LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Displaying users messages via the CCA Agent
From:	Michael Grinnell <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Mon, 21 Aug 2006 12:28:29 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

In 3.5.x the Network AUP worked like a non-enforced requirement, it  
always showed them a message when they logged in.  As of 3.5.4 or so,  
it was also broken, i.e. if you didn't click yes, it still let you on  
the network.

Re: OP, you can create a Windows_All requirement that tests for "! 
(AU_regIsWindows95 | AU_regIsWindows98 | AU_regIsWindowsMe)" that  
will point users to a web page explaining why they are blocked.
The checks referenced there are Registry Value checks that check HKLM 
\SOFTWARE\Microsoft\Windows\CurrentVersion\Version starts with  
"Windows 98"

HTH,

Michael Grinnell
Network Security Administrator
The American University

On Aug 21, 2006, at 12:04 PM, King, Michael wrote:

> Hi Eliott,
>
> 1.  Yes, they most likely already had the agent.
> 	A.  Create a check that checks for the Windows version, and
> fails if it isn't what you want.
> 2.   Also, is  there a way to display system messages in the agent  
> after
> they login but before they gain access?
> 	Possibly, would the Network Acceptable use agreement work in
> this case?  (I've never tried the feature)
>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List
>> [mailto:[log in to unmask]] On Behalf Of Franklin, Elliott
>> Sent: Monday, August 21, 2006 11:57 AM
>> To: [log in to unmask]
>> Subject: Displaying users messages via the CCA Agent
>>
>> This is an excellent list and I really appreciate the Cisco
>> folks that monitor and contribute.
>>
>> I have a question as the students are returning this week.  I
>> created some user pages trying to block users that have any
>> windows OS below 2000 but it appears, based on the online
>> users report that this didn't work since I see users with
>> Windows 98 logged in.  My question, if a user already has the
>> agent installed, is there any way to block them from gaining
>> access to the network simply based on their OS?  Also, is
>> there a way to display system messages in the agent after
>> they login but before they gain access?  Such a message might
>> say that the network will be unavailable for maintenance
>> tonight from 10PM-2AM?
>>
>> Thanks!
>>
>> Elliott
>>
>> Elliott Franklin, CISSP
>> Information Security Analyst
>> Texas State University-San Marcos
>> http://www.vpit.txstate.edu/security
>> 512.245.2501

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU