Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
2
Replies

NAC and Computer GPO/Published Apps

Joshua Warcop
Level 5
Level 5

‎08-08-2007 05:18 AM - edited ‎02-21-2020 01:38 AM

I've found a couple of places that describe NAC being able to issue a gpupdate once the user logs into the network. In my managed client environment I have Computer based GPO settings, computer startup scripts to push printer connections, and GPO based assigned applications.

If I enable NAC to control these computers, I'm effectively disabling the available to do computer based controls because no one has logged onto the machine? I'm scratcing my head on this one because ideally the computer would NOT have access to the domain controllers/application server until they been verified. That is the ideal situation right?

Could someone offer some guidance/link/pointer on how this process would not be broken without defesting the purpose of an OOB-VG deployment?

0 Helpful
2 Replies 2

Joshua Warcop
Level 5
Level 5

‎08-13-2007 05:43 AM

I just saw someone who posted a similar problem, anyone in the community have a suggestion about NAC and managed clients/GPO?

0 Helpful

Joshua Warcop
Level 5
Level 5

‎08-15-2007 01:23 PM

Resolution to the question - unfortunately the unauthenticated role must always be able to contact the domain controllers. Especially to support SSO.

Going to have to solve the real problem using Mirosoft features/IPSEC/CA's.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card