topic Re: User ID agent user-IP mapping refresh evets in General Topics

User ID agent user-IP mapping refresh evets

faizankhurshid — Mon, 26 Mar 2018 11:39:05 GMT

Hi Experts

As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then:

1- How user-IP mapping can be maintained by user-ID agent? This means user has to logout and login again after every 45 minutes? Can I increase this to 10 hours to cover the office timing?

2- At the end of day, user normally lock the machine (instead of logout) and in next morning he unlock and login to machine. Will this generate the authentication event in AD and refresh the user-IP mapping in user-ID agent?

3- What if user even does not lock the machine and there is no auto-lock policy then next monring there will be no user-IP mapping in agent. Then user has to logout and login again?

4- What if there is 'cache domain login policy' then there will be no authentication event in AD and agent does not have any clue. What I can do in this scenario?

Re: User ID agent user-IP mapping refresh evets

Mick_Ball — Mon, 26 Mar 2018 15:07:34 GMT

1. you can set this to 24 hours if you like... preference seems to be 4 to 8 hours but it's up to you.

2. yes windows lock and unlock triggers an event in AD providing the device is on the DC network.

3 + 4. what do your users do all day... if nothing then you dont need user-id mapping.. if you need the user mapping for firewall access then add captive portal with sso.

Re: User ID agent user-IP mapping refresh evets

OtakarKlier — Mon, 26 Mar 2018 21:55:41 GMT

Hello,

If you use Exchange, I recommend using its logs as well. Outlook clinets are always authenticating against it. This way the rest of the points dont really need to happen and its quicker to update, if users move around.

Hope that helps.

Re: User ID agent user-IP mapping refresh evets

faizankhurshid — Tue, 27 Mar 2018 06:11:55 GMT

@Mick_Ball Thanks for your explianation.

In point 3, what I mean lets say the cache time on agent is 8 hours. So in the morning user login to DC and firewall gets the user-ip mapping from agent and user is good. In evening, the user did not lock his machine and left. In the next morning, oviously user-agent does not have mapping (due to 8 hours passed) and usesr did not login because he left his pc unlock.

In this case, your solution is capative portal?

If I use exchange logs also with agent as @OtakarKlier mentioned then it wills solve the issue?

Re: User ID agent user-IP mapping refresh evets

Mick_Ball — Tue, 27 Mar 2018 12:42:57 GMT

Ok for point 3. A user can leave his device overnight and it will not auto lock.

perhaps a data protection training video is required here....

yes if your timeout is 8 hours and the user has no domain activity overnight then it will timeout.

i would go for @OtakarKlier suggestion before captive portal. Several other forum users have opted for this as a solution for user mapping.

do you have any particular reason for no auto lock after inactivity...

Re: User ID agent user-IP mapping refresh evets

faizankhurshid — Tue, 27 Mar 2018 21:00:42 GMT

@Mick_Ball Thanks. Actually there is auto-lock policy in place, I just want to understand the concept if there is no domain activity then what we can do.