Hi Bruno,
From Access tracker > OnGuard posture check request, you can find the version info collected by OnGuard agent:
Hope the below steps help creating the configuration:
From Administration > Dictionaries > Dictionary Attributes > create a new Endpoint attribute as below.
From Configuration > Enforcement > Profiles > create a new enforcement profile of type "Clearpass entity update enforcement" to update the endpoint table with OS version info.
Endpoint > OSNameVersion > %{Host:OSNameVersion}
Update the Posture check service > Enforcement policy to use the endpoint update enforcement profile (created above).
Update the Radius authentication service > Enforcement policy to check the endpoint table OSNameVersion attribute value for selecting the enforcement profile response.
------------------------------
Nimal Varampetran
------------------------------
Original Message:
Sent: Apr 20, 2021 03:03 PM
From: Bruno Andrade
Subject: CPPM Onguard - Check windows 10 Build
Hi @nimal_mahesh, where can I find this 'Clearpass entity update enforcement profile' ?
I checked in attributes of my enforcement agent health profile and in rules of enforcement profile for my posture check and didn't find it.
------------------------------
Bruno Andrade
Original Message:
Sent: Apr 20, 2021 02:03 AM
From: Nimal Varampetran
Subject: CPPM Onguard - Check windows 10 Build
Hi,
You can use a 'Clearpass entity update enforcement profile' in OnGuard posture check web auth service to update the Host OS name and version to endpoint table. Then can configure the Radius authentication service to check the endpoint:attribute to deny or restrict the access.
------------------------------
Nimal Varampetran
Original Message:
Sent: Apr 19, 2021 04:32 PM
From: Bruno Andrade
Subject: CPPM Onguard - Check windows 10 Build
Thank you Danny!
I should use this information on my enforcement to take the action, right?
Or do you known if there is a way to take action this using posture police?
------------------------------
Bruno Andrade
Original Message:
Sent: Apr 19, 2021 03:20 PM
From: Danny Jump
Subject: CPPM Onguard - Check windows 10 Build
Yes, this can be achieved.
You won't get WIN10 build number out of normal CPPM endpoint profiling, but it can be 'pulled' via Onguard, you should see something like this when OnGuard is installed...
Host:OSNameVersion | Microsoft Windows 10 Enterprise N (10.0.19042) |
HTH
------------------------------
Danny Jump
"Passionate about CPPM"
Original Message:
Sent: Apr 19, 2021 10:59 AM
From: Bruno Andrade
Subject: CPPM Onguard - Check windows 10 Build
Hi, a Customer is aksing if they can block windows 10 with build less than 1909.
Is there a way to clearpass or onguard agent identify the build of windows 10?
------------------------------
Bruno Andrade
------------------------------