No I don't think so.
As the RDP port 3389 will always be open on the machine the state will not change if you open a session to the port.
If you have a firewall between the two clients maybe the firewall can trigger on the session and send the information to ClearPass.
Still I think there may be a high risk that the RDP session doesn't survive the dynamic authorization required to change role on the switch.
If you have to solve this issue I think you need to work together with a local Aruba partner or direct with Aruba. Either a local SE or the TAC.
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: May 31, 2023 05:35 AM
From: matchabear
Subject: How to check client remote desktop attribute on clearpass service
Hi Jonas,
If we enable TCP Fingerprinting in one of the clearpass (one of the profiling method), can we
see from clearpass that the client is trying to communicate via TCP 3389, and then use it as rule condition to be able to connect to remote client ?
Original Message:
Sent: 5/31/2023 5:10:00 AM
From: jonas.hammarback
Subject: RE: How to check client remote desktop attribute on clearpass service
Ok, I see.
The RDP session will not trigger any network authentication event on the remote host. Even if you enable both user and computer authentication the authentication status will still be the computer after the user has logged in via RDP.
I have not seen any third party tools that can change the behavior.
One idea, never tested so maybe it doesn't work, is to send an event from the client or a monitoring system when an RDP login takes place to ClearPass as an ingress event. When this happens trigger ClearPass can trigger a CoA and reauthenticate the computer. But also potentially disconnect the RDP session...
The question have been asked several times in the forum, but I can't remeber any that I have seen any solution presented.
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: May 31, 2023 05:00 AM
From: tt23
Subject: How to check client remote desktop attribute on clearpass service
Ok. Sorry,
I mean need to check client authen(or some attribute for tell us ) when client 2 remote to client 1 for use that device
Original Message:
Sent: May 31, 2023 04:42 AM
From: jonas.hammarback
Subject: How to check client remote desktop attribute on clearpass service
Hi
Can you please describe your question in more detail. It's a bit hard to understand exactly what you are asking about.
Is the question if it's possible to detect if a user is logged in via remote desktop on a Windows machine?
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: May 31, 2023 04:38 AM
From: tt23
Subject: How to check client remote desktop attribute on clearpass service
Can we check client remote desktop attribute on clearpass and assign role mapping to client or not?