Cisco ISE 2.1 settings keep changing
Hello
Is there a way to ISE who made changes and what are the real changes? As an audit is changed to ISE itself. I don't know journal GANYMEDE.
Thank you!
Hello
You can enter in operations > report > Audit > audit of Configuration change.
Concerning
Gagan
PS: Mark as correct answer if it helps!
Tags: Cisco Security
Similar Questions
-
Firewall Windows settings keep changing ~ I don't change them! HELP Please
Recently, I noticed that to change my Windows Firewall settings, AND I'm not modify them.
I set the Windows Firewall as follows:
1. on the "Général" tab
I ticked the boxes: 'On' (recommended) and "don't allow exceptions".
2. in the tab 'Exceptions ':
NO boxes are checked
I ticked 'display a notification when Windows Firewall blocks a program '.
3. on the "Advanced" tab
ONLY "Connection to the Local network" is checked
and under the 'Settings' button ICMP NO boxes are checked.Periodically, I notice that my "Network Icon" (two screens) is very active when I'm not navigate on the internet or by e-mail. When I click with the right button on the icon and select "Change Windows Firewall settings", I note that the following changes have been made to my original settings, BUT NOT BY me!
1. on the "Général" tab
The box: 'On' (recommended) is checked
BUT "don't allow exceptions" is now disabled
2. in the tab 'Exceptions ':
File sharing and printer is enabled
AND "Display a notification when Windows Firewall blocks a program" is now disabled
3. on the "Advanced" tab
If I click on the box 'Connect to the Local network' that is always checked
under ICMP, and go to the "Settings" button
NOW, the first "Allow an incoming echo request" is checked.Earlier this week, I hadn't double checked if the parameters have changed and started printing a Word document, I had been editing. Before the start of my print file, my printer started to print pages and pages of garbled text (just the letters and not readable ~ grabage). After the cancellation of all the print jobs, I checked the Windows Firewall settings again, and they had been changed from the original settings that I had chosen, once again!
The only way I can restore my original settings is to click on the default button on the tab "Advanced" and then double-checking the options I want.
This happens at least 8 times a day and makes me crazy, because I am constantly having to check if the Windows Firewall settings are as I put them in the first place. If they are not, I have to go through this process over and over again. By making print a nightmare, but it's also annoying to have to keep control of the settings.
Ask everything you big strong guys out there to give this 'small' a helping hand technique with this one, please.
Thank you very much
~ Alison XxHello
1. is there any firewall other than Windows Firewall running?
2. using any antivirus?
3. Since when did you start to deal with the issue?
Method 1: It could be virus issue. First we will analyze the system for infections using the Microsoft Security Scanner which can be downloaded from the link below:
http://www.Microsoft.com/security/scanner/en-us/default.aspx
-
former title: network location settings. Discovery of NW. File sharing. public folder sharing. AVG 9.0 'tools' and network connections.
My Alltel Wireless device again set the network location. And continues to change my network settings for the discovery of NW to:, as well as file sharing for: file public and sharing: read-only. I have AVG Security 9.0 and under 'tools' and connections network shows several svchost with States reading service connections listening and unknown. I don't want no access to my computer and cannot find any computer consultants who can get this to stop. What can I do?
Hello1. the options apply automatically on?
2. have you made changes on the computer recently?
3. have you installed any Alltel Wireless application to manage network connections?4. What is the current network location type on? Is it home, work or public?Network discovery and file sharing settings depend on the network location. For examle, if you set the network as a public location it turn on file sharing. So I would ask you to turn all the parameters and then choose the type of network and check if the parameters change again.
Method 1.
I recommend you to check if the problem exists in clean boot. May be a third party application is causing these changes.
See the article below for instructions on how to start your computer in a clean boot state.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
http://support.Microsoft.com/kb/929135
Note: When the diagnosis is complete, don't forget to reset your computer to normal startup. Follow step 7 in the above article.Method 2.
Also check the settings under tools in AVG security suite. You may need to check with the help of AVG on it.
Or you can disable the antivirus software and check if that causes this behavior.
Temporarily disable the security software installed on the computer and check if the problem persists.
