Table of Contents
Advertisement
Section 3.17.3, "Accessible Services," on page
quarantined IP address, the users can gain access to the shares by logging out of Windows and
logging back into Windows. Rebooting the endpoints also works, but is not necessary.
7.7 Untestable Endpoints and DHCP Mode
If you have an endpoint that does not have a supported operating system, you can allow access or
quarantine the endpoint. The current supported operating systems are listed in
"Endpoints Supported," on page
If you allow an untested endpoint to have access, there are several important items to keep in mind.
The IP address granted by your DHCP server has a lease expiration period that cannot be affected by
the Novell ZENworks Network Access Control server. Once an untested endpoint has been allowed
access and assigned a non-quarantined IP address by your DHCP server, that endpoint has continual
access through that IP address until the IP address lease expires. For example, you are not be able to
quarantine that endpoint (or affect any other action on that endpoint) with Novell ZENworks
Network Access Control until the lease expires. It is not unusual for system administrators to set a
lease expiration time of three or more days.
NOTE: The access status column on the Endpoint activity window shows unable to quarantine, and
the action cannot complete until the IP address lease expires.
TIP: It is strongly recommended that if you are going to allow untested endpoints on your network,
you set extremely short lease times (use hours rather than days) on your DHCP server.
This process results in the following condition for an untested endpoint:
When new end-users log in for the first time, are tested, and are allowed access, there is up to a
three-minute delay between the time the Novell ZENworks Network Access Control server
determines that they are allowed access and the point at which they are actually allowed access,
potentially causing concern to the end-user. This uncertainty is due to the three-minute lease on the
temporary quarantined IP address assigned during the initial login process. Once the lease expires
(in at most, three minutes), a new IP address (the non-quarantined IP address) can be assigned and
access is actually granted.
To define access settings for non-supported operating systems, see
supported OS Access Settings," on page
7.8 Windows Domain Authentication and
Quarantined Endpoints
In order to satisfy the following scenarios:
A guest user gets redirected
A user is redirected if their home page is the Intranet
The only host that is resolved is the domain controller (DC); and no other intranet hosts are
resolved.
Windows domain authentication can take place from quarantine with minimal configuration
222 Novell ZENworks Network Access Control Users Guide
119). Once the endpoints are assigned a non-
158.
211.
Section 5.2,
Section 6.3.12, "Defining Non-
Advertisement
Table of Contents
