User ID agent user-IP mapping refresh evets

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User ID agent user-IP mapping refresh evets

L3 Networker

Hi Experts

 

As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then:

 

1- How user-IP mapping can be maintained by user-ID agent? This means user has to logout and login again after every 45 minutes? Can I increase this to 10 hours to cover the office timing?

2- At the end of day, user normally lock the machine (instead of logout) and in next morning he unlock and login to machine. Will this generate the authentication event in AD and refresh the user-IP mapping in user-ID agent?

3- What if user even does not lock the machine and there is no auto-lock policy then next monring there will be no user-IP mapping in agent. Then user has to logout and login again?

4- What if there is 'cache domain login policy' then there will be no authentication event in AD and agent does not have any clue. What I can do in this scenario?

1 accepted solution

Accepted Solutions

L7 Applicator

1. you can set this to 24 hours if you like...  preference seems to be 4 to 8 hours but it's up to you.

 

2. yes windows lock and unlock triggers an event in AD providing the device is on the DC network.

 

3 + 4. what do your users do all day... if nothing then you dont need user-id mapping..  if you need the user mapping for firewall access then add captive portal with sso.

View solution in original post

5 REPLIES 5

L7 Applicator

1. you can set this to 24 hours if you like...  preference seems to be 4 to 8 hours but it's up to you.

 

2. yes windows lock and unlock triggers an event in AD providing the device is on the DC network.

 

3 + 4. what do your users do all day... if nothing then you dont need user-id mapping..  if you need the user mapping for firewall access then add captive portal with sso.

Cyber Elite
Cyber Elite

Hello,

If you use Exchange, I recommend using its logs as well. Outlook clinets are always authenticating against it. This way the rest of the points dont really need to happen and its quicker to update, if users move around.

 

Hope that helps.

@Mick_Ball Thanks for your explianation. 

 

In point 3, what I mean lets say the cache time on agent is 8 hours. So in the morning user login to DC and firewall gets the user-ip mapping from agent and user is good. In evening, the user did not lock his machine and left. In the next morning, oviously user-agent does not have mapping (due to 8 hours passed) and usesr did  not login because he left his pc unlock. 

 

In this case, your solution is capative portal?

If I use exchange logs also with agent as  @OtakarKlier mentioned then it wills solve the issue?

Ok for point 3. A user can leave his device overnight and it will not auto lock.

perhaps a data protection training video is required here....

 

yes if your timeout is 8 hours and the user has no domain activity overnight then it will timeout.

 

i would go for @OtakarKlier suggestion before captive portal. Several other forum users have opted for this as a solution for user mapping.

 

do you have any particular reason for no auto lock after inactivity... 

@Mick_Ball Thanks. Actually there is auto-lock policy in place, I just want to understand the concept if there is no domain activity then what we can do. 

  • 1 accepted solution
  • 3638 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!