Cisco Cisco NAC Appliance 3390 Technisches Handbuch
Windows GPO Scripts and Cisco NAC
Interoperability
Interoperability
Document ID: 108539
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
General Recommendations for GPOs Scripts
General Recommendations for NAC Setup
Configure
Scenario 1
Scenario 2
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Background Information
General Recommendations for GPOs Scripts
General Recommendations for NAC Setup
Configure
Scenario 1
Scenario 2
Troubleshoot
Related Information
Introduction
This document provides a sample configuration for Windows GPO at PC startup and user logon to domain.
Windows GPO can be configured to run various scripts at PC startup and user logon to domain. The scripts
are often used by enterprise to configure environment variables, to map remote drives etc.
Windows GPO can be configured to run various scripts at PC startup and user logon to domain. The scripts
are often used by enterprise to configure environment variables, to map remote drives etc.
Cisco NAC controls access to the network when the user first connects and tries to logon to the Windows
machine.
machine.
The scripts can be classified as startup/shutdown and logon/logoff scripts.
Windows runs startup and shutdown scripts in machine context. This only functions if the NAC appliance
opens the appropriate network resources required by the script for the particular role when these scripts are
executed at PC bootup or shutdown, which typically is the unauthenticated role.
opens the appropriate network resources required by the script for the particular role when these scripts are
executed at PC bootup or shutdown, which typically is the unauthenticated role.
Logon and logoff scripts are executed in user context, which means that the logon script executes after the
user has logged in through windows GINA. The logon script can fail to execute and/or complete execution if
the user authentication or machine posture assessment does not complete and network access is not granted in
time. These scripts can also be interrupted by IP address refresh initiated by NAC agent after an OOB logon
event.
user has logged in through windows GINA. The logon script can fail to execute and/or complete execution if
the user authentication or machine posture assessment does not complete and network access is not granted in
time. These scripts can also be interrupted by IP address refresh initiated by NAC agent after an OOB logon
event.
Prerequisites
Requirements
There are no specific requirements for this document.