How to set up Lab Machines for use with MetaAccess NAC?

This article applies to the current MetaAccess NAC Enforcer and MetaAccess Web UI, as well as all Windows and MacOS systems running the latest MetaAccess NAC Policy Key.

User identity is of the utmost importance when using MetaAccess NAC in a lab environment, which is why the system provides streamlined solutions for both capturing and verifying the identities of both AD/LDAP users and guest users.

To facilitate optimal, secure processes when using MetaAccess NAC in a lab environment with a range of users, please follow the relevant best practice steps below.

Windows and macOS domain machines

  1. For these machines, a Policy Group should be created that includes the relevant domain attributes.
  • Navigate to your MetaAccess NAC Dashboard>Policies>Group.
  • Click the New button in the left-hand panel.
  • Fill out the necessary details, then click Apply and Use.
  1. Create a new authenticaiton policy for this group and set the Authentication Type to “Every session provided 0 hours have passed”
  1. Either the Policy Key must be pre-deployed to distinguish the lab machines from non-domain machines, or the ADConnector must be installed on all domain controllers.
  2. Users must log off the desktop at the end of every lab machine session.
  3. For guest users, a local machine account should be created that allows access to the desktop.
    • Once logged in, guest users will either need to complete a Self-Registration process, which can be configured via the MetaAccess NAC Dashboard>Configuration>Self-Enrollment Portals>Guest Self-Provisioning Setup, as shown below:

- Or they can log into MetaAccess NAC via a Sponsored Guest Account, or log into the network via the one-click Anonymous Access method. - A startup script can easily be added to the local machine account, that opens a web browser directly onto the appropriate MetaAccess NAC page.

All other devices

  1. If these devices are in a dedicated VLAN, the IP Range for that VLAN should be configured as the Qualifier for access.
  2. If these devices are not in a dedicated VLAN, a Policy Group that includes MAC addresses for the lab machines should be created.
  • Navigate to your MetaAccess NAC Dashboard>Policies>Group.
  • Click the New button in the left-hand panel.
  • Fill out the necessary details, then click Apply and Use.
  1. Create a new authenticaiton policy for this group and set the Authentication Type to “Every session provided 0 hours have passed”
  1. A link to the Logout Page will need to be placed on the desktop or home screen.
  2. Users will need to click the logout link and log out of MetaAccess NAC at the end of every lab machine session.
  3. Guest users will either need to complete a Self-Registration process, which can be configured via the MetaAccess NAC Dashboard>Configuration>Self-Enrollment Portals>Guest Self-Provisioning Setup, as shown below:
  1. Or they can log into MetaAccess NAC via a Sponsored Guest Account or log into the network via the one-click Anonymous Access method.

If you have followed the instructions above but have been unable to Set Up One Or More Lab Machines For MetaAccess NAC, please open a Support Case with the OPSWAT team via phone, online chat or form, or feel free to ask the community on our OPSWAT Expert Forum.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How To Set Up Replication to a Remote Database?
On This Page
How to set up Lab Machines for use with MetaAccess NAC?Windows and macOS domain machinesAll other devices