Yea, I'm with Greg on this. How would you know whose permissions to
apply if they have yet to log in?
Here at GW we do two tiers of blocking. If we get a notification that
the user needs to be turned off (disciplinary action, legal action, etc)
than their account gets the problem role and their only access is to an
"Access Denied - Call Student Technology Services" site. If the issue is
the machine that they're on (bandwidth use, file sharing, security issue
of some kind, etc) than the MAC gets filtered in the manager to use that
same role and they only get access to that same site. Sometimes both of
these methods have to be applied together if a user gets his/her
roommate to login for them.
Ben Fielden
Student Technology Services
The George Washington University
Greg Schaffer wrote:
I think by definition the user has to authenticate (“log in”) so as to
identify a restricted role the user can then be placed in. If the user
doesn’t log in, how would you know what user to apply policy to?
Greg
Greg Schaffer, CISSP
Director of Network Services
Middle Tennessee State University
------------------------------------------------------------------------
*From:* Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] *On Behalf Of *Miller, Paul
*Sent:* Friday, April 18, 2008 9:22 AM
*To:* [email protected]
*Subject:* Block user
Can anyone tell me if there is a way to restrict a user from logging
in to Clean Access. I noticed that I can restrict a device, but no
options for a user.
Paul Miller
Network Administrator
Dominican University
River Forest, IL
708-524-6641
