ISE posture based upon switch user is connected to
OK, I am a new ISE user and definitely an early beginner on creating ISE policies. I have successfully created a policy that can determine if you are using a corporate asset or not and using 802.1x authentication grant you access to corporate resources or not. This policy also assigns the VLAN the user is placed into. Seems to work quite well so far at least as a baby step in policy creation.
Our building has different VLANS based upon floors and the like and I would like the policy(s) take this into consideration when assigning the VLAN. Is there a way to include which switch the postureing process is flowing through to assist in assigning the VLAN? I am thinking I would have separate policies based upon the switch / stack but not sure how to include that in the logic. I figured it would be similar to my policy where I check corporate assets and that you are wireless and that you have a valid AD account but have been unable to figure out the endpoint part. I have created network groups for my network devices but am stumped after that. Is there something else I should or could be doing instead? Do I need a completely different train of thought?
Brent
Hello Brent, using "Network Device Groups" can definitely make this possible for you. For instance, you can create a "Location" based group hierarchy that looks like something like this:
All Locations > HQ > Floor-1
All Locations > HQ > Floor-2
All Locations > DR > Floor-1
etc
Then you can reference that group in your authorization policy by using something like this
If "Conditions > Device > Location" = All Locations > HQ > Floor-1
then
Permissions = "HQ_Floor-1-Posture"
If "Conditions > Device > Location" = All Locations > HQ > Floor-2
then
Permissions = "HQ_Floor-2-Posture"
I hope this helps and addresses your issue.
Thank you for rating helpful posts!
Similar Messages
-
InfoPath will generate a new sequential value (Unique ID) based upon a user-selected value
I am trying to create an Infotpath form that is submitted to SharePoint and I have it working but not the way I would like it to work. Any help with much needed detail would be greatly appreciated due to the fact I am still a "newbie".
I have two fields one called Ref Number which is a read only text box to the users and another field called Own Info which is a Drop-Down list. Bascially I would like it to where when the user clicks the submit button the Ref Number will get incremented.
I have the form incrementing with leading zeros but every time the submit button is clicked and I would like it to be determined by the Own Info and not like this : concat(Own_Info , "-", substring("000", 1, 4 - string-length(max(ID) +
1)), max(ID) + 1).
Example:
1.Own Info: D652 Ref Number : D652-0001
2.Own Info: D652 Ref Number: D652-0002
3.Own Info: D653 Ref Number : D653-0001
4.Own Info: D653 Ref Number : D653-0002
5.Own Info: D652 Ref Number : D652-0003
So the Ref Number increments based off of the Own Info which will be about 25 different options. Again any help with much needed detail would be greatly appreciated. Thanks in advance!!!!I have also done something like this using a list for the next reference number:
Set up a list with the Own Info number and Next Ref Number
Populate the list with the possible Own Info Numbers and the next available ref number for each one
Own Info | Next Ref Number
D652 | 0004
D653 | 0003
Use a workflow when the submit button is clicked that looks up the Own Info number from your custom list and gets the next ref number that corresponds to it
concatenate the two and use for the combined number
use the same workflow to update the next ref number
One thing to be wary of when you set something up like this, is that if the workflow will run often (the form is being used and submitted heavily) a race condition can exist where two workflows might try to update the same Own Info->Next Ref Number. This
is probably not the solution to use if this is your scenario.
Marlene Lanphier MCTS -
How to go about changing settings based upon logged in user
Hi all,
I'm wondering if anyone has any thoughts on how one would go about changing a property on a node based upon the logged in user.
For example, say you have a path property at /apps/myComponent/settings.path=/content/dam/genericfolder that for an author have the value of /apps/myComponent/settings.path=/content/dam/sandbox, and for an approver have the value of /apps/myComponent/settings.path=/content/dam/approvalsandboxHi Ove,
Thanks for the tip on the user role. I had thought about taking that approach, however, leveraging the user role and properties associated with it would be the correct approach if writing custom components. What I am looking for is a way to take existing components, and essentially use them in context of the user.
For example, say if you are trying to give a sub group of users access to a subset of the DAM directory, and you don't particularly wish to hack around the existing WCM DAM component, there is a setting in the tree navigator (/libs/wcm/core/content/damadmin/treeRoot) that lets you specify where the root of the tree is. (There are more settings to work with, but this is just one used to illustrate.)