Disable the anti-virus software
http://Windows.Microsoft.com/en-us/Windows7/disable-antivirus-software
Important note: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.
I hope this helps.Thank you, and in what concerns:
Shekhar S - Microsoft technical support.Visit our Microsoft answers feedback Forum and let us know what you think.
If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly. -
Display settings keep Changing
Continues to change my display settings to start. Specifically, it's the colors that change from 32 bit to 8 or 16 bits. Whenever I simply go to display settings, change the 32-bit color and all is well, but I am trying to determine what is the cause for the last number she is reset at startup. I have a Vista SP2 Core 2 Duo CPU. I don't know if this is has nothing do with it, but in the monitor display settings is set to 1. Generic PNP monitor on NVIDIA GeForce 8400 M GS, 1920 x 1200, 32-bit. There is also another 2. (By default the monitor) on NVIDIA GeForce 8400 M GS, but its resolution is 800 x 600 and is not Basel to change. Not sure if it matters that I am using the monitor 1. Also, while I've updated to the latest NVIDIA driver, the 1. Generic monitor, which is what I use, present in advanced settings / properties that the driver Date was 2008 and 2. (Default monitor) was 2010... and right now, I just went back to 1. and now the date changes from 2008 to 16/10/2010. What the hell, why the date of the fair driver update itself in those seconds of coming and going? What was the problem? Restart now to determine that. Will update.
OK, think about it. It's Windows Live Messenger to Start Up - this program has been configured to run on 256 colors (8-bit which is). Unchecked "run in 256 colors" in the properties of Windows Live Messenger. The Compatibility tab, rebooted and all is fine, do not go back to 8 bits. Solved
-
Cisco ISE comments settings problem
Hi all
I hope that it will be a miracle.
I'm unable to remove the San Jose of positions in the settings of comments with the following error ' cannot delete locations: San Jose: location referenced by another configuration. I have attached the parameters and error of reference.
I checked all the settings in the comments tab and deleted any reference to San Jose, except if it is referenced in the configuration wizard which I wasn't involved in where else this could be referenced and how to remove it please? It is only cosmetic, but to create guest accounts it is frustrating, as shows the San Jose location when they are in fact located in the United Kingdom. I'm under Cisco ISE version 1.3.
Thank you
Mark
It's a bug
CSCus25245
Description
Symptom:
In point 1.3 of the ISE, under settings - > location and SSID, we cannot delete the default location of San Jose.We get the error that it is referenced by another object.
Conditions:
ISE 1.3 - seek to remove the default location of San Jose. -
Cisco ISE 1.1.1 with Windows posturing
Hello
We tired for configured windows posturing here's the scenario
We saw five ise boxes 3315 with version 1.1.1 off them 2 is admin, 2 is PS and 1 MNT
and we have local Symantec and WSUS Server.
We make posturing for Windows where I have a few questions
(1) is there an integration here of the local WSUS server with Cisco ISE where Cisco ISE can automatically take all the mandatory WSUS update according to the crititcality of the WSUS server.
(2) what is advised to set up the strategy of the Posture of the posture of windows in Cisco ISE and if manually configure windows political posture using specific KB and if there is an update available on Microsoft will we be able to configure the policy for the new update.
(3) we have configured authentication dot1x in cisco ise and asked as well as on switch port where once the user must be connected to dot1x port of the switch it invites username and password dot1x and therefore, authorization policy, it gives vlan appropriate dynamics.
But what are the ways where we can restrict the machine which is rather than the assets of the company and even if the user's user name and password in short any employee aware how we can restrict the user making the machine rather than the assets of the company?
