Sapphire Agent is not getting installed over WIFI but getting installed over LAN through AD GPO

Engineers might face issue in a customer environment where Sapphire Agent pushed through AD Group policy is getting installed over LAN connection but does not connect over WIFI.

Situation : Since a sapphire agent is installed through a Start up script we need to ensure that the user machine has internet or intranet connected while user laptop is booting up. In certain customer environment a user authentication application stops this connection from being established until the user is validated through the domain. Once such application is Cisco ISE. When a user is trying to connect to company’s intranet - Cisco polices the authentication by issuing a token through Cisco ISE servers. Once the token is received the user is allowed to operate other applications using the company network. This token is valid for 48 hours. However this process, restricts access to the network until the token authentication is complete. If a Sapphire script is waiting to be run on startup the script is restricted access to the network by Cisco ISE.

Solution: Have the customer enforce a policy to temporarily disable Cisco ISE until the Agent installation is completed on all user machines.


There is another way to achieve the agent installation using Group policy scheduled task in specific time window( when user generally logs in) which can install the agent post you login to the system.

Thanks Sir, we shall try this in the next roll out for a different entity