Technical Note: Host with disabled logged on user not moved to dead end
Description
When a logged on user is disabled in Active Directory and a sync is completed, isolation of the host does not occur. The host the user is logged onto is not moved to the Isolation network until the user logs out of the host and logs back in.
Impacts hosts that are registered as a device with a disabled logged on user.
Scope
Version: 8.x, 9.1
Solution
Workaround: Create a network access policy to assign the Isolation vlan when a user is disabled. Host will be re-evaluated and moved according to the policy on the next L2 polling interval
Solution: To be addressed in a future release.
When a logged on user is disabled in Active Directory and a sync is completed, isolation of the host does not occur. The host the user is logged onto is not moved to the Isolation network until the user logs out of the host and logs back in.
Impacts hosts that are registered as a device with a disabled logged on user.
Scope
Version: 8.x, 9.1
Solution
Workaround: Create a network access policy to assign the Isolation vlan when a user is disabled. Host will be re-evaluated and moved according to the policy on the next L2 polling interval
Solution: To be addressed in a future release.
ID 0676232