Yes, you could do a WMI scan on post registration that checks if a process is there or not.
You need a account that has administrative rights on the device that you check. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Feb 26, 2021, at 12:03 PM, NITISH AGGARWAL <[email protected]> wrote: > > But I can see security event triggered for SEPM provisioning on node. But the > problem is it actually not restricting access. > > Can I use wmi scan in my environment?? > > Thanks. > > On Fri, Feb 26, 2021, 22:31 Ludovic Zammit <[email protected] > <mailto:[email protected]>> wrote: > No DHCP, no provisioner. > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <https://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > >> On Feb 26, 2021, at 11:52 AM, NITISH AGGARWAL <[email protected] >> <mailto:[email protected]>> wrote: >> >> I donot have DHCP server installed, no provisioning for DHCP. It's all >> static ip. >> >> On Fri, Feb 26, 2021, 22:21 Ludovic Zammit <[email protected] >> <mailto:[email protected]>> wrote: >> Does PF receives DHCP ACK from the production DHCP server ? >> >> Did you install the DHCP sensor ? >> >> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_dhcp_sensor >> >> <https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_dhcp_sensor> >> >> Thanks, >> >> Ludovic Zammit >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <https://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >> >> >> >>> On Feb 26, 2021, at 11:44 AM, NITISH AGGARWAL <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> As such there is no restriction on when to check for provisioning although >>> I have selected option of checking after registration of device. >>> >>> On Fri, Feb 26, 2021, 22:11 Ludovic Zammit <[email protected] >>> <mailto:[email protected]>> wrote: >>> Provisioner workflow are triggered by DHCP traffic seen from the Production >>> or Registration networks. >>> >>> When do you want to check if Symantec is installed ? >>> >>> Thanks, >>> >>> Ludovic Zammit >>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <https://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>> >>> >>> >>>> On Feb 26, 2021, at 11:40 AM, NITISH AGGARWAL <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Yes....as I connects the device it went into registration vlan and then if >>>> it is in domain it gets authenticated and vlan changes as per switch. >>>> >>>> Dot1x is working fine...but problem is with Symantec. How to check if end >>>> device has Symantec client installed and working. >>>> >>>> On Fri, Feb 26, 2021, 22:07 Ludovic Zammit <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> Hello, >>>> >>>> Your devices that connect on PF are statically IP addressed? >>>> >>>> Thanks, >>>> >>>> Ludovic Zammit >>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>>> :: www.inverse.ca <https://www.inverse.ca/> >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>> <http://packetfence.org/>) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> On Feb 25, 2021, at 9:55 AM, NITISH AGGARWAL via PacketFence-users >>>>> <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have setup PacketFence zen as per guide. I can see dot1x authentication >>>>> working with MSCHAPv2 auth, so non domain users are not getting access, >>>>> which is required. I am using auto-registration in connection profile. >>>>> >>>>> Second, I have to check for Symantec in my endpoints. I have setup SEPM >>>>> provisioning as per document. During authentication, I can see security >>>>> event generated for provisioning on my node in PacketFence but my end >>>>> device got access to intranet no matter symantec installed on it or not. >>>>> >>>>> I have tried everything I could. I need some help in this case. I am >>>>> using static ips and cisco 2960. >>>>> >>>>> I need devices to be registered if they have both domain connected and >>>>> SEPM installed. >>>>> >>>>> Any help will be appreciated. Thanks in advance... >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> <mailto:[email protected]> >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
