Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

341

342

343

344

345

346

347

348

349

350

9-39

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

This section describes how to configure requirements on the CAM so that the Agent can perform posture

assessment and remediation on client machines.

• Overview, page 9-1

• Configuring AV/AS Definition Update Requirements, page 9-41

• Configuring a Windows Server Update Services Requirement, page 9-57

• Configuring a Windows Update Requirement, page 9-64

• Configuring Custom Checks, Rules, and Requirements, page 9-70

• Configuring a Launch Programs Requirement, page 9-85

• Map Requirements to Rules, page 9-90

• Apply Requirements to User Roles, page 9-92

• Configuring Auto Remediation for Requirements, page 9-98

Overview

To work with a Windows 8.1 client, you need to download and apply a patch. Refer to Release Notes for

Cisco NAC Appliance, Version 4.9(4) for more information.

Requirements

To perform posture assessment for client machines running the Cisco NAC Agent or Cisco NAC Web

Agent, you need to configure and implement requirements based on the type of client validation you

want to perform for the client operating system. Requirements are used to implement business-level

decisions about what users must (or must not) have running on their systems to be able to access the

network. The requirement mechanism maps one or more rules that you want clients in a user role to meet

to the action you want those users to take if the client fails the rules. When you create a new requirement,

you choose from one of several different requirement types (e.g. AV Definition Update) to configure

options, buttons, and remediation instructions the Agent dialogs present to the user when the client fails

the requirement. For detailed instructions on creating the different requirement types, see:

• Configuring AV/AS Definition Update Requirements, page 9-41

• Configuring a Windows Server Update Services Requirement, page 9-57

• Configuring a Windows Update Requirement, page 9-64

• Configuring Custom Checks, Rules, and Requirements, page 9-70

• Configuring a Launch Programs Requirement, page 9-85

Note Most requirement remediation actions (like Windows Updates and AV/AS support updates) require the

user to have administrator privileges on the client machine. Therefore, Cisco recommends you ensure

that users of client machines undergoing posture assessment and remediation have administrator-level

privileges.