If you can change the property based upon the user, that gives you the functionality without altering code.
I would like to know if this is possible, if this is an inherently bad practice, if so why, and whether there may be another alternative out there which lets you avoid having to alter the code of an existing component.
Thanks again for answering. -
Folks, I'm a newbie to this forum and to SHarepoint in general - so please be gentle :-)
I'm using Sharepoint 2010 and have content in lists which I want to display based upon certain user attribtes. For example I have a sharepoint LINKS list which contains entries for vaious applications (I'm using the LINKS list as an example, however I'd
like to apply it to many libraries/lists).
Name:UK Intranet - URL:http:UKintranet.com - Description: UK
Name:USA Intranet - http:USintranet.com - Description: USA
Name:UK Contacts list - http:UKPhones.com - Description: UK
Name:USA Contacts list - http:USAPhones.com - Description: USA
My users are split accross AD domains, one for each called UK and others in a domain called USA
What I would like to do in a content query is display items where the users domain (ie UK or USA) is contained in the Description field.
So a CQWP which includes something like "filter when Decription = &userdomian"
I should also add that I am only using basic page editing in a browser and have no access to Sharepoint Designer
Can this be done?
BTW - I know this is a little like Audience Targetting, however I don't have rights to setup audiences and as the information about the audience is already available in the users domain I simply wanted to reuse that.Hi Peter,
According to your description, my understanding is that you want to filter items based on the current user’s domain.
Whether you could access Central Administrator, and create a new user property in User Profile Service Application->Manage User Properties. If yes, create a new user property (assuming it is called ‘Domain’)to store the users’ domain information. If not,
please choice a existing user property that you don’t use to store the domain information, like Department.
Then do as the followings:
Open the page that you want to display the list.
Eidt the page and insert the list into the page.
Insert a Current User Filter web part(Insert->Web Part->Filters->Current User Filter) into the page.
Then edit the Current User Filter web part, and select value to provide: SharePoint profile value for current user: Department(or Doamin).
Connect the Current User Filter web part to the list: Connections->Set filter values to->the list.
Connection Type: Get Filter Values from, click Configure.
Consumer Field Name:Description, click Finish.
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
Data Selection for report based upon a 'Prompt Value'
I want to report information in my report based upon a 'user input prompt value'
for example:
'Enter Shareholder Selection - A-Active, I-Inactive, B-Both Active and Inactive'
if the user enters 'A', the report selects only active shareholders
if the user enters 'I', the report selects only inactive shareholders
if the user enters 'B' the report selects all shareholders, active and inactive
the field in the database that this based upon is their total share value.
if this field is greater than zero (>0) they are considerd 'active'
if this field is equal to zero (=0) they are considered 'inactive'.
I have tried creating some type of filter, but am not having any luck.
I saw a few examples within the forums that I have tried without any luck....unfortunately most of the examples I've seen are base one only two choices.
I'm sure I need to create some type of 'independant varible' but am not sure how to do that either.
Any suggestions would be appreciated.
Thanks.Hi Daryl,
I Tried this unsuccessfully in DESKI . We can't Eliminate Rows having Empty Measure Values or Measure with 0 as values using Table Level Filter as FIlter can't FIlter rows based on Prompt value selection dynamically. Filters filter rows at a time and not based on 3 condition as Active, Inactive and Both. thus filters are of no use.
I Tried this in WEBI, and it is working perfectly you donu2019t have to create any Object in Universe, you can do it using function UserResponse() at report level.
Hence if you are comfortable using WEBI for Generating this report then Follow the steps.
1. Create Report With Name and Shares Object. It will display all Shareholder Names and No.of shares they hold.
2. Use Status Object in Query filter, use condition as u201CEqual Tou201D and Select prompt. It contains Active, Inactive and Both as values.
3. Report will Display all Shareholder names and No. of shares like 45, 789, 0, 4562 where 0 is inactive Shareholder and all other are active shareholder.
