i am setting up an ISE for dot1x and posture checking, I am unable to find a way to check for a policy whereby the laptop/workstation is a domain machine. So far, the rules and config guides are looking at ExternalGroups member of, but these are the log in credentials of the user and they can still pass the rule eventhough the machine is not a domain machine.
There is a registry key for domain machine, but this check is too easy to spoof. Is there any more effcient and "better" way to check for domain machine for posture check?
Thanks and regards,