We need to know the priviledge minimum to the user-id user to work with the WMI probes and it can't look the security log of DC.
The problem is that on the security log appears one user of application siteadvisor that is installed on every PC of domain.
Then, when we execute the Get All on User-Id Agent, the 90% of IP addresses are assigned to the same username, but if we execute the " wmic /node:remotecomputer computersystem get username" with administrator domain user command we obtain the correct user logged on the PC.
If you know any other solution a this problem, I'm opened to hear.
I would suggest that you ignore the siteadvisor user. You can do this by creating a file in the Pan Agent installation folder named:
In this file you would put one user per line for each user that you wish the Pan Agent to ignore. For example:
NOTE: do not prepend the domain name!
Once you have created this file you must re-start the Pan Agent service. The service only reads this file when it starts up.
I have this very same problem. But if I ignore the administrator user, then the administrator can never have permits to go to Internet.
What can I do in this case???
You can create a new AD account that has the relevant rights and ignore this system account. Or you could enable captive portal for unknown users.
Thanks for the answer :-)
Anyway, how is it possible that we get the same user on so many IPs? Shouldn´t this be fixed already?
You should add the USER-ID account to the "Remote Desktop Users"
From Microsoft Documentation
Connecting to WMI remotely requires that you first configure the Windows Firewall on the server to allow this. Incorrect Windows Firewall settings are usually identified by receiving the "RPC Server Unavailable" error message when trying to remotely connect to the VisualSVN Server using the management console.
Windows Firewall configuration should be done locally on the server by the user with administrator rights. While Windows Firewall can be configured via the Control Panel, you may find it easier to use the the netsh utility at the command prompt. Appropriate command lines are as follows:
Note that in a non-domain environment, granted permissions can be filtered-down by User Account Control (UAC) (set it to 1)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!