Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC and Computer GPO/Published Apps

I've found a couple of places that describe NAC being able to issue a gpupdate once the user logs into the network. In my managed client environment I have Computer based GPO settings, computer startup scripts to push printer connections, and GPO based assigned applications.

If I enable NAC to control these computers, I'm effectively disabling the available to do computer based controls because no one has logged onto the machine? I'm scratcing my head on this one because ideally the computer would NOT have access to the domain controllers/application server until they been verified. That is the ideal situation right?

Could someone offer some guidance/link/pointer on how this process would not be broken without defesting the purpose of an OOB-VG deployment?

New Member

Re: NAC and Computer GPO/Published Apps

I just saw someone who posted a similar problem, anyone in the community have a suggestion about NAC and managed clients/GPO?

New Member

Re: NAC and Computer GPO/Published Apps

Resolution to the question - unfortunately the unauthenticated role must always be able to contact the domain controllers. Especially to support SSO.

Going to have to solve the real problem using Mirosoft features/IPSEC/CA's.

CreatePlease to create content