LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

December 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS December 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: NAC Release 4.7.1 - Windows 7 Starter
From:	Dan Taube <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 15 Dec 2009 14:02:56 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

I was going to post on this shortly as I have also used this method to 
get Windows 7 Starter editions to log on successfully, but I was waited 
until my full process was complete. Also to note with this configuration 
we have verified that using Internet Explorer this will work exactly as 
you have detailed, but with Firefox our Starter edition netbook was 
labeled as WINDOWS_7_ALL; I assume it is an issue with the Java applet 
versus the ActiveX control.

To resolve the above I worked out a javascript snippet that checks for 
Windows 7 and then Firefox which causes a redirect. The page that loads 
informs the user that they must use Internet Explorer on Windows 7 to 
gain access. Once the user launches IE the OS is then determined by the 
ActiveX that Starter is WINDOWS_ALL and the other editions of 7 are 
WINDOWS_7.

Beyond this I have configured the Web Login to show the "Network Scanner 
User Agreement page" with the 'accept' and 'decline' buttons hidden. 
With this then I load a web page in the information area of the page 
which gives user a custom utility that checks for anti-virus and Windows 
automatic updates setting. If they meet the requirements then a HTTPS 
POST is sent to the cisco api to add their MAC address as clean and they 
are then able to have internet access.

This way while the Cisco NAC agent doesn't support Starter we are still 
able to ensure the system have at least our minimum expectation for 
compliance.

Dan Taube
Call Center Supervisor
Associate IT Support
University Computer Help Desk
Illinois State University

Murphy, Colin J wrote:
>
> Here is how to get the web logon to work for just Windows 7 Starter 
> and still keep the agent for the rest of Windows 7 versions.
>
> 1. Make sure you have a user page for all the Windows versions you 
> support including Windows_7_All and Windows_All.
>
> a. On the Windows_7_All and Windows_All user pages, make sure you 
> check “Use web client to detect client MAC address and Operating 
> System.” This will make the NAC detect Windows 7 starter as Windows_All.
>
> 2. Under Device Management/Clean Access/General Setup/Agent Login, 
> make sure you have the following:
>
> a. For each role make sure windows_all does not require the agent.
>
> b. For rest of the windows operating systems, you can check to require 
> the agent including windows_7_all.
>
> Thanks,
>
> Colin Murphy
>
> Communication Network Analyst
>
> Information Technology Services
>
> The University of South Dakota
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU