Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA 4.5 User State Policy, DOESN'T WORK for Groups

I've tried creating a user-state policy in CSA 4.5 which makes the Agent UI available for a specific group called "PC Admins", but it does not work.

If I list the user accounts individually, then the policy does work.

I'm refraining from using the built in "Administrators" (local admins) group defined by CSA because some machines in our environment require local admin rights for a REGULAR end user due to legacy applications, but I don't want them to have the Agent UI available.

That is why we have a separate PC Admins group.

Has anyone gotten User-State policies to work with groups?

7 REPLIES
New Member

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

bump

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

Maybe you could show us your group definition in the user state policy that you created, that would help in finding the problem. Also, check the diagnostic in the host view on the csamc to see if the client has detected that it is in that specific group.

New Member

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

i have the user state set configured as:

users matching: but not:

groups matching: but not:

New Member

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

Use the windows SID for the group not the name of the group.

New Member

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

i've tried this. does the sid have to be in brackets?

ex. <"sid">

or just the sid?

New Member

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

bump

Re: CSA 4.5 User State Policy, DOESN'T WORK for Groups

i don't think you need brackets, either for the sid or the groupname option

119
Views
0
Helpful
7
Replies