4. Create Variable using Formula.
=If(UserResponse("Enter Status:")="Active" And [Shares]>0;[Shares];If(UserResponse("Enter Status:")="Inactive" And [Shares]<=0;[Shares];If(UserResponse("Enter Status:")="Both";[Shares])))
5. Remove Shares Object from the report and Put Variable created with Names of Shareholders.
6. Select Table-> Properties-> Display-> Uncheck the Option u201CShow Rows with Empty Measure Valuesu201D
7. Report will display Value correctly as per your Prompt value selection.
I Hope this Helpsu2026
Thanksu2026
Pratik -
How to change Dashboard Tabs based upon the login?
Hi All,
I have a requirement that, based upon the user login the dashboard tabs should change! not sure how to do this? any help is greatly appreciated.
Regards
B
Edited by: Bees on Jul 27, 2010 2:37 AMB,
I mean assuming you have a security model, users are in groups etc. And you have one group allowed to access tab 1, and you build tab2 for another group....
The dashboard page properties screen, has a padlock icon against page, here you can set up the presentation catalogue privs for the dashboard page, assign users / groups read access, prohibit access as you see fit.
To get to the page properties, edit the dashboard itself, on the top row of icons against the page dropdown list is our friend, the pointy finger, hit this to get to the page properties screen, you can change order, rename pages and in this case, set security per page.
For discussions on the security model, RPD groups & Web cat groups - best we start another thread !! have a search on the forum first though, its been covered many times :-)
Cheers,
Alastair -
Selectively display link based upon userID
I know how to add security to tabs, etc. in Portal, but I have a jsp portlet that contains various links and images. I want to selectively display some of these items based upon the user currently viewing the page. Is it possible to add security at this level?
Thanks in advance.The links and images on the jsp portlet are not Portal items, I do not think you can use portal security to
secure them. But for links and images on portal pages, each of them can be secured.
Why not create a page, put your links and items to it, and set the item level security. Then expose the page
as a portlet, this page portlet can be include on other pages. -
Searching PRODUCT column based upon user's input
I have table in Oracle with one column PRODUCT. Column PRODUCT have following values -
Account Management
Active Directory
NT Account
Application Security
Beehive Conference
WebSite Account
HP Laptop
I am designing application where I need to search in column PRODUCT based upon user's input. Lets say user wants search on 'Laptop Account Broken'.
I want to search for all rows in PRODUCT column which contains any of words in user's input. So based upon user's input I want output like below.
Expected Output
Account Management
NT Account
WebSite Account
HP Laptop
I need your help to write me SQL for my desired output. please help -You can use Regexp_like instead of Instr ;)
PRAZY@11gR2> exec :user_input:='Laptop Account Broken';
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.00
PRAZY@11gR2>
With TableA As (
select 'Account Management' Product from dual union all
select 'Active Directory' from dual union all
select 'NT Account' from dual union all
select 'Application Security' from dual union all
select 'Beehive Conference' from dual union all
select 'WebSite Account' from dual union all
select 'HP Laptop' from dual
--End of sample data
,Temp as
(select regexp_substr(:user_input,'[^ ]+',1,level) str from dual
connect by level <= length(regexp_replace(:user_input,'[^ ]+'))+1)
select product from tableA,temp where
regexp_like(product,str)
PRAZY@11gR2> /
PRODUCT
HP Laptop
Account Management
NT Account
WebSite Account
Elapsed: 00:00:00.00or...
PRAZY@11gR2> exec :user_input:='Laptop Account Broken';
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.00
With TableA As (
select 'Account Management' Product from dual union all
select 'Active Directory' from dual union all
select 'NT Account' from dual union all
select 'Application Security' from dual union all
select 'Beehive Conference' from dual union all
select 'WebSite Account' from dual union all
select 'HP Laptop' from dual
--End of sample data
select distinct Product from tableA where
regexp_like(product,regexp_substr(:user_input,'[^ ]+',1,level))
connect by level <= length(regexp_replace(:user_input,'[^ ]+'))+1
PRODUCT
Account Management
NT Account
WebSite Account
HP Laptop
Elapsed: 00:00:00.06Cheers! -
Derive values based upon user input
Hello,
I recieved a request for a report.
When a user runs the report they are to be prompted for a fiscal year/period.
Based on the fiscal year/period that the user provides I have the following columns (in bold below are 2 examples that may make the description more clear).
