I was going to post on this shortly as I have also used this method to
get Windows 7 Starter editions to log on successfully, but I was waited
until my full process was complete. Also to note with this configuration
we have verified that using Internet Explorer this will work exactly as
you have detailed, but with Firefox our Starter edition netbook was
labeled as WINDOWS_7_ALL; I assume it is an issue with the Java applet
versus the ActiveX control.
To resolve the above I worked out a javascript snippet that checks for
Windows 7 and then Firefox which causes a redirect. The page that loads
informs the user that they must use Internet Explorer on Windows 7 to
gain access. Once the user launches IE the OS is then determined by the
ActiveX that Starter is WINDOWS_ALL and the other editions of 7 are
WINDOWS_7.
Beyond this I have configured the Web Login to show the "Network Scanner
User Agreement page" with the 'accept' and 'decline' buttons hidden.
With this then I load a web page in the information area of the page
which gives user a custom utility that checks for anti-virus and Windows
automatic updates setting. If they meet the requirements then a HTTPS
POST is sent to the cisco api to add their MAC address as clean and they
are then able to have internet access.
This way while the Cisco NAC agent doesn't support Starter we are still
able to ensure the system have at least our minimum expectation for
compliance.
Dan Taube
Call Center Supervisor
Associate IT Support
University Computer Help Desk
Illinois State University
Murphy, Colin J wrote:
Here is how to get the web logon to work for just Windows 7 Starter
and still keep the agent for the rest of Windows 7 versions.
1. Make sure you have a user page for all the Windows versions you
support including Windows_7_All and Windows_All.
a. On the Windows_7_All and Windows_All user pages, make sure you
check “Use web client to detect client MAC address and Operating
System.” This will make the NAC detect Windows 7 starter as Windows_All.
2. Under Device Management/Clean Access/General Setup/Agent Login,
make sure you have the following:
a. For each role make sure windows_all does not require the agent.
b. For rest of the windows operating systems, you can check to require
the agent including windows_7_all.
Thanks,
Colin Murphy
Communication Network Analyst
Information Technology Services
The University of South Dakota
