Cisco ISE to check Windows Firewall is enabled or not in Posture Requirement.

Similar Messages

• NAC check windows firewall

  Hi,
  Is there a NAC CCA check to see whether the windows firewall is enabled or not?
  Thanks,
  Wei

  Hi,
  Thanks for the reply. I am looking at the ICF firewall. Do you know what's the pre-configured check/rule name for it.
  Anyway, after googled on the internet, I found the ICF firewall was controlled by the following registry setting. I manually created a check/rule. It seems working. Now I will further find out what's the registry related to the vista windows firewall.
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\]
  "EnableFirewall"=dword:1
  Regards,
  Wei

• Cisco ISE and New Version of AntiVirus...not DAT

  So I have ISE ready to go for our VPN users. Testing has been great and it looks like we are ready to roll out.
  Then comes along a new version of our corporate AntiVirus software. We have had Kaspersky EndPoint Security v8 since last August. Now Kaspersky has released Endpoint Security v10. It took about 3 months for the Compliance Module in ISE to allow NAC Agent to recognise KESv10. But now when we connect I get an error from NAC stating bascially that the version of KES installed doesn't have any posture/rules setup and it can't do anything. (see attached for exact wording)
  I remember when we first set the ISE up there was a screen that broke down the different AV makers, and the various versions that ISE/NAC would support. I have no idea where that is now.
  How to I update my policies/remediation/rules to reflect either including KES10, or just change them to allow version 8+, or even ANY version?
  I am sure this is a simple fix, but I just can't find it. I have looked through a lot of documentation, and I even looked through a Global Lab PDF on setting up ISE posturing and can't find it there.
  Thanks,
  Dirk

  Well I am now seeing that, yes the NAC agent recognizes Kaspersky Endpoint Security v10, but I was able to see in the ISE settings that REMEDIATION ACTION is NOT supported. WHY would this be? And how/when will this be fixed....this completely invalidiate a MAIN puprose for implementing ISE to keep our A/V definitiions updated.
  Why would you implement support for antivirus if you don't support the remediation of it?!?!?!??
  VERY aggrivating Cisco....VERY!!!

• Adobe CS3 Windows 7 installation says does not meet minimum requirements

  I am trying to install Adobe Creative Suite 3 Design Premium on a brand new Windows 7 machine (32-bit). It is a downloaded copy from Adobe's website.
  When I start the install process, it takes me to the "Options" Screen and will not let me install Photoshop, Illustrator, or InDesign. All those options are grayed out.
  At the bottom, the reason it gives is as follows:
  "The minimum system requirements listed below needed to run adobe photoshop cs3 are required and are not met:
  - Windows XP (Service Pack 2)
  - Windows Vista"
  It gives the same error for the other 2 programs as well.
  I have tried the following troubleshooting steps already with no luck:
  1. Run Setup.exe as Administrator
  2. Run Setup.exe in compatibility mode (either as Windows XP SP2, or Windows Vista)
  3. Logged-in to Administrator profile and tried installing from there
  4. did the regsvr32 on both vbscript.dll and jscript.dll.
  5. Tried the CS3 cleanup tool at multiple levels.
  6. Made sure there are no other Adobe products installed
  7. Called Adobe Tech support, they are no help. They said to re-install the OS, which doesn't make any sense since it's a clean install.
  No AV installed yet, so that's not the issue either.
  Any ideas?

  I realise I'm a bit late to the party here.. but after spending a few hours going through the Adobe CS3 Bootstrapper and Install process and files, I have the answer to why Windows 7 does not meet the minimum requirements.
  The answer is in the xml files contained in the payloads for the CS3 Installation.
  Line 72786 of AdobeIllustrator13en_US.proxy.xml :
  <SystemRequirementsJSON>[
       {"OS":{"Windows":{"XP":{"Exclude":true,"Require":{"MinServicePack":"2","@servicePack64Bit" :1
  ,"Need64Bit":"0"}},"Server2003":{"Exclude":true},"Vista":{"Require":true}}},
                                "Memory":{"System":{"Default":{"Require":"512","Exclude":"500"}}},
                                "Display":{"Default":{"Require":{"Width":"1024","Height":"768"},"Exclude":{"Width":"800"," Height":"600"}}}
  ]</SystemRequirementsJSON>
  Basically it is this: For Adobe Illustrator CS3 the following is supported: Windows XP SP2, or Vista ONLY
  Not Windows XP SP2 or above, or Windows XP SP2 and Vista or above ...
  The same is in several other files, but not all. Illustrator and InDesign are the 2 that I know of.
  I have 500 odd machines that I need to deploy this software to.
  If Adobe would like to offer a work around with consideration to deploying the software silently via Microsoft SMS to 500 Windows 7 Workstations - I would be most grateful.
  My rage at software installer developers with such little foresight is only tempered by the knowledge that the task itself is so difficult.
  However, that does not excuse the lack of thought given to how enterprise level administrators are supposed to deal with updates, patches, and deployments to machines where users have limited rights, and the difficulty that is caused by the inclusion of unhelpful and sparse documentation and software (such as Adobe Updater).

