Microsoft and Cisco announced some time ago that they were working on NAP and NAC interoperability. They’ve demonstrated this recently at the Security Standard conference in Boston (all the cool stuff seems to happen in Boston). You can view the Microsoft PressPass update here and the Cisco press release here (they’re the same thing, no need to read both). Cisco and Microsoft have cross-licensed their protocols to make this interoperability work. You can view a white-paper on this architecture here:
I went looking for this last week and just couldn’t find it. Well Sam Johnston has let us know how it’s done. If you want to stop the browser from offering to save your username and password when logging into the Access Gateway, follow these steps on your Advanced Access Control servers:
Check out the battery life on my IBM ThinkPad T41p. There’s way too much FUD out there about Windows Vista shortening battery life, this is almost two working weeks from a single charge..
I promise this won’t become yet another blog just reposting links to other sites (more original posts to come), but here a link to a new document on the Microsoft Download site that’s worth mentioning. This document goes into the various methods that can be used to protect your network from unmanaged clients. This includes:
Ah, the things you find when you’re looking for something else. I was extracting some icons from Window Vista with the excellent Axialis IconWorkshop and stumbled across MSSVP.DLL in the SYSTEM32 folder. It looks to be a part of Windows Search. Well, this file has a number of Outlook icons in it and I don’t even have Office 2007 installed on that particular installation of Vista. What a strange behemoth Microsoft is. Here’s a look at the file properties and icons contained within:
Citrite Sam Johnston has posted about Certificate Revocation List retrieval by the Access Gateway. I’ve not had this issue myself, but I’ll have to keep an eye out for it.
Customising Logon points in Advanced Access Control is a fairly easy process. Customisation allows you to add a corporate look and feel to the user interface. However, removing and redeploying the Logon Point will remove all customisations - the Logon Point is just a bunch of HTML and graphic files. Here’s how to customise the source files so that redeployed and new Logon Points will already have your customisations.
If you run CITRIX_ADMIN_MONITOR.EXE and after you enter the username and password the Access Gateway does not display, this could be related to proxy settings in Internet Explorer. Even adding the address of the Access Gateway to the proxy bypass list does not solve the issue. Disable proxy settings in Internet Explorer and the Access Gateway desktop displays immediately. In our case we have ISA Server 2004 as our firewall. ISA Server does not allow protocols other than HTTP to be tunnelled over SSL by default and if you check the log files you will see the connection being denied. So the solution here is to either, disable proxy settings when using CITRIX_ADMIN_MONITOR or enable port 9001 to be tunnelled over SSL.
System Center Configuration Manager (SMS4) will be able to act as a remediation server in a NAP environment, which we would expect of course. Given that, with 3rd party agents, SMS can support operating systems other than Windows, all you need is a NAP system health agent (SHA) for your OS of choice and you can support that OS in your NAP/SMS environment.
