I would agree on the details button... as long as it only showed what they were failing, not sure it would be very helpful for our side if the users were able to see all the checks that were performed on their computers. Theodore Gates Network Technician Housing Technology Colorado State University 970-491-4734
On Mon, Feb 9, 2009 at 4:57 PM, Mike Diggins <[email protected]>wrote: > I Agree as well, or ensure the cisco checks agree with Microsoft Update, > right or wrong. It's the number one headache with this product. > > -Mike > > > > On Mon, 9 Feb 2009, Ben Fielden wrote: > > I second the details button. >> >> Ben Fielden >> ISS Student Technology Services >> The George Washington University >> >> >> >> Michael Simpson wrote: >> >>> My addition to the wish list: >>> Have a "Details" button on the agent that shows users exactly what scan >>> they failed, KB# and all. This would allow our more technically inclined >>> users to solve some of their own issues without coming to the help desk. It >>> would also be handy for support staff to see on the machine instead of >>> always consulting with the CA manager. >>> Michael >>> >>> >>> "Jeremy Wood" <[email protected]> 2/9/2009 2:28 PM >>> >>> I've always wondered what people would like to see out of this product >>> so I thought I would throw these ideas out there and see if anyone >>> else thought they would be useful or if there were maybe some other >>> big improvements people want to see. >>> >>> 1) Log of packets denied due to role traffic settings >>> >>> 2) Sending of logging information from HA-IP >>> >>> 3) Have CAM be able to check posture of clients without moving them to >>> UnAuth Role. I hear Bradford does this and I can see how it could make >>> the NAC experience much smoother and provide a possibly more secure >>> network if you are able to check client more often without >>> interrupting their session to do it. It does defeat the seemingly >>> 'pure' OOB approach CCA has though. >>> >>> 4) Have the agent run as a service and/or run before the windows logon >>> portion of boot up. So basically the agent could load, verify the >>> posture of the computer (although some checks might not work, basic >>> ones would) and then pass the logon credentials through to the windows >>> GINA and so a SSO that way. This would allow for things like logon >>> scripts/offline files/GPO to be applied without anything special going >>> on. At the same time though you present the issue of how to update a >>> client this way if it is out of compliance? I'd bet that most AV >>> updater's wouldn't work if they are called like this. >>> >>> Anyway, just my list. Thoughts or Additions? >>> >>> --Jeremy >>> >> >> > > _________________________________________ > > Mike Diggins Voice: 905.525.9140 Ext. 27471 > Network Analyst, Enterprise Networks FAX: 905.522.0511 > University Technology Services E-Mail: [email protected] > McMaster University, Hamilton, Ontario >
