https://live.paloaltonetworks.com/t5/general-topics/ldap-rights-query/m-p/361306#M88168 <P>- Event Log Readers&nbsp; (The FW needs permission to read the Security Log on the DC, so when a user (fred, authenticates/logs onto his his computer with 172.16.1.55, and the DC authentication is successful, the UserID agent matches fred:172.16.155 and fwds to the FW.</P> <P>Now the FW knows that 172.16.1.55 = Fred.)</P> <P>&nbsp;</P> <P>- Server Operators&nbsp; (used for File/Print shares.&nbsp; As long as someone has a drive mapped or printer mapped, that share session is in use.&nbsp; The Server Operator confirms the user is still using/has permission to use.&nbsp; The IP of the user is captured.)</P> <P>&nbsp;</P> <P>Distributed COM Users&nbsp; - used for probing unknown IPs within the network.&nbsp; An employee bring laptop in sleep mode, into corporate network.&nbsp; He wakes up computer and then plugs in Ethernet cable.&nbsp; Did he authenticate yet?&nbsp; (NO), but he got a DHCP address.&nbsp; So WHO has this IP.&nbsp;&nbsp; probing IP allows the FW to ask the device "who are you" and the user comes back as "fred".&nbsp; Again, now the FW knows that 172.16.1.55 = Fred)<BR /><BR /></P> <P>&nbsp;</P> <P>Thank you.</P> Fri, 06 Nov 2020 13:32:52 GMT S.Cantwell 2020-11-06T13:32:52Z https://live.paloaltonetworks.com/t5/general-topics/ldap-rights-query/m-p/361268#M88165 <P>Hi Guys,</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>To create the service account in AD, which is utilized on the device. we know that below rights are needed.</SPAN><BR /><SPAN>- Distributed COM Users</SPAN><BR /><SPAN>- Event Log Readers</SPAN><BR /><SPAN>- Server Operators</SPAN></P><P>&nbsp;</P><P><SPAN>My query is why it necessary, what it's justification to be a part of this rights.</SPAN></P><P>&nbsp;</P><P><SPAN>In cisco asa it is not necessary that's why I am have this query.</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks in advance</SPAN></P> Fri, 06 Nov 2020 11:27:11 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-rights-query/m-p/361268#M88165 OsamaKhan 2020-11-06T11:27:11Z https://live.paloaltonetworks.com/t5/general-topics/ldap-rights-query/m-p/361306#M88168 <P>- Event Log Readers&nbsp; (The FW needs permission to read the Security Log on the DC, so when a user (fred, authenticates/logs onto his his computer with 172.16.1.55, and the DC authentication is successful, the UserID agent matches fred:172.16.155 and fwds to the FW.</P> <P>Now the FW knows that 172.16.1.55 = Fred.)</P> <P>&nbsp;</P> <P>- Server Operators&nbsp; (used for File/Print shares.&nbsp; As long as someone has a drive mapped or printer mapped, that share session is in use.&nbsp; The Server Operator confirms the user is still using/has permission to use.&nbsp; The IP of the user is captured.)</P> <P>&nbsp;</P> <P>Distributed COM Users&nbsp; - used for probing unknown IPs within the network.&nbsp; An employee bring laptop in sleep mode, into corporate network.&nbsp; He wakes up computer and then plugs in Ethernet cable.&nbsp; Did he authenticate yet?&nbsp; (NO), but he got a DHCP address.&nbsp; So WHO has this IP.&nbsp;&nbsp; probing IP allows the FW to ask the device "who are you" and the user comes back as "fred".&nbsp; Again, now the FW knows that 172.16.1.55 = Fred)<BR /><BR /></P> <P>&nbsp;</P> <P>Thank you.</P> Fri, 06 Nov 2020 13:32:52 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-rights-query/m-p/361306#M88168 S.Cantwell 2020-11-06T13:32:52Z