Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need a rule on NAC to Deny Access to XP machines

We are running NAC 4.9.1 and I am trying to think of a way to deny any Windows XP client from getting full network acces. I created a new check that looks at the registry key under:

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName

 

For any string that contains "Windows XP". I have it on Audit right now and I can see in the logs the XP mahcines are hitting this requirement.

 

Now, how can I deny on this check?

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hello, The NAC itself has on

Hello,

 

The NAC itself has on the compliance rules the different OS's that you want to allow on your network.

 

Just create a compliance rule saying that you only allow windows 7. This will work much better than the registry condition.

 

I used to support this product back in Cisco but unfortunately I dont have access to one NAC server so I dont remember where is this option exactly.

 

If you need more assistance feel free to ask and I will be happy to assist.

 

Regards,

 

Erdelgad

1 REPLY
New Member

Hello, The NAC itself has on

Hello,

 

The NAC itself has on the compliance rules the different OS's that you want to allow on your network.

 

Just create a compliance rule saying that you only allow windows 7. This will work much better than the registry condition.

 

I used to support this product back in Cisco but unfortunately I dont have access to one NAC server so I dont remember where is this option exactly.

 

If you need more assistance feel free to ask and I will be happy to assist.

 

Regards,

 

Erdelgad

74
Views
5
Helpful
1
Replies
CreatePlease to create content