Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Posture Check for Domain Machine

Hi,

i am setting up an ISE for dot1x and posture checking, I am unable to find a way to check for a policy whereby the laptop/workstation is a domain machine. So far, the rules and config guides are looking at ExternalGroups member of, but these are the log in credentials of the user and they can still pass the rule eventhough the machine is not a domain machine.

There is a registry key for domain machine, but this check is too easy to spoof. Is there any more effcient and "better" way to check for domain machine for posture check?

Thanks and regards,

WK Peck

142
Views
0
Helpful
0
Replies
CreatePlease to create content