASDM log viewer on a successful AnyConnect login:



We can see the following from the example:

A. The device is a Windows device.

endpoint.anyconnect.platform = "win"

B. The platform version is "6.1.7601 Service Pack 1".

endpoint.anyconnect.platformversion="6.1.7601 Service Pack 1"


Once we know the platform version, we can get the OS name by cross referencing it to this table:

Operating system Version number
Windows 10 10.0*
Windows Server 2016 Technical Preview 10.0*
Windows 8.1 6.3*
Windows Server 2012 R2 6.3*
Windows 8 6.2
Windows Server 2012 6.2
Windows 7 6.1
Windows Server 2008 R2 6.1
Windows Server 2008 6.0
Windows Vista 6.0
Windows Server 2003 R2 5.2
Windows Server 2003 5.2
Windows XP 64-Bit Edition 5.2
Windows XP 5.1
Windows 2000 5.0

Official link to table:
https://msdn.microsoft.com/en-ca/library/windows/desktop/ms724832(v=vs.85).aspx

Based on the information from the table, we know that the client connecting is running Windows 7 SP1 or Windows Server 2008 SP1 since the "platform version" starts with 6.1.


Let us know if this helps!

*** Please rate helpful posts and mark answers as correct so the community can benefit ***

View solution in original post

3 Replies 3

Go to solution
Jonathan Unger
Level 7
Level 7

‎03-25-2016 11:50 AM

Hi There,


You can see the Windows build version inside of the DAP trace if your ASDM log viewer is set to the debug level.

For example, here is a screenshot of the ASDM log viewer on a successful AnyConnect login:



We can see the following from the example:

A. The device is a Windows device.

endpoint.anyconnect.platform = "win"

B. The platform version is "6.1.7601 Service Pack 1".

endpoint.anyconnect.platformversion="6.1.7601 Service Pack 1"


Once we know the platform version, we can get the OS name by cross referencing it to this table:

Operating system Version number
Windows 10 10.0*
Windows Server 2016 Technical Preview 10.0*
Windows 8.1 6.3*
Windows Server 2012 R2 6.3*
Windows 8 6.2
Windows Server 2012 6.2
Windows 7 6.1
Windows Server 2008 R2 6.1
Windows Server 2008 6.0
Windows Vista 6.0
Windows Server 2003 R2 5.2
Windows Server 2003 5.2
Windows XP 64-Bit Edition 5.2
Windows XP 5.1
Windows 2000 5.0

Official link to table:
https://msdn.microsoft.com/en-ca/library/windows/desktop/ms724832(v=vs.85).aspx

Based on the information from the table, we know that the client connecting is running Windows 7 SP1 or Windows Server 2008 SP1 since the "platform version" starts with 6.1.


Let us know if this helps!

*** Please rate helpful posts and mark answers as correct so the community can benefit ***

Go to solution
lhoyle
Level 1
Level 1
In response to Jonathan Unger

‎03-25-2016 12:25 PM

Thank you so much!

0 Helpful

Go to solution
Jonathan Unger
Level 7
Level 7
In response to lhoyle

‎03-25-2016 12:27 PM

You are very welcome, glad to help!

0 Helpful
Customers Also Viewed These Support Documents