(4) can configure US policy posture for antivirus which will keep us in normal mode and at the same time, we can put posturing for windows which monioring mode which only monitor policy posture and reflected in the monitoring, log in which does not restrict the network for windows posturing
That will be great if any one can please help me to get the issues
Thank you
Pranav
What follows is under the POLICY-OF ELEMENTS of STRATEGY-POSTURE-> REQUIREMENTS > >
What follows is located under
POLICY OF-> ELEMENTS OF STRATEGY-> POSTURE->
REPAIR-> WINDOWS SERVER UPDATE SERVICES REMEDIATION ACTIONS
What follows is part POLICY-> POSTURE
These settings work ALMOST flawlessly for me by forcing her we approved on our WSUS server for our group of workstations updated (all of our laptops are members of the) which meet the criteria of severity EXPRESS (critical and Important). Now, what I've discovered in the last few days is that... MS seems a bit random in their identification of what severity level they assign to their updates. For example... I think that a service pack of the operating system would be considered IMPORTANT if not CRITICAL... however... Look at this from the identification of the server WSUS from Windows 7 Service Pack 1:
Thus, those who updates you deleted, I'd go throgh your WSUS server to identify how they are identified by gravity, then according to your needs set the parameters of the ISE accordingly to ensure that you get updates you plan.
Hope this helps everyone out there who has similar problems.
Thank you
Dirk
-
In HKEY_USERS\ Shell folders values. By DEFAULT keeps changing
I have a screen saver application (Google Photo Sideshow) which seems to look at the value AppData Local stored in the registry of the user Shell folders key in defining its cache folder, which is in turn the location of the XML file that tells it where to find pictures. (Sorry, I know that was complicated). Anyway, I also wanted to set the screen saver to the Windows login screen in the HKEY_USERS\. DEFAULT registry section.
My problem is that the values stored in the Shell folders for it. DEFAULT profile continues to change. Sometimes they point to C:\Documents and default User\... and sometimes they change to C:\Documents and Settings\Administrator\... and sometimes the fair white value out completely.
Can someone tell me what controls the values stored in this folder, and why they keep changing? The user Shell folders paths all remain constant with % USERPROFILE%\... I searched for this answer for weeks and can't seem to find someone who can tell me why these values change according to what rules they changes, etc...
Any help would be greatly appreciated... :)
Travis McGee
Hi Travis McGee,
For more specialized assistance on this issue, please repost your request here on the TechNet Forum.
TechNet Forum
http://social.technet.Microsoft.com/forums/en/category/windowsxpitpro
Thank you, and in what concerns:
Ajay K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think
-
Why my icons on my desktop keep changing
My favorite site icons keep changing to blue globe just out of the blue. How can I stop this?
Thank you for the update.
File Ntuser.dat is normal is displayed on your computer. It's a registry file of the Windows operating system that contains personal files and preferences for each user account. It is not harmful. File Ntuser.dat are invisible, except if you set your settings to show hidden files (which I think we did before). Deleting the file Ntuser.dat will remove also all the account settings and cause the damaged profile.
For more information, kindly check this link.
Regarding your concern to icon, we suggest you to do what we did before that is to clear the cache of the icon. After that, run your computer in a clean boot by disabling startup programs to check if there is any third-party program causing these. Watch it and leave it in the boot for a day to check if she always changes the icons. To run your computer in a clean boot state, please follow the steps in this link.
Let us know how it goes.
-
Windows 7 keeps changing home network to the public network without asking for confirmation, this prevents me to access the internet
Hi douglas wilson,.
Welcome to the Microsoft Answers site!
Since when are you facing this problem?
We need additional information to help you better.
Make sure that you save the settings after clicking on homepage or work profile in the network profiles.
Strengthen the security of your computer and your network:
Identify and resolve home network problems:
http://Windows.Microsoft.com/en-us/Windows7/identify-and-resolve-home-network-problems
Open network problem:
http://Windows.Microsoft.com/en-us/Windows7/open-networking-troubleshooters
Kind regards
Amal-Microsoft Support.
Visit our Microsoft answers feedback Forum and let us know what you think. -
I am very new to Cisco ISE and Meraki. I try to get the Radius configuration for wireless authentication. When I do a test of the Meraki to ISE, it passes.
When I try to connect from my laptop, I look at the logs of the Radius and it passes; However, it does not connect me to good policy. I keep hitting the default policy. I have my Meraki police above the default policy in the strategy defined in article. I have attached what looks like my strategy game.
Devices does not really matter. Here is what I see when I create a device group (where you add the access point to this group), and then create the condition:
And here is where I create the condition of strategy game and you should be able to select the Meraki access points:
This will give you the condition similar to what I posted above. This is perhaps why you aren't hit that is not matching the condition for this game.