• Cisco ISE AD (Windows Server 2013) Authentication Problem

  Background:
  Deployed two Cisco ISE 1.1.3. ISE will be used to authenticate wireless users, admin access to WLC and switches. Backend database is Microsoft AD running on Windows Server 2012. Existing Cisco ACS 4.2 still running and authenticating users. There are two Cisco WLCs version 7.2.111.3.
  Wireless users authenticates to AD through ACS 4.2 works. Admin access to WLC and switches to AD through ISE works. Wireless authentication using PEAP-MSCHAPv2 and admin access wtih PAP/ASCII.
  Problem:
  Wireless users cannot authenticate to AD through ISE. The below is the error message "11051 RADIUS packet contains invalid state attribute" & "24444 Active Directory operation has failed because of an unspecified error in the ISE".
  Conducted a detailed test of AD from ISE. The test was successful and the output seems all right except for the below:
  xxdc01.xx.com (10.21.3.1)
  Pinged:0 Mins Ago
  State:down
  xxdc02.xx.com (10.21.3.2)
  Pinged:0 Mins Ago
  State:down
  xxdc01.xx.com
  Last Success:Thu Jan  1 10:00:00 1970
  Last Failure:Mon Mar 11 11:18:04 2013
  Successes:0
  Failures:11006
  xxdc02.xx.com
  Last Success:Mon Mar 11 09:43:31 2013
  Last Failure:Mon Mar 11 11:18:04 2013
  Successes:25
  Failures:11006
  Domain Controller: xxdc02.xx.com:389
      Domain Controller Type: Unknown DC Functional Level: 5
      Domain Name:            xx.COM
      IsGlobalCatalogReady:   TRUE
      DomainFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
      ForestFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
  Action Taken:
  Log on to Cisco ISE and WLC using AD credentials. This rules out AD connection, clock and AAA shared secret as the problem.
  2)     Tested wireless authentication using EAP-FAST but same problem occurs.
  3)     Detailed error message shows the below. This rules out any authentication and authorization polices. Before even hitting the authentication policy, the AD lookup fails.     
  12304  Extracted EAP-Response containing PEAP challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store - AD1
  24430  Authenticating user against Active Directory
  24444  Active Directory operation has failed because of an unspecified error in the ISE
  4)     Enabled AD debugging logging and had a look at the logging. Nothing significant and no clues to the problem.
  5)     Tested wireless on different laptos and mobile phones with same error
  6)     Delete and add again AAA Client/Devices on both Cisco ISE and WLC
  7)     Restarted ISE services
  8)     Rejoin domain on Cisco ISE
  9)     Checked release notes of ISE 1.1.3 and WLC 7.2.111.3 for any open caveats. Nothing found related to this problem.
  10)    There are two ISE and two WLC deployed. Tested different combination of ISE1 to WLC1, ISE1 to WLC2 etc. This rules out hardware issue of WLC.
  Other possibilities/action:
  1)     Test it out on a different WLC version. Will have to wait outage approval to upgrade WLC software.
  2)     Incompatibility of Cisco ISE and AD running on Microsoft Windows Server 2012
  Anyone out there experienced something similar of have any ideas on why this is happening?
  Thanks.
  Update:
  1) Built another Cisco ISE 1.1.3 sever in another datacentre that uses the same domain but different domain controller. Thais domain controller is running Windows Server 2008. This works and authentication successful.
  2) My colleague tested out in a lab environment of Cisco ISE 1.1.2 with Windows Server 2012. He got the same problem as described.
  This leads me to think there is a compatibility issue of Cisco ISE with Windows Server 2012.

