10-03-2013 07:54 AM
User-ID agent version 5.0.6-6 seems to collect non-domain user to ip mappings.
In fact this is a laptop that is a member of our domain, but I'm logging on with a local administrator. User-ID agent collects it and maps the ip to "hostname\administrator" (as opposed to normal mappings "domainname\username"). User-ID debug logs show it being collected because of the computer account ( DOMAINNAME\hostname$ ) logged on to the domain.
As expected, the user is denied access to websites (Application block page), because he doesn't belong to the allowed AD groups. The user is not even given a CP.
In version 3.1.2 this does not occur and you can actually limit it from collecting those:
I can't find any of these in the new agent...
Most annoying, what can I do to change this behaviour ?
10-07-2013 02:28 AM
Yes, WMI probing. Would that be te reason a non-domain user is mapped ?
Then how can I prevent non-domain users from being collected ?
10-07-2013 03:44 AM
Can you try if issue is resolved when probing is off
10-07-2013 03:57 AM
Just tried what you suggested: with client probing disabled, no ip mapping is done.
Is there a way I can filter out WMI probing for non-domain users, but keep it for our domain users ? We need probing because we have some turnaround...
10-07-2013 07:50 AM
Are the mappings (hostname/username) done for a single subnet or just a group of ip-addresses ? Depending on the ips you can use include/exclude list or ignore list.
While using include exclude list you need mention the subnet's who mapping info you need and those you don't.
If its random but same ips you can use the ignore list, which can configured the following way.
10-07-2013 08:02 AM
We are talking about the same subnet as our domain: as described these laptops are in fact domain members. But on some we use local users.
So there is no way I can filter out certain IP's, because then I probably would not have user id for domain users who log on.
The other suggestion is not too good as well:
If I ignore user "administrator", it would also ignore my domain administrator. Idem for local users who are equal to domain users.
Using the netbios\username notation, it would be quite a hassle to administer.
I really wonder why the implementation is so very different with the new agent version in comparison with the old.
Edit:
In 3.1.2 in the config.xml you have a value like
<domain>mydomain.local</domain>
There's no such value in 5.0.6-6 UserIDAgentConfig.xml. Or is it just not documented ??
10-07-2013 08:17 AM
The hostname is unique to each device so you can use a ignore list, the administrator name may be the same but, the domain the user name is in are different.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
