Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 Feb 2009 18:57:05 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
I Agree as well, or ensure the cisco checks agree with Microsoft Update,
right or wrong. It's the number one headache with this product.
-Mike
On Mon, 9 Feb 2009, Ben Fielden wrote:
> I second the details button.
>
> Ben Fielden
> ISS Student Technology Services
> The George Washington University
>
>
>
> Michael Simpson wrote:
>> My addition to the wish list:
>> Have a "Details" button on the agent that shows users exactly what scan
>> they failed, KB# and all. This would allow our more technically inclined
>> users to solve some of their own issues without coming to the help desk.
>> It would also be handy for support staff to see on the machine instead of
>> always consulting with the CA manager.
>> Michael
>>
>> >>> "Jeremy Wood" <[log in to unmask]> 2/9/2009 2:28 PM >>>
>> I've always wondered what people would like to see out of this product
>> so I thought I would throw these ideas out there and see if anyone
>> else thought they would be useful or if there were maybe some other
>> big improvements people want to see.
>>
>> 1) Log of packets denied due to role traffic settings
>>
>> 2) Sending of logging information from HA-IP
>>
>> 3) Have CAM be able to check posture of clients without moving them to
>> UnAuth Role. I hear Bradford does this and I can see how it could make
>> the NAC experience much smoother and provide a possibly more secure
>> network if you are able to check client more often without
>> interrupting their session to do it. It does defeat the seemingly
>> 'pure' OOB approach CCA has though.
>>
>> 4) Have the agent run as a service and/or run before the windows logon
>> portion of boot up. So basically the agent could load, verify the
>> posture of the computer (although some checks might not work, basic
>> ones would) and then pass the logon credentials through to the windows
>> GINA and so a SSO that way. This would allow for things like logon
>> scripts/offline files/GPO to be applied without anything special going
>> on. At the same time though you present the issue of how to update a
>> client this way if it is out of compliance? I'd bet that most AV
>> updater's wouldn't work if they are called like this.
>>
>> Anyway, just my list. Thoughts or Additions?
>>
>> --Jeremy
>
_________________________________________
Mike Diggins Voice: 905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks FAX: 905.522.0511
University Technology Services E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario
|
|
|