  Does anyone know if ISE 1.1.3 p1 supports AD DCs running 2012, if not which patch is required ot version?
  Worryingly when ISE joins a 2012 DC it states it's connected successfully, and if another 2003 DC is available in that datacentre it will perform the auths against that DC whilst actually advertising (Connections in the GUI) that it's connected to the 2012 DC. We ended up mapping 8 PSN IP’s to another datacentre which has one Win2003 servers whilst the old 2003 DC is being promoted back, the 8 ISE servers started working, even though they still advertised they were connected to the 2012 DCs in the original datacentre - I performed a leave and join on one PSN and only then did it advertise that the node was connected to a DC in a different datacentre

• Check Windows security

  _Microsoft Baseline Security Advisor_ : http://technet.microsoft.com/en-us/security/cc184923.aspx
  Used by many leading third party security vendors and security auditors, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.
  _Sample as run from Mac Pro Vista U._
  Noteable items:
  1) Run turned off my Ctl-Alt-Del logon requirement as set in
  Run->control userpasswords2
  2) Requires Server Service to be active
  3) Needs Computer Name entry at *error point: Workgroup\*error
  *Security assessment: Potential Risk*
  Computer name:
  IP address:
  Security report name: WORKGROUP -
  Scan date: 2009-01-08 08:48
  Scanned with MBSA version: 2.1.2104.0
  Catalog synchronization date:
  Security update catalog: Microsoft Update
  Security Updates Scan Results
  Issue: SQL Server Security Updates
  Score: Check passed
  Result: No security updates are missing.
  Current Update Compliance
  | MS06-061 | Installed | MSXML 6.0 RTM Security Update (925673) | Critical |
  Issue: Silverlight Security Updates
  Score: Check passed
  Result: No security updates are missing.
  Current Update Compliance
  | 957938 | Installed | Update for Microsoft Silverlight (KB957938) | |
  | 957938 | Installed | Update for Microsoft Silverlight (KB957938) | |
  Issue: Windows Security Updates
  Score: Check passed
  Result: No security updates are missing.
  Current Update Compliance
  | MS08-071 | Installed | Security Update for Windows Vista Service Pack 2 (KB956802) | Critical |
  | MS08-075 | Installed | Security Update for Windows Vista Service Pack 2 (KB958624) | Critical |
  | MS08-073 | Installed | Security Update for Internet Explorer 7 in Windows Vista Service Pack 2 (KB958215) | Critical |
  Operating System Scan Results
  Administrative Vulnerabilities
  Issue: Local Account Password Test
  Score: Check passed
  Result: Some user accounts (2 of 3) have blank or simple passwords, or could not be analyzed.
  Detail:
  | User | Weak Password | Locked Out | Disabled |
  | Administrator | Weak | - | Disabled |
  | Guest | Weak | - | Disabled |
  | xx | - | - | - |
  Issue: File System
  Score: Check passed
  Result: All hard drives (1) are using the NTFS file system.
  Detail:
  | Drive Letter | File System |
  | C: | NTFS |
  Issue: Password Expiration
  Score: Check failed (non-critical)
  Result: All user accounts (3) have non-expiring passwords.
  Detail:
  | User |
  | Administrator |
  | Guest |
  | xx |
  Issue: Guest Account
  Score: Check passed
  Result: The Guest account is disabled on this computer.
  Issue: Autologon
  Score: Check passed
  Result: Autologon is not configured on this computer.
  Issue: Restrict Anonymous
  Score: Check passed
  Result: Computer is properly restricting anonymous access.
  Issue: Administrators
  Score: Check passed
  Result: No more than 2 Administrators were found on this computer.
  Detail:
  | User |
  | Administrator |
  | xx |
  Issue: Windows Firewall
  Score: Check passed
  Result: Windows Firewall is managed through Group Policy on this computer. Windows Firewall is enabled on all network connections.
  Detail:
  | Connection Name | Firewall | Exceptions |
  | All Connections | On | - |
  | Local Area Connection 2 | On | - |
  | aGetOff | On | - |
  Issue: Automatic Updates
  Score: Check passed
  Result: Updates are automatically downloaded and installed on this computer.
  Issue: Incomplete Updates
  Score: Best practice
  Result: No incomplete software update installations were found.
  Additional System Information
  Issue: Windows Version
  Score: Best practice
  Result: Computer is running Microsoft Windows Vista.
  Issue: Auditing
  Score: Best practice
  Result: Logon Success and Logon Failure auditing are both enabled.
  Issue: Shares
  Score: Best practice
  Result: 2 share(s) are present on your computer.
  Detail:
  | Share | Directory | Share ACL | Directory ACL |
  | ADMIN$ | C:\Windows | Admin Share | NT SERVICE\TrustedInstaller - F, NT AUTHORITY\SYSTEM - RWXD, BUILTIN\Administrators - RWXD, BUILTIN\Users - RX |
  | C$ | C:\ | Admin Share | NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX |
  Issue: Services
  Score: Best practice
  Result: No potentially unnecessary services were found.
  Internet Information Services (IIS) Scan Results
  IIS is not running on this computer.
  SQL Server Scan Results
  SQL Server and/or MSDE is not installed on this computer.
  Desktop Application Scan Results
  Administrative Vulnerabilities
  Issue: IE Zones
  Score: Check passed
  Result: Internet Explorer zones have secure settings for all users.
  Issue: Macro Security
  Score: Check not performed
  Result: No supported Microsoft Office products are installed.

