Does anyone know if the credential phishing agent requires different\additional permissions to the base User agent?
I have installed with our 'standard' account and I get this in the logs:-
09/03/18 18:05:33:996 [ Info 2036]: ------------Service is being started------------
09/03/18 18:05:33:996 [ Info 2043]: Os version is 6.2.0.
09/03/18 18:05:33:996 [ Info 389]: Load debug log level Info.
09/03/18 18:05:33:996 [ Info 247]: Service version is 126.96.36.199.
09/03/18 18:05:33:996 [ Info 392]: Product version is 8.
09/03/18 18:05:33:996 [ Info 313]: Named pipe for UaService created.
09/03/18 18:05:34:028 [Error 716]: Unable to extract credentials.
09/03/18 18:05:39:028 [Error 716]: Unable to extract credentials.
It is also possible this is due to a security setting on the server itself I assume.
We did - I'm fairly sure we just had to run the Cred service as SYSTEM, not the Palo agent service account we assumed we needed to run both the PA agent and Cred agent with..
That said it is currently broken for us - I've not had time to check as we were only testing but I'm due to look this week as it turns out.
I could have sworn early on the install instructions said you needed a domain admin or at least something along the way domain admin was required, but that doesn't appear to be the case now.
For using "Domain Credential Filter" --
"Install the User-ID agent and the User Agent Credential service on an RODC using an account that has privileges to read Active Directory via LDAP (the User-ID agent also requires this privilege)."
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!