Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA Policies for dynamic users


We are going to start with our CSA deployment (CSA Ver 6.0.2) and having following points to be clarify. Appreciate if someone can advise me on the bellow points:

1) How  policies to be dynamically applied to the user, independent of which workstation / server the user is logging on to. This way IT support staff should be able to troubleshoot or login to user's PCs regardless of its installed policies.

In other way... policies to be applied based on users accounts (users login name or Active directory name)

2) how much bandwidth/traffic will consume to run 200 agents to communicate with MC Server (as some of the clients are located remotely via microwave link)

3) What are best practise to run the policies for agents and severs.

We going to have 1000 clients with 100 servers.

Thanks in advance.


Re: CSA Policies for dynamic users

1. User states is how we apply policies based on username no matter which workstation they are logged in to.

2. Bandwidth has rarely been an issue except when agent software updates. Polling intervals can be adjusted for slow sites if this is an issue.

3. This questions is rather broad and it depends on many factors.



New Member

Re: CSA Policies for dynamic users

Hi Tom,

Many thanks for your response.!

With regard to policies for dynamic users, could you please explain how we can deploy policies for the user with user states?. Can there be agent kit with policies having user states and system states combined?.

Actually as I described earlier in my query, I need to know how we deploy policies with agent kit on the following situation.

I have normal users with restricted policies, however when admin or IT support staff want to use or access the same system those policies should not be applicable rather admin/IT support staff should have their policies effected once they login to the same system.

Thanks in advance.


Re: CSA Policies for dynamic users

I use user states to allow admin users to do things by using a rule module that applies only to them.

Look at the built in user state sets to become familiar with the structure.  If you use AD to define roles, you can create user state sets that include certain AD groups and assign them to rule modules that allow the activities you want them to perform.

For example, I have an AD group called AD\ServiceDesk.  I created a user state set called AD Service Desk Members with users matching and groups matching AD\ServiceDesk.

I created a rule module that allows activities that are denied by other rule modules and applied the user state set to it.

I associated it with the standard Desktop policy that is associated with the group.

Any member of that group can do things on any host in the Desktops group but standard users cannot.


New Member

Re: CSA Policies for dynamic users

Hi Tom,

Many thanks for your reply and it was really clear explanation what I wanted to do and I really appreciated a lot..

However this is our pilot project and we going to start with 1000 clients and 100 servers. Client was concerned the above requirement and I'm glad that I will be able to fulfill now

Should I have any further issues, I will post in the netpro and looking forward your answers.. let me know how do I rate this..