topic UserID - possible to identify AD computer name in General Topics https://live.paloaltonetworks.com/t5/general-topics/userid-possible-to-identify-ad-computer-name/m-p/32374#M23728 <HTML><HEAD></HEAD><BODY><P>I have firmware version 4.1.1 and use the appropriate User-ID program for this firmware. I undretand how it all works for Active Directory user accounts, but what I want to know is can it be used to scan AD containers that only contain computer names, which I can then use in my security policies?</P><P></P><P>I am trying to block certain apps for specific AD computers (not users), which are all members of an AD security group and apply a security policy based on the AD group.&nbsp; The only other way I can think of is by setting up many address objects and throwing them all into an address group, but any users on DHCP may change IP address, rendering this solution useless.</P><P></P><P>Is this something for DEV?</P></BODY></HTML> Thu, 19 Jan 2012 04:43:14 GMT ReadingEnt 2012-01-19T04:43:14Z UserID - possible to identify AD computer name https://live.paloaltonetworks.com/t5/general-topics/userid-possible-to-identify-ad-computer-name/m-p/32374#M23728 <HTML><HEAD></HEAD><BODY><P>I have firmware version 4.1.1 and use the appropriate User-ID program for this firmware. I undretand how it all works for Active Directory user accounts, but what I want to know is can it be used to scan AD containers that only contain computer names, which I can then use in my security policies?</P><P></P><P>I am trying to block certain apps for specific AD computers (not users), which are all members of an AD security group and apply a security policy based on the AD group.&nbsp; The only other way I can think of is by setting up many address objects and throwing them all into an address group, but any users on DHCP may change IP address, rendering this solution useless.</P><P></P><P>Is this something for DEV?</P></BODY></HTML> Thu, 19 Jan 2012 04:43:14 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-possible-to-identify-ad-computer-name/m-p/32374#M23728 ReadingEnt 2012-01-19T04:43:14Z Re: UserID - possible to identify AD computer name https://live.paloaltonetworks.com/t5/general-topics/userid-possible-to-identify-ad-computer-name/m-p/32375#M23729 <HTML><HEAD></HEAD><BODY><P>I'd say - look at Global Protect if you want a packaged product. If you have the skills/time you could use the API to push computer names and IP in to the PAN. Would require some development time on your end though.</P></BODY></HTML> Thu, 19 Jan 2012 08:26:16 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-possible-to-identify-ad-computer-name/m-p/32375#M23729 rapoint_person 2012-01-19T08:26:16Z