System Settings
Matching Windows Domain Policies to NAC Policies
Using a Windows domain might affect the end-user's ability to change their
system configuration to pass the tests. For example, in a corporate environ-
ment, each machine gets their domain information from the domain controller,
and the user is not allowed to change any of the related settings, such as
receiving automatic updates and other IE security settings.
The NAC 800 administrator needs to make sure the global policy on their
network matches the NAC policy defined, or skip the test.
For example, if the global network policy is to not allow Windows automatic
updates, any user attempting to connect through the High security NAC policy
fails the test, and is not able to change their endpoint settings to pass the test.
In this example, change the NAC policy to not run the Windows automatic
update test:
NAC 800 Home window>>NAC policies
1.
Select the NAC policy that tests the domain's endpoints.
Select the Tests menu option.
2.
Clear the Windows automatic updates check box.
3.
Click ok.
4.
Setting the Access Mode
The access mode selection is a quick way to shut down all traffic into an
Enforcement cluster, or open it up for trial-use purposes.
To change the access mode:
NAC 800 Home window>>System monitor>>Select an Enforcement cluster
1.
Select one of the following from the Access mode area:
normal – Access is regulated by the NAC policies
•
allow all – All requests for access are granted, but endpoints are still
•
tested
System Administration
System Settings
13-5