11-25-2010 03:33 AM
hi,
i have two questions i just need a clarification about them :
BR
11-25-2010 03:55 AM
Hi There,
1. We do not take any action on a logoff. Microsoft also does not have reliable logs for such an event - hence, we do not read them
2. A locally logged on user, not logged into the domain, will be seen as "Unknown" regardless of the account they log in with
WMI/NetBIOS polling can help also to identify whom is logged into a PC.
Locally logged in users could be identified if you wanted to use Captive Portal - if they did not want/need/able to log into the domain.
Thanks
James
11-25-2010 03:55 AM
Hi There,
1. We do not take any action on a logoff. Microsoft also does not have reliable logs for such an event - hence, we do not read them
2. A locally logged on user, not logged into the domain, will be seen as "Unknown" regardless of the account they log in with
WMI/NetBIOS polling can help also to identify whom is logged into a PC.
Locally logged in users could be identified if you wanted to use Captive Portal - if they did not want/need/able to log into the domain.
Thanks
James
11-25-2010 04:32 AM
regarding question 1 here is the scenario :
my customer is having X utm appliance which is linked with AD for user authentication the issue he is having that once an allowed user logs in and browse the internet when he logs off and another user logs in ( which is not allowed to browse ) he still can have internet access and the reason is the X appliance still did not logof the previous user session, so my customer want to make sure that the same think wont happen with paloalto appliance, and thats why i need to technical information about it to pass it .
11-25-2010 04:37 AM
The second user logging in will generate a new logon event in the AD server - this will be picked up by our PAN Agent (By default within a second) and all new traffic attributed and controlled as per the new user.
If the new user logs in with a local account, then they will bee seen as the previous user - this is where end station polling is required
Thanks
James
03-14-2013 10:05 AM
Is this still the case under v.5?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
