Specifications
9-68
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
Step 4 Choose the Priority of execution for this requirement on the client. A high priority (e.g. 1) means this
requirement is checked on the system ahead of all other requirements (and appears in the Agent dialogs
in that order). Note that if this is a Mandatory requirement and it fails, the Agent does not continue past
that point until that requirement succeeds.
Step 5 If you want to enable and configure Auto Remediation for the Agent:
a. Choose the Remediation Type [Manual | Automatic] from the dropdown menu. Choosing Manual
preserves previous Agent behavior. The user has to click through each of the requirements using the
Next/Skip button in the Agent. Choosing Automatic sets the Agent to perform Auto Remediation,
where the Agent automatically performs updates or launches required programs on the client after
the user logs in.
b. If you configure the requirement to use automatic remediation, specify the Interval in seconds (the
default interval is 0). Depending on the requirement type, this interval either sets the delay before
the Agent re-attempts remediation or sets the total time allowed for a particular remediation process.
c. Enter the Retry Count []. Specifying a retry count sets a limit on the number of times the Agent
automatically retries the requirement if it initially fails. (The default retry count setting is 0.)
For details on configuring Auto Remediation, see Configuring Auto Remediation for Requirements,
page 9-98.
Note The Cisco NAC Web Agent does not support Auto Remediation.
Step 6 From the Windows Update Setting dropdown, choose one of the following options:
• Do not change setting
• Notify to download and install
• Automatically download and notify to install
• Automatically download and install
These settings correspond to the Automatic Updates dialog settings on the Windows client
(Figure 9-29)
Step 7 Click the checkbox for Permanently override user setting with administrator Windows Update
Setting, if you want to enforce your administrator-specified setting for Automatic Updates on all client
machines during and after Windows Update. If left unchecked, the admin setting will only apply when
Automatic Updates are disabled on the client; otherwise the user setting applies when Automatic
Updates are enabled.
Step 8 For the Requirement Name, type a unique name to identify this requirement in the Agent. The name
will be visible to users on the Agent dialogs.
Step 9 In the Description field, type a description of the requirement and instructions to guide users who fail
to meet the requirement, including instructions for Agent users to click the Update button to update their
systems. Note that Windows Update displays the Update button on the Agent.
Note Some of the default user messages in the Agent dialogs are very similar between various rules and/or
requirements. To ensure the user clearly understands the remediation issue at hand, Cisco strongly
recommends providing an appropriate message in this field describing the nature and purpose of the
given function.
Step 10 Click one or more of the following checkboxes to set the Operating System(s) for the requirement:
• Windows XP (All) or one or more of the specific Windows XP operating systems