-
Group of endpoint Cisco ISE 1.4 hotspot
Patch 1.4 Cisco ISE 6
Cisco WLC 8.0.121
Setup
the WLC has a named Hotspot SSID. It uses mac auth with radius of the NAC to redirect to the Hotspot portal of reviews on the ISE.
drops flexconnect users in vlan 401 (with preAuthAcl), after the PSU, it is initially a COA to move users to VLANs 413 with permitInternetAcl
Description of the problem:
users connect to the SSID of the access point and get an IP address valid in vlan 401
redirected to the page of the hotspot on the ISE with a PSU and the PIN code request.
are they disconnect from the network and reconnect, the ISE sends a certificate of authenticity to move to 413 without the Hotspot portal.
what I've noticed, is that as soon as users get the redirect of the original Web page, they are moved to the endpoint group defined in the hotspot portal.
What I've read about this behavior makes me understand that it is a default behavior, but if that's the case then I'm not sure on how I can make my font to check if the PSU has been accepted.
Thank you
Maarten
Cisco WLC 8.2.100
Patch 1.4 ISE 6
Similar Hotspot ISE installation, of similar rules except change VLAN. I have observed the same behavior.
This configuration was working on patch 5.
Update:
I found a solution based on the following bug. Use the following attribute in the authorization rule. The success page remains but no Instant Internet access is available using this workaround solution.
https://Tools.Cisco.com/bugsearch/bug/CSCux22558/?referring_site=bugquic...
' Workaround:
"Use the LEAST 24 endpoints: LastAUPAcceptanceHours for example (means PUA agreed less than 24 hours ago). -
Cisco ISE comments Sponsor Isssue Portal
Hi all
We have insatalled 5 boxes of ise 3315 IOS 1.0.4 in our network where in two of them are admin node, two services strategy and has a node mnt. We using sponsor portal for guest user wirless comments where we integrated WLC 5508 with ise and using weblogin for guest users.
We have created open ssid wlc and external aid redirected url to ise for the login page of comments.
But when we create a guest in the sponsor for guest user connection, user that we faced after publication
(1) when guest user gets connected to WiFi and connect to the portal of comments with credentials after putting the credentials then his new redirect to the same login page
wihout invites successful connection.
Can us guest login successful after comments connect to the portal of reviews or redirect any other link as google.com for guest user will be done the knowledge he is able to access the internet now
(2) we have appointed time profile 8hours first user login guest. When the guest user gets connected while putting in credentials on the portal of comments.
But we are facing problem after about 20 mins enhanced disconnects Internet and comments again Gets the login page of the portal of the guest and if we put the same credentials, then his work but after about 20 min interval disconnected Internet user.
Can someone help me resolved on observation about covers them cisco ise comments sponsor Portal
Thank you & best regards
Pranav Gade
Pranav your answers are online,
(1) when guest user gets connected to WiFi and connect to the portal of comments with credentials after putting the credentials then his new redirect to the same login page
wihout invites successful connection. When you use CWA (Central web authentication) there is no way we can redirect users by using the redirect url because it will always redirect users for each time they start a web request. There is no other cost functionality that will remove this condition because they have already been authenticated. Here is a guide that explains the user experience when using web Central auth -
http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/user_guide/ise_guest_pol.html#wp1296954
Can us guest login successful after login guest Portal comments or redirect any other link as google.com for guest user will be acquainted with it is able to access the internet now This is not possible, you can change the verbage and force the AUP to be displayed to users informing them that they can start their web request after hitting the button I accept.
Here's to justify it experience, once users go through the process of reviews-
(2) we have appointed time profile 8hours first user login guest. When the guest user gets connected while putting in credentials on the portal of comments.
But we are facing problem after about 20 mins enhanced disconnects Internet and comments again Gets the login page of the portal of the guest and if we put the same credentials, then his work but after about 20 min interval disconnected Internet user. Check advance timer on your SSID you can be hitting the session on the WLC timeout. Please disable this option and let the functionality of COA ISE at expiration of the user on the controller sessions of.
