Hi Dennis We don't find Cisco rules as quick as that, but they are a lot quicker than WSUS. However, we had so much trouble with Cisco rules that I wouldn't dream of using them again. I was getting two or three instances per day of CCA wanting patches that either weren't needed or couldn't be installed
Regards Max > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Xu > Sent: 22 August 2008 15:54 > To: [email protected] > Subject: Re: [CLEANACCESS] Semi-Clean Access? > > Max, > > Do you experience slower Agent login when using WSUS requirement > comparing to the using Cisco rules? I tested it in our lab > and it takes > around 30 secs for Agent login using WSUS requirement, and > sometimes I > got 1 minute to login. By using Cisco rules, normally it > takes 7-8 secs. > That is our major concern to using WSUS requirement. > > Dennis > > > Caines, Max wrote: > > Hi Rand > > > > We have used a mandatory WSUS requirement for a long time, > and it causes no > > problems at all (well, except maybe on Windows 2000 > clients). Also 3.1.6 > > fixes the bug that made it a bad idea to show the UI, so if > Cisco would fix > > the new Vista bug, I could even give people a progress indication. > > > > I'm not convinced that what CCA calls "Windows Update" > isn't using MUA > > anyway, because you can set it to use a local WSUS server, > and WSUS employs > > the MUA (see > http://office.microsoft.com/en-us/ork2003/HA100245941033.aspx). > > I'd either test it or try to find someone can give you a > definite answer > > > > Regards > > > > Max Caines > > IT Services, University of Wolverhampton > > Wolverhampton, West Midlands WV1 1SB > > Tel: 01902 322245 Fax: 01902 322777 > > > > > >> -----Original Message----- > >> From: Cisco Clean Access Users and Administrators > >> [mailto:[EMAIL PROTECTED] On Behalf Of Hall, Rand > >> Sent: 22 August 2008 14:57 > >> To: [email protected] > >> Subject: [CLEANACCESS] Semi-Clean Access? > >> > >> These have bothered me for a while... (but obviously not > >> enough to ask ;-) > >> > >> 1) Cisco recommends making Windows Update requirements optional: > >> > >> "The Windows Update requirement type is set to Optional (or > >> "do not enforce") by default to optimize user experience by > >> running the update process in the background. Cisco also > >> recommends leaving this requirement as Optional if selecting > >> the "Automatically download and install" option." > >> > >> I know that the Windows Update UI feedback is minimal and may > >> confuse the user a bit...but doesn't this in, large degree, > >> defeat a fundamental NAC goal--keeping unpatched PCs from > >> beating on others and vice versa? > >> > >> Am I missing something? > >> > >> For the record, I make the WU requirement mandatory but put > >> text in the description that encourages them to go to > >> windowsupdate.com if they get antsy. > >> > >> 2) With vulnerabilities moving away from the OS and to apps, > >> has anyone created a requirement to at least use the > >> Microsoft Update agent rather than Windows Update (so Office > >> gets patched, too)? > >> > >> 3) Firewall requirements? > >> > >> > >> Cheers, > >> Rand > >> > >> -- > >> Rand P. Hall * Director, Network Services > >> Merrimack College * SunGard Higher Education > >> 315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 > >> Fax 978-837-5383 * [EMAIL PROTECTED] * www.sungardhe.com > >> > >> CONFIDENTIALITY: This e-mail (including any attachments) > may contain > >> confidential, proprietary and privileged information, and > unauthorized > >> disclosure or use is prohibited. If you received this e-mail > >> in error, > >> please notify the sender and delete this e-mail from your system. > >> > >> >
smime.p7s
Description: S/MIME cryptographic signature
