This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User-ID Agent & Desktop PowerManagment

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User-ID Agent & Desktop PowerManagment

michaelsitler
L0 Member

‎08-05-2013 12:24 PM

We have User-ID agent setup and running, Where it polls the machines every 20 minutes, to track the users.

Since we are now trying to implement Power management on the Desktop. It appears that the USER-ID agent system is waking the machines up. Has anyone else run into this problem? And if so what solutions have you found?

So far these are the solutions we've come up with.

  1. Stop using the User-ID Agent system at least the clientless one we are using now, and I think there's an agent version?
  2. Is there a way to throttle/limit it's use to say between only 9am-5pm?
  3. We could also increase the polling to every hour or more, but it'd still wake the machines up, and it'd loose the usefulness of probing at all much past an hour.
  4. We could also configure the machines only to wake on MagicPacket, but since a good deal of the end users RDP to their desktops, that won't work without additional software on their home machines as well as configuring, etc.. (it's not practical)

Any ideas?

Labels:
0 Likes Likes
4 REPLIES 4

panos
L6 Presenter

‎08-05-2013 11:51 PM

Try to start with first solution.

you use agentless system ?

0 Likes Likes

VinceM
L5 Sessionator

‎08-06-2013 03:07 AM

Hi,

The issue should come from wmi probing. Maybe move to Netbios probing ?

V.

0 Likes Likes

michaelsitler
L0 Member
In response to VinceM

‎08-06-2013 07:41 AM

I tried just using netbios probing, still wakes the machines up.

So at the moment I've turned off the netbios probing as well as we haven't fully implemented the palo alto yet.

So if I understand this correctly the user-id agent will still sort through the AD logs and figure out who's logging in, but I'm guessing it won't be as good as probing?

Is there an agent we could install on the desktops? ( I heard there used to be one)

0 Likes Likes

Chatri
L3 Networker

‎08-06-2013 08:00 AM

Have you tried disabling all sorts of probes and enable 'server session read'  ?

That way the PCs will directly not be probed but the DC's server logs will be checked for open socket sessions any domain PCs has ( log on and log off will be seen).

So . essentially we should still be able to dynamically monitor the user to IP enumeration without probing the PCs directly.

0 Likes Likes
  • 2348 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks