NAC and Computer GPO/Published Apps

Unanswered Question
Aug 8th, 2007
User Badges:

I've found a couple of places that describe NAC being able to issue a gpupdate once the user logs into the network. In my managed client environment I have Computer based GPO settings, computer startup scripts to push printer connections, and GPO based assigned applications.

If I enable NAC to control these computers, I'm effectively disabling the available to do computer based controls because no one has logged onto the machine? I'm scratcing my head on this one because ideally the computer would NOT have access to the domain controllers/application server until they been verified. That is the ideal situation right?

Could someone offer some guidance/link/pointer on how this process would not be broken without defesting the purpose of an OOB-VG deployment?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joshua Warcop Mon, 08/13/2007 - 05:43
User Badges:

I just saw someone who posted a similar problem, anyone in the community have a suggestion about NAC and managed clients/GPO?

Joshua Warcop Wed, 08/15/2007 - 13:23
User Badges:

Resolution to the question - unfortunately the unauthenticated role must always be able to contact the domain controllers. Especially to support SSO.

Going to have to solve the real problem using Mirosoft features/IPSEC/CA's.


This Discussion