Hi John If you have users who are not local admins, you need to install the CCA Agent Stub (aka Clean Access Helper Agent) on their PCs. You can get it from the Cisco download site. It runs as SYSTEM, and proxies all Clean Access activities. It will probably fix the inconsistencies you are seeing on WSUS, and the "Unexpected Error" messages. It also means those users will be able to install updates to CCA itself Regards Max
_____ From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Williams, John Sent: 11 June 2008 16:26 To: [email protected] Subject: [CLEANACCESS] General CCA Questions We are attempting to roll out CCA Agent to all of our faculty and staff this summer and have encountered some issues. Curious if anyone has seen and has resolutions to the following: 1) Using a WSUS Windows critical Requirement, Non-Local Admins are prompted that Windows requires updates. When logged on as a local admin, it states there are no updates required. 1a) Is there a way to allow non local admins to install Windows Updates? 1b) Is there a way to allow non local admins to install Anti-Virus software (specifically Symantec) and keep the virus definitions up to date? 2) Cisco Clean Access Agent will occasionally not be able to tell the virus definition date of our Symantec software. When you click on Properties of Clean Access in the taskbar it is blank. However, the application states virus definitions are up to date. Only fix we have been able to identify is to uninstall and re-install Symantec AV. 3) Users who are on the domain get mapped drives pushed to them. On occasion the mapped drive works correctly and at times it does not (assuming a disconnect with being quarantined or posture assessed while the mapped drive is occurring). Best practice here? 4) Overall duration of CCA Agent posture assessment. It seems to take awhile on select computers and not so long on others. Theoretically the same assessments are being made. 5) 'Unexpected Error' when logging on as a non local admin and CCA Agent attempts to start. 6) Is there a best practice for 'public computers' like in the library? I hate to have computers have filters or ignore certain VLANs because this weakens the overall security of the network as these locations can easily introduce virii or other issues to the net. 7) CCA agent for Mac has not been deployed at all in our environment. What would be appropriate checks for a University environment? Currently on Windows boxes we are checking for Windows Updates (critical), Virus Software, Virus definition date, Auto Update enabled.
smime.p7s
Description: S/MIME cryptographic signature
