Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

371

372

373

374

375

376

377

378

379

380

9-65

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

dropdown to be able to view and select the pr_hotfix rules for each of those OS flavors (e.g.

pr_XP_Hotfixes, pr_XP_TabletPC_Hotfixes, and pr_XP_MCE_Hotfixes, respectively) in the

“Rules for Selected Operating System” list.

b. Choose one of the following options for Requirement met if:

–

All selected rules succeed (default)—all the rules must be satisfied for the client to be

considered in compliance with the requirement.

–

Any selected rule succeeds—at least one selected rule must be satisfied for the client to be

considered in compliance with the requirement.

–

No selected rule succeeds—the selected rules must all fail for the client to be considered in

compliance with the requirement.

c. Ignore the AV Virus/AS Spyware Definition rule options.

d. The Rules for Selected Operating System list will display all rules that exist in the system for the

chosen OS (pr_ rules or rules that you have configured). Click the checkbox for each rule you want

to enable for this requirement. Rules that are typically associated to this requirement are:

–

pr_AutoUpdateCheck_Rule (Windows XP (All)

–

pr_XP_Hotfixes (Windows XP Pro/Home)

–

pr_Vista_<version>_Hotfixes (Windows Vista Home Basic/Premium, Business, Ultimate,

Enterprise)

Note that all rules are listed under Device Management > Clean Access > Clean Access Agent >

Rules > Rule List.

e. Click Update to complete the mapping.

Step 4 Continue to the next steps—Apply Requirements to User Roles, page 9-92 and Validate Requirements,

page 9-93—to complete the configuration.

Configuring a Windows Update Requirement

The Agent “Windows Update” Requirement type configuration page allows administrators to check and

modify Windows Update settings, and launch Windows Updater on client machines where users have

Administrator privileges.

When this requirement is configured, the administrator can turn on Automatic Updates on

Windows Vista or Windows XP client machines which have this option disabled on the machine.

The Windows Update requirement (set to Optional by default) provides an Update button on the

(persistent) Agent for remediation. When the end user clicks the Update button, the Agent launches the

Automatic Updates Agent and forces it to get the update software from an external WSUS server. The

software download from the WSUS server may take some time. Therefore, Cisco recommends you keep

the Windows Update requirement Optional so that remediation occurs in the background.

Note The Cisco NAC Web Agent only supports Go To Link manual remediation and File Distribution

functionality. Cisco NAC Web Agent does not support Update or Launch remediation actions, nor does

it perform Auto Remediation.