active directory lgon session timeout

Reply
u3974
Not applicable

active directory lgon session timeout

hi,

i have two questions i just need a clarification about them :

  • 1-      When using active directory for integration, if a user logged out from a pc does the session disconnect immediately or it takes time to       disconnect completely ?
  • 2-    If a user logged in locally as administrator would paloalto consider him logged as domain admin ?

BR


Accepted Solutions
James
L4 Transporter

Hi There,

1.  We do not take any action on a logoff.  Microsoft also does not have reliable logs for such an event - hence, we do not read them

2. A locally logged on user, not logged into the domain, will be seen as "Unknown" regardless of the account they log in with

WMI/NetBIOS polling can help also to identify whom is logged into a PC.

Locally logged in users could be identified if you wanted to use Captive Portal - if they did not want/need/able to log into the domain.

Thanks

James

View solution in original post


All Replies
James
L4 Transporter

Hi There,

1.  We do not take any action on a logoff.  Microsoft also does not have reliable logs for such an event - hence, we do not read them

2. A locally logged on user, not logged into the domain, will be seen as "Unknown" regardless of the account they log in with

WMI/NetBIOS polling can help also to identify whom is logged into a PC.

Locally logged in users could be identified if you wanted to use Captive Portal - if they did not want/need/able to log into the domain.

Thanks

James

View solution in original post

u3974
Not applicable

regarding question 1 here is the scenario :

my customer is having X utm appliance which is linked with AD for user authentication the issue he is having that once an allowed user logs in and browse the internet when he logs off and another user logs in ( which is not allowed to browse ) he still can have internet access and the reason is the X appliance still did not logof the previous user session, so my customer want to make sure that the same think wont happen with paloalto appliance, and thats why i need to technical information about it to pass it .

James
L4 Transporter

The second user logging in will generate a new logon event in the AD server - this will be picked up by our PAN Agent (By default within a second) and all new traffic attributed and controlled as per the new user.

If the new user logs in with a local account, then they will bee seen as the previous user - this is where end station polling is required

Thanks

James

ChrisRead
L1 Bithead

Is this still the case under v.5?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!