Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
165
Views
2
Helpful
2
Replies

Run a script or update an application after posturing

DK9
Level 1
Level 1

‎05-01-2024 12:00 AM

Hi folks,

We are using anyconnect for vpn users and we use ISE for posturing the devices .

We are running on version 2.7 patch 9 so our requirment is we need to upgrade the client laptops manage engine desktop client in all laptops we have made a script for this but the problem is script will be working fine only after having sucessfull connection to our network so our requirement is to run the script after the posturing of ise .in version 3.2 we have a script condition where we van achieve this but we cant upgrade so is there any other workaround so that we can achive this.@ise

0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎05-01-2024 02:26 AM

 

 - Ref : https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-2943876.html
                      For business flexibility and or needs  it would still be better to consider upgrading , well actually because of lack of support too gradually becoming a requirement.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

antisocial11224
Level 1
Level 1

‎05-10-2024 12:45 AM

@DK9 wrote:

Hi folks,

We are using anyconnect for vpn users and we use ISE for posturing the devices .

We are running on version 2.7 patch 9 so our requirment is we need to upgrade the client laptops manage engine desktop client in all laptops we have made a script for this but the problem is script will be working fine only after having sucessfull connection to our network so our requirement is to run the script after the posturing of ise .in version 3.2 we have a script condition where we van achieve this but we cant upgrade so is there any other workaround so that we can achive this.@ise

You can configure ISE to trigger the script upon successful completion of the posture assessment using a CoA policy. This allows the script to be executed automatically once the device is deemed compliant. Alternatively, a posture compliance check can be set up in ISE to verify the presence of the manage engine desktop client on client laptops. If the client passes this compliance check, the script can be triggered to initiate the upgrade process.

Or you can schedule the script to run periodically on client laptops, ensuring that it attempts to upgrade the client laptops until successful. Additionally, leveraging group policies or configuration management tools can streamline the deployment and management of the client upgrade process. These tools often provide options to schedule deployments and ensure compliance with network policies. Exploring the integration of network access control solutions that support running scripts based on posture assessment results may also be beneficial in achieving the desired outcome.

Customers Also Viewed These Support Documents