1. Revenue for the Fiscal year Prior to the fiscal year of the user input value
2. Revenue for the Fiscal year/Period prior to the input Fiscal year/period
3. Revenue for the Year to date accumulation up to the prior fiscal year/period that the user input
4. Revenue for the Year to date accumulation up to the prior fiscal year (fiscal year rolls back first) and prior period (for period 01, it then rolls back the fiscal year 1 more year) that the user input
Example 1: If the user ran the query and they provided the value 05/2007, then the values that need to be obtained would be:
1. Revenue for 2006
2. Revenue for 04/2007
3. Revenue for 01/2007 to 04/2007
4. Revenue for 01/2006 to 04/2006
Example 2: If the user ran the query and they provided the value 01/2008, then the values that need to be obtained would be:
1. Revenue for 2007
2. Revenue for 12/2007
3. Revenue for 01/2007 to 12/2007
4. Revenue for 01/2006 to 12/2006
Please help me with determining how to obtain the user input value, and then how to derive the time periods for the columns based upon that value.
Thanks,
Nick
(points available)
Edited by: Nick Bertz on Mar 13, 2008 9:43 AMHello,
See my example.. I am reading the value from Keydate Variable
WHEN ZVND01
READ TABLE i_t_var_range INTO w_var_range WITH KEY vnam = 'Keydate'.
IF SY-SUBRC = 0.
CLEAR l_s_range.
l_date = w_var_range-low.
concatenate l_date(6) '01' into l_first_date.
CALL FUNCTION 'SLS_MISC_GET_LAST_DAY_OF_MONTH'
EXPORTING
day_in = l_date
IMPORTING
last_day_of_month = l_last_date
EXCEPTIONS
day_in_not_valid = 1
OTHERS = 2.
IF sy-subrc EQ 0.
l_s_range-low = l_first_date.
l_s_range-high = l_last_date.
l_s_range-sign = k_sign_inclusive.
l_s_range-opt = k_option_between.
APPEND l_s_range TO e_t_range.
ENDIF.
Hope this example helps.. -
Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?
you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps -
hello,
could anyone please post screen capture of ISE posture configuration ( and remediation )
I need urgently a dACL and a redirection ACL that work at least in a mockup lab.
Authentification and authorizations policies not needed.
posture and remediation policies not needed.
The issue is about ACLs (I guess)
Also needed is a valid switch config file, with ACL (if necessary) a the DOT1x ethernet port.
My IOS is 122.55 SE or 52 SE
Thank you by advance.
Best regards.
V.Hi Venkatesh,
Your the ultimate ISE Guru !!
You're right
Thanks a lot.
See screen captures and Sw config below
aaa new-model
aaa group server radius ISE
server 192.168.6.10 auth-port 1812 acct-port 1813
server 192.168.6.10 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa authorization network auth-list group ISE
aaa authorization auth-proxy default group radius
aaa accounting dot1x default start-stop group ISE
aaa server radius dynamic-author
client 192.168.6.10 server-key 123456789
ip dhcp snooping
ip device tracking
dot1x system-auth-control
dot1x critical eapol
interface FastEthernet1/0/1
switchport mode access
ip access-group ACL-ALLOW in
authentication port-control auto
authentication periodic
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
permit ip any any
ip access-list extended ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny udp any host 192.168.6.10 eq 8905
deny udp any host 192.168.6.10 eq 8906
deny tcp any host 192.168.6.10 eq 8443
deny tcp any host 192.168.6.10 eq 8905
deny tcp any host 192.168.6.10 eq www
permit ip any any
snmp-server community snmp RO
snmp-server community RO RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.6.10 public
snmp-server host 192.168.6.10 version 2c snmp mac-notification
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server host 192.168.6.10 auth-port 1645 acct-port 1646 key 123456789
radius-server vsa send accounting
radius-server vsa send authentication
V. -
Filtering entries in BP search based upon user
Hi
We are trying to filter out results shown in BP search, based upon users. For that we are trying to follow steps mentioned in IMG
SPRO->IMG-> Customer Relationship Management -> CRM Cross-Application
Components -> Generic Interaction Layer/Object Layer ->
Component-Specific Settings -> Extend Object Model for Business Partner
The field(region) we are using is already present in structure CRMST_HEADER_SEARCH_BUIL and as per my understanding we will be using method Adjust_Result_Table.
But still I am not able to resolve it. Please help me in this regard.
