Hi People,

My understanding is that SNAC is used for the Laptop typically to restrict the WLAN usage when the wired LAN is plugged in.

So what is the side effect to deploy SNAC companywide to both desktop and laptop ?

SNAC can be used for both laptop and desktop, it is not tied to laptops specifically. They're is no issue deploying to both.

You can use it for making sure clients have updated definitions before connecting to the network or they're fully patched.

Great article and using SEP and SNAC

https://www-secure.symantec.com/connect/articles/sep-and-snac-unbeatable-combination

Thanks Brian, because I'm not too sure what is the good use case scenario for implementing SNAC on the desktop PC.

Read

https://www-secure.symantec.com/connect/downloads/symantec-network-access-control-whitepaper

List of Scenarios on how the SNAC component behaves and how the SNAC components get enabled on the client.

http://www.symantec.com/business/support/index?page=content&id=TECH173814

Components of Symantec Endpoint Protection and Symantec Network Access Control

http://www.symantec.com/business/support/index?page=content&id=HOWTO27562

For example, if the machine's definitions are out of date, you can not allow it on the network until it is updated.

Hello,

Check this artical

What all can you do with Symantec Network Access Control?

https://www-secure.symantec.com/connect/articles/what-all-can-you-do-symantec-network-access-control

Edit ##

https://www-secure.symantec.com/connect/blogs/snac-related-implementation-guides-best-practices-troubleshooting-guides-and-knowledge-base-ar

Benifits OF SNAC

https://www-secure.symantec.com/connect/forums/what-are-extra-benifits-i-will-get-if-i-use-snac-sep#comment-2758861

I'd first challenge your impression of SNAC.  It is not there to restrict WiFi when a wired ethernet connection is used (you can accomplish this with just SEP's Location Awareness and FW policy alone).

SNAC is used to make sure that devices connectiing into your network meet your minimum security requirements.  These requirements can be based on patches, installed security software, age of installed defs, any many other factors.

Because it's there to help protect your general network (and by extention, everything connected to it), it's equally applicable to both workstations and laptops.  The only difference being that laptops are more likely to fail your requirements.

As far as side effects go, this depends entirely on what you configure as a "Host Integratiry Failed" action.

If there's no followup action set, then there's no side effects really.  SNAC will just report on which endpoints have failed what requirement.

If there is a remediation action (i.e.to install a patch/software if it is not already present), then it should be equally relevant for both workstations and laptops.

If you have configured blocking, then you will need to consider how this would affect your users (both workstations and laptops), and if the inconvenience to the workstation users outweighs the risk to your network.  If it does, then separate out the workstations from the laptops so they behave differently.

Hello,

Share One Of blog for SNAC releted

https://www-secure.symantec.com/connect/blogs/snac-related-implementation-guides-best-practices-troubleshooting-guides-and-knowledge-base-ar

Documentation such as Implementation Guides, Best Practices, Troubleshooting guides, and Knowledge Base Articles

http://www.symantec.com/business/support/index?pag...

Thanks all for the response,

I guess in this case, there is no adverse impact for deploying it to the workstations, the only thing that matter is the policy which governs the SNAC behaviour.

Yes John It's base On compliance issue but when you immplement SNAC policy you can first try test

Environment after implement your production Environment

One More Articals how to use SNAC in Virus Defination Compliance

SNAC Self Enforcement for Virus Definition Compliance

https://www-secure.symantec.com/connect/articles/snac-self-enforcement-virus-definition-compliance