Hi,
If you only run OnGuard in client mode (when the user is logged on) once they logout and the cache expires, their posture assessment will be "Unknown".
Unless the OnGuard agent runs as a service when the user's not logged on, and as a client when the user is logged on (because it gathers data about the logged in user), you are at the mercy of DHCP.
Most defaults for DHCP on Active Directory, for example, have leases of like 8 days. So if your PC's cache expires, the "Unknown" posture device will change to a different VLAN (if that's how you deal with unknown devices). The problem is it still has the DHCP lease from the previous posture assessment and will stay there until the lease expires.
Running OnGuard as a service should allow the service to perform Agent Port Bounce which is like unplugging and re-plugging the device, so a new lease is obtained from the current (new) VLAN.
Does this look like your issue? (or is it just my issue! :D )
Regards,
-Ambi
P.S. Keep in mind, leaving a device with a 48 hour cache may not be a good idea. That means a device that somehow gets malware activated over the weekend
could run wild on your network. We use 2 hours, but even that is more than most customers use.
------------------------------
Ambidexter
------------------------------
Original Message:
Sent: Jun 17, 2013 08:19 AM
From: James Witherow
Subject: Machine Authentication after resuming from Sleep/Hibernation
Hi,
Increasing the cache timeout has definately helped the issue, but not completely.
Does this cache get refreshed or will this timeout require machine authentication again after this duration has passed? Reason I ask is I have a laptop I use prodominately in one location and don't regularly reboot or log off. I still experience the problem of being put in the 'deny_all' group occationally and seemly only a reboot of the laptop will get me back on the wireless.
Any tips?
Thanks