Thank you
Tarik Admani
* Please note the useful messages *. -
I have Windows 7 in my laptop. I'm only using the same. Whenever I download any software I find that my control panel is changed and my destop settings is changed. All files stored on my destop are not visible, and a new destop is available. Whenever I have to restore my settings from the previous restore point. This uninstall installed software. How to prevent these changes in the parameters of the system during the installation of software.
How to keep all the settings permanently?
Its possible that you might be infected with a virus.
Start by downloading the free version of Malwarebytes, it will detect and remove most of the viruses.
http://www.Malwarebytes.org/products/malwarebytes_freeThere are also Norton Power Eraser
http://security.Symantec.com/nbrt/NPE.asp?lcid=1033
Note: Because the Norton Power Eraser uses aggressive methods to detect these threats,
There is a risk that it can select some legitimate programs for removal.
You should use this tool very carefully, and only after you have exhausted other options.Microsoft safety scanner
http://www.Microsoft.com/security/scanner/en-us/default.aspx
Note: The Microsoft Safety Scanner ends 10 days after being downloaded.
To restart a scan with the latest anti-malware definitions,
Download and run the Microsoft Safety Scanner again.J W Stuart: http://www.pagestart.com
-
Hello
How to remove multiple domain suffixes through ISE with AD user name used as an external identity Source. Username is used in [email protected] / * / format.
Cisco ISE 1.2 patch introduced 4 Strip prefix or suffix @domaine Kingdom of the username through ISE with AD used as external identity Source. But the documentation is not updated for this feature. I am able to band 1 domain successfully suffix but following conditions listed in the list of suffixes fails to get stripped.
Any thoughts on the same.
Thanks Kumar
In the ISE under Administration > identity management > external identity Sources
Choose the Active Directory on the left, select your ad server and Advanced settings
Under identity band of suffix, make sure prefixes band below: is selected (I know, it says prefix).
In the list of Suffixes box, enter your list of domain suffixes to undress. The separator character is a comma (,).
If this does not solve your problem, then I fear that a call to TAC may be in order.
UPDATE *.
Spaces are significant characters. The registration of domains, so as such:
@domain.com, @domain.local, @testdomain.com
END UPDATE *.
Please rate useful messages and mark this question as answered if, in fact, does that answer your question. Otherwise, feel free to post additional questions.
Charles Moreton
Post edited by: Charles Moreton
-
Different permission on Cisco ISE Mac address format
Dear all,
I have problem with my Cisco ISE,
It's design:
ISE - Core switch - 3Com - PC user
My case:
Authorization is based on Active Directory, and Mac address
The user with PC connecting to 3Com swtich Deny by ISE but is the Mac of the Format address is different with Cisco.
Cisco MAC address format: XX
3Com MAC address format: XXXX-XXXX-XXXX
3Com switch type is TRICOM 4210 26 - PORT.
Someone at - it experience with this? and how can change the mac address format in 3Com for user authorized by Cisco ISE.
Note:
Active Directory-based authorization is not problem with 3Com Switch.
From my experience, produces different is mac address of a different size, so this case not only for 3Com Switch.
Thank you
Arika Wahyono
Hello. Authentication using "work around the Mac address" is not a standard feature. The seller do differently. I do not think that this could work, but even if this is possible the solution will be not reliable because it is not standard basic.
Maybe you are looking for
-
When I download firefox and bring it up it flashes 5 or 6 times before going to the home page
get a file off several times to go to other locations on my desk, for example, my photo file. When I try to put firefox back up it flashes 5, 6, or even 7 times before moving my home page. It is of is there, but it is annoying and should not happen.
-
HP Envy 4500: Could not connect to connected HP - get 'Email or invalid password'
When I try to connect to connected HP, I get "Email and password invalid". The email and password I use works fine to Snapfish. I tried to change the password to Snapfish, hoping that would reset the password in HP connected, but I still get the sa
-
Hi all I have a compactDAQ with lots of modules. I want to know which modules with programming is pluging in my compactdaq. You have an idea about this? Thank you.
-
HelloI am currently working on my thesis and I would like to integrate LV of programming that I wrote. I can not include any digital medium with the thesis it is unfortunately out of the question. Is there a standard protocol to document my work ot
-
I have to press the f2 key to start windows xp
I have sr1212nx of office. He asks me every time press f2 to implement win.xp. I want to start. How?