  Hi,
  Did you use the same account with the App creator(the account which deployed the app)? You can use the app creator to check whether it works.
  Could the other accounts access the apps? You can use the other accounts to check whether it works.
  To quickly and accurately find the issue, you can check the event log and ULS log to see if anything unexpected occurred.
  For SharePoint 2013, by default, ULS log is at
  C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Posture setup in Cisco ISE

  Dears
  I am trying to configure the posture for the ISE but the result is always " Posture status : pending " and the agent can access all network resources without any problem .
  please help

  Please review the below steps:
  Step 1 Choose Administration > System > Deployment >  Deployment.
  The Deployment navigation menu appears. Use the  Table view or the List view button to display the
  nodes in your deployment.
  Step 2 Click the Table view.
  Step 3 Click the quick picker (right arrow)  icon to view the nodes that are registered in your deployment.
  The Table view displays all the nodes that are  registered in a row format in the Deployment Nodes page.
  The Deployment Nodes page displays the Cisco ISE  nodes that you have registered along with their
  names, personas, roles, and the replication status  for the secondary nodes in your deployment.
  Step 4 Choose a Cisco ISE node from the  Deployment Nodes page.
  Note If you have more than one node that is  registered in a distributed deployment, all the nodes that
  you have registered appear in the Deployment Nodes  page, apart from the primary node. You
  have the option to configure each node as a Cisco  Cisco ISE node (Administration, Policy
  Service, and Monitoring personas) or an Inline  Posture node.
  Step 5 Click Edit.
  The Edit Node page appears. This page contains the  General settings tab that is used to configure the
  Cisco ISE deployment. This page also features the  Profiling Configuration tab, which is used to
  configure the probes on each node.
  Note If you have the Policy Service persona  disabled, or if enabled but the Enable Profiler services
  option is not selected, then the Cisco ISE  administrator user interface does not display the
  Profiling Configuration tab. If you have the Policy  Service persona disabled on any Cisco ISE
  node, Cisco ISE displays only the General settings  tab. It does not display the Profiling
  Configuration tab that prevents you from  configuring the probes on the node.
  Step 6 On the General settings tab, check  the Policy Service check box, if it is already active.
  If the Policy Service check box is unchecked, both  the session services and the Profiler service check
  boxes are disabled.
  Step 7 For the Policy Service persona to run  the Network Access, Posture, Guest, and Client Provisioning
  session services, check the Enable Session Services  check box, if it is not already active. To stop the
  session services, uncheck the Enable Session  Services check box.
  The posture service only runs on Cisco Cisco ISE  nodes that assume the Policy Service persona
  and does not run on Cisco Cisco ISE nodes that  assume the administration and monitoring
  personas in a distributed deployment.
  Step 8 Click Save to save the node  configuration.