Thanx & Regards
HitsHi,
The object that we work with at 2007:
BuilHeaderSearchNew
and not BuilHeader like at the last version
so, we have to implement CL_BUPA_IL_HEADER_SEARCH and not CL_BUIL_HEADER
1. Create :
ZCL_BUPA_IL_HEADER_SEARCH
with superclass:
CL_BUPA_IL_HEADER_SEARCH
2. At customizing:
SPRO->CRM->Cross Application components->Generic Interaction Layer/Object Layer->component specific setting ->Extend Object Model for Business Partner
add:
External Object Name - BuilHeaderSearchNew
Implementation Class - ZCL_BUPA_IL_HEADER_SEARCH
Nou you can use this method for changing the result:
ZCL_BUPA_IL_HEADER_SEARCH ->GET_RESULT_TABLE
good luck
ayelet -
Which Portal user based upon SID
I can use 'wwctx_api.get_user' to determine who is executing a particular session. But based upon the SID of a session how can I tell which Portal user is executing?
Assuming that you know the session id (SID), you can get the portal user executing that session using the following query:
select user_name
from wwctx_sso_session$
where id = &sessionId;
For all the authenticated portal sessions it will return the user id of the authenticated user and for the unauthenticated portal sessions it will return PUBLIC. -
Satellite internet users cannot connect to Flash based online multiplayer games
Hello,
I have found that Satellite internet users are unable to
connect to the game Club Penguin because of the recent security
fixes that have been added to the flash player over the last 6
months or so. Club Penguin used to require at least Flash Player 7
to run, at this time satellite users could connect.
They recently upgraded their system to require Flash player 9
or higher, since this update no satellite users can connect if they
have the newest versions of Flash. If they revert back to the Flash
Player 9r47 they can then connect to the game. Of coarse this opens
the computer up to the exploits that have been fixed.
Anyone have any idea of how to notify Adobe of this issue? Or
possibly another way to make it work with the newest versions of
Flash Player?Does this problem with your Internet satellite happen only with this game? You might want to contact your Internet provider as I'm sure they will be able to work with Adobe in fixing the problem.
-
On Windows 2008 Server R2, when the maximum number of users are connected via Remote Desktop (2) and another user attempts to connect via Remote Desktop, the user is prompted with a login dialog. Upon login, a dialog is shown with the User Id's of the
users who are connected, their current state (active or idle for x minutes) and it gives you the option to request access from a user or to force a user off. Recently our server stopped displaying this message and now only gives an error message that it cannot
connect. It does not show the login dialog, just an immediate connection error message. So now we don't know who is logged into the server. This presents a problem with many users who need to deploy software or manage server resources. What setting could have
changed that would stop displaying the login and the current users dialog? Thanks!i can't seem to reproduce this, I played around with my server's NLA settings, looked at RDS GPOs, the options in the RDP listener, checked the user account in AD, just can't see what would be blocking this
would it make a difference if one of the RDP spots is occupying the server's console or not?
are the users trying to come in when the two sessions are already used up using the /admin or /console switch?
in the meantime, you can try using tsadmin.msc to kick people off
you may also want to try testing this with various different OS and RDP client versions to see if that's the issue. win7 with RDP 8.1 client doesn't seem to have any problems for me
Maybe you are looking for
-
How do i fix an itunes.exe - corrupt file?
need help gettin itunes running again. started up computer, opened itunes, greeted with an "itunes.exe - corrupt file" notice. advises to "run Chkdsk utility", but how? Also lost ipod a few weeks ago, so how else can i fix?
-
How to get the list of all process order which are settled?
Hello Friends, Is there any standard report available to get the list of all settled Process Order or Production order? Thanking all of you in advance. Regards, Jitendra
-
hi i bouth lion for my mac but i had to restrat my mac and it was all lost do you know how i get this back
-
Hi Experts, I am using security filters for groups. I am devolving my S&V. when ever I am changing my conditions it is not reflecting. I think I have issue with cache. When ever I am taking query from log always where condition is showing previous ta
-
File transfers are soooo extremely slow in Parallels! How to speed up?
For transferring files between osx and parallels, i use the tool which is dilivered with paralles, but is is sooooo extremely slow here. It took 3 minutes too transfer a 2 mb file. Is it possible to acces the OSX partition in windows by using Macdriv