- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-26-2018 09:06 PM
Howdy,
Sorry if this has been asked thousands of times, but I cannot seem to locate something quite similiar.
We have noticed recently, that some users are logging in with a local computer account and then obviously being able to browse the internet falling into a catch all rule for 'Known Users' which is required.
It was suggested, as an option that we try to not learn them as 'known Users' etc. However, I am not sure how we would handle that in our case.
The problem is that the workstation name is not constant like if the user were coming in with their domain\username, so the users are appearing as below in the user mapping tables:
User: mn2343234\administrator
User: mn12345\administrator
User: mn56789\administrator
etc etc
So if I am reading things correctly the only way to stop this access is that we would need to somehow make that text file the agent uses on the server dynamic and populate it with computer name/username items one per line, then restart the agent to apply the settings? Is there another easier way to ignore these users?
06-27-2018 01:39 AM
If the users are being learned, you have probing enabled: when an unknown IP connects to the firewall, the firewall will ask the UserID agent for information. if it does not havbe a mapping and probing is enabled, it will then probe the IP and detect the local account
Probing has pro's and cons: it will also periodically probe existing mappings and if a user has logged out or moved to a new ip (wifi roaming), the no-longer-active session/unused ip will be cleared from mapping. This helps prevent other iusers swooping in and abusing the previous user's mappings access
so the best option is to simply exclude the admin accounts from being registered, through the ignore_user_list.txt
06-27-2018 10:12 AM
Hello,
One option would be to use user-id in your allow internet browsing policy. Then anyone who is not a 'domain user' would not be able to browse the internet. In the past I used the group 'Domain User' if anything fell outside of it it would fall int oa more stringent policy.
Hope it helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!