Can we check client remote desktop attribute on clearpass and assign role mapping to client or not?
HiCan you please describe your question in more detail. It's a bit hard to understand exactly what you are asking about.Is the question if it's possible to detect if a user is logged in via remote desktop on a Windows machine?
Ok. Sorry,I mean need to check client authen(or some attribute for tell us ) when client 2 remote to client 1 for use that device
Ok, I see.The RDP session will not trigger any network authentication event on the remote host. Even if you enable both user and computer authentication the authentication status will still be the computer after the user has logged in via RDP.I have not seen any third party tools that can change the behavior.One idea, never tested so maybe it doesn't work, is to send an event from the client or a monitoring system when an RDP login takes place to ClearPass as an ingress event. When this happens trigger ClearPass can trigger a CoA and reauthenticate the computer. But also potentially disconnect the RDP session...The question have been asked several times in the forum, but I can't remeber any that I have seen any solution presented.
Thank you for your answer.
No I don't think so.As the RDP port 3389 will always be open on the machine the state will not change if you open a session to the port.If you have a firewall between the two clients maybe the firewall can trigger on the session and send the information to ClearPass.Still I think there may be a high risk that the RDP session doesn't survive the dynamic authorization required to change role on the switch.If you have to solve this issue I think you need to work together with a local Aruba partner or direct with Aruba. Either a local SE or the TAC.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.