• Cisco ISE - General Info. & capabilities

  Hello All,
  I've read quiet a bit of ISE features, but would like to know the following:
  1. Can ISE provide/track details of user activity, like which servers/websites he accessed over a period of time?
  2. Can it provide details of how much data was transferred from a particular server to a specific client?
  3. For a 1500 user env. (1000 desktops and 500 wireless devices) which model of ISE would be appropriate?
  4. How would having ISE be different from already deployed authentication services like Active Directory or built-in application authentication for solutions like Oracle ERP systems?
  5. I see ISE as being marketed primarily for wireles devices (BYOD), but how would it help for wired devices (or does it become and unecessary authentication level apart from AD, switch based 802.1x, etc)
  Thank you.
  Regards,
  Adnan

  Cisco ISE is a consolidated policy-based access control system that  incorporates a superset of features available in existing Cisco policy  platforms. Cisco ISE performs the following functions:
  •Combines authentication, authorization, accounting (AAA), posture, and profiler into one appliance
  •Provides for comprehensive guest access management for the Cisco ISE administrator, sanctioned sponsor administrators, or both
  •Enforces  endpoint compliance by providing comprehensive client provisioning  measures and assessing device posture for all endpoints that access the  network, including 802.1X environments
  •Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
  •Enables consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed
  •Employs  advanced enforcement capabilities including security group access (SGA)  through the use of security group tags (SGTs) and security group access  control lists (SGACLs)
  •Supports scalability to support a number of deployment scenarios from small office to large enterprise environments
  The following key functions of Cisco ISE enable you to manage your entire access network.
  Provide Identity-Based Network Access
  The Cisco ISE solution provides context-aware identity management in the following areas:
  •Cisco ISE determines whether users are accessing the network on an authorized, policy-compliant device.
  •Cisco ISE establishes user identity, location, and access history, which can be used for compliance and reporting.
  •Cisco  ISE assigns services based on the assigned user role, group, and  associated policy (job role, location, device type, and so on).
  •Cisco  ISE grants authenticated users with access to specific segments of the  network, or specific applications and services, or both, based on  authentication results.
  ISE 3315 can support 1500 users with appropriate license.

• Cisco ISE doesn`t send packets to AD

  Hello!
  I`ve tried to configure authentication through AD. Intergation Cisco ISE with AD is successful and I can retrive all groups from AD. I`ve configured dot1X authentication (Policy>Authentication) to use at first AD, then Internal Users.I`ve configured the rule for one group in authorization policy (Policy>Authorization), I`ve added this group from AD (Administration> Identty Management> External Identity Sources> Active Directory> Groups).
  When the user tries to connect to LAN and enters credentials from AD, Cisco ISE always uses only Internal Identity Source and doesn`t try to seach user in AD.  I don`t see any packets to AD in Operations>Authentication and TCP Dump, Cisco ISE only checks Internal Identity Source.
  Does anybody know how to solve this problem?
  Thank you!

  Problem was in wrong configuration Authentication.
  Now I have the folowing problem, ISE can`t authenticate wired guest user through Central Web Access.
  Guest Portal sends message about succeful authentication and after that redirect again in Guest Portal.
  I have two rules in Policy>Authorization (attach: Auth).
  In Operations>Authentication I see folowing (attach: Guest)
  In defaultguestportal I have "Both" authentication and sequence from 3 Identity Stores (Intetnal Users, Internal Endpoint, AD)

• Afaria 7 SP3 integration with Cisco ISE

  Hi,
  I am trying to find the configuration procedure that is needed for Afaria MDM to integrate with Cisco ISE 1.2.
  1. What service should be installed/enabled?
  2. Which port or service path (<IP:port/abc/xyz?>) it will listen for the communication from Cisco ISE?
  3. Cisco ISE uses REST API to communicate with Afaria. Does this require REST API installation or service activation?
  4. What type certificates are supported in Afaria for this integration.
  5. Anything that related to this topic.
  Appreciate if someone can provide the configuration procedure or any information possible.
  Regards,
  Mudasir Abbas

  From the user guide it seems that LDAP only allows you to strip the prefix/suffix and can't add the suffix.
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_id_stores.html#wp1054421
  Strip start of subject name up to the last occurrence of the separator
  Strip end of subject name from the first occurrence of the separator
  Regards,
  Jatin
  Do rate helpful posts-

• SQL Query to check window firewalls ports

  Hi All,
  I am looking for a sql query like below to check inbound sql ports opened in window firewall.
  Below query display all firewall ports but my requirement is to display ports opened related to sql server.
  EXECUTE [master].[dbo].[xp_cmdshell] 'netsh advfirewall firewall show rule name=any |find "sql"'
  Thanks,
  Nani.
  NB

  To find the answer, you would first find which ports that are "SQL ports", and this you can find by looking in the errorlog or the registry for each instance if you want to do it programmatically.
  To check Windows firewall programmatically, I have no idea, and it is definitely not a question for an SQL Server forum. Find the suitable Windows forum.
  And, no, there is no SQL query you can write to do this. But Powershell may work.
  Erland Sommarskog, SQL Server MVP, [email protected]

• Problems with Windows Firewall and MSDTC on WSFC 2012R2

  We have a two node SQL 2014 Std WSFC configuration running on a W2012R2 cluster. The SQL WSFC Role includes an MSMQ resource that uses transactional queues.
  When setting up this configuration I was unable to get DTC working with SQL talking to MSMQ without clustering DTC and ended up clustering DTC in a separate role. It now works.
  However when SQL and DTC run on different nodes distributed transactions fails if Windows Firewall is enabled. I have configured the Windows Firewall to allow all DTC rules, both incoming and outgoing on both nodes but no go. If I turn off Windows Firewall
  it works.
  Assume it has to do with DTC running in the cluster context and the firewall not. Have googled quite a bit but can't find anything that feels related.
  Any ideas?

  Hi Fredrik,
  Please refer the follwoing article to confirm your firewall has configured correct first.
  How to troubleshoot MSDTC communication failure  (I)
  http://blogs.msdn.com/b/asiatech/archive/2011/03/01/how-to-troubleshoot-msdtc-communication-failure-1.aspx
  How to troubleshoot MS DTC firewall issues
  https://support.microsoft.com/kb/306843?wa=wsignin1.0
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How i do fix a Remote Assistance file that has deleted in Windows Firewall with Advanced Security?

  Due of my accident, I cleaned a lot of idle files that I don't use while tapping "Delete" hotkey until a mistake I made. "Remote Assistance (TCP-In)" file has missing now. I'm looking this file need restore in Window Firewall, but how?
  Not sure if my computer may be critical after deleted a file allow to unblocked through firewall. I'm not a tech, but I need help. So please!
  This list are files I have now:
  Remote Assistance (SSDP UDP-In)
  Remote Assistance (SSDP TCP-In)
  Remote Assistance (RA Server TCP-In)
  Remote Assistance (PNRP-In)
  Remote Assistance (DCOM-In)

  Hi,
  What you are talking about are Firewall rules, not files.
  They should be created with Group Policies.
  If yes, it can't be deleted from your client until an Administrator delete the rule in the Domain GPO.
  You should talk with your system administrators to see if they didn't change something.
  Or maybe you have deleted msra.exe in your system32 folder?
  Gerald

• How i can know that document splitting is enable or not ?

  Hi experts,
  how i can check that document splitting enabled or not ? Is it necessary that only new g/l activated system can enable such features ?
  regards,
  Sanju M S

  Hi,
  Check this path : Financial Accounting (New) -- General Ledger Accounting New -- Business Transactions -- Document Splitting -- Activate Document Splitting
  Hear you need to check whether Document Splitting is activated or not ... if it is activated select "Deactivate per compnay code" check if your company code is activated or not.
  This is a special feature in New GL ... this feature can be activated only in New GL system (From ECC 5 onwords)
  Regards

• Cisco ISE 1.2.x with Posture Configuration - Windows Patches

  Hi, Anybody has any experience in integrating Cisco ISE Posture with Microsoft SCCM?
  With WSUS this works fine, but with SCCM I don't have any idea how to proceed. Anybody knows what it's included in the predefined rules
  pr_WSUSRule and pr_WSUSCheck? I can't find any information in ISE Console or Cisco documentation.
  Thanks.

  Once agent performs the posture checks containing the windows hotfix checks, if the administrator configured the Launch Program Posture Remediation , agent will launch the script file which will initiate the windows hotfix updates via SCCM client configuration manager pre-installed/pre-configured on the box.