02-17-2018 05:30 AM - edited 07-05-2021 08:15 AM
Hi
I recently installed Cisco ISE 2.3 and I want to create a policy that only Users and computers Join to the domain can connect to the network. I'll use the policy below:
I also have the following configurations:
But a number of users occasionally encounter this problem:
According to reports, when users Lock or Sleep computers, this problem is most likely to occur.
Please guide me about this.
Thankful
02-17-2018 08:52 AM
The screenshot you provided is related to the integration between ISE and Domain. This is actually required but it is not there where you are going to enforce that Users and Machine gets authenticated in order to proceed in the network.
There is one way to achieve Machine+User authentication through ISE. You need to create two rules in Authorization policy as below
1st Rule :
ExternalGroups==Domain Computers
With the 1st rule , machine will get authorized access when machine boots up ( Before user enters his credentials)
2nd Rule:
NetworkNAccess:WasMachineAuthenticated ==True
AND
ExternalGroups==Domain Users
User will enter credentials and he will get authorized access because of 2nd Rule.
The Windows clients need to be proper configured either locally or using GPO.
-If I helped you somehow, please, rate it as useful.-
02-17-2018 09:52 PM - edited 02-17-2018 11:32 PM
Thank you for your support @Flavio Miranda
But I sent this screenshot to my previous question:
I think it's exactly the rolls you said.
My problem is with the users who Lock or sleep or Hibernate their computers.
Sometimes I encounter the problem I mentioned above.
Thanks
02-18-2018 02:38 AM
I can't see the screenshot, could attach it again?
-If I helped you somehow, please, rate it as useful.-
03-18-2018 12:01 AM - edited 03-18-2018 12:10 AM
Sorry for the delay @Flavio Miranda
I Attached again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide