user-id user on servers

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
RobinClayton
L4 Transporter

user-id user on servers

How do I stop users who are working on servers from apearing in the logs as matched user-id users?

 

Rob

MickBall
L7 Applicator

Best way for me was to only allow server admin via a server admin account. Then add them to the user ignore list.

 

BPry
Cyber Elite

@RobinClayton,

I didn't go quite as far as @MickBall; but I did give everyone a seperate 'server-admin' account so that I could ignore just those users with the user ignore list. 

RobinClayton
L4 Transporter

Ahh right, had not spotted the ignore list.

 

Guess it will be good for 99% of what we do.

 

Rob

 

 

OtakarKlier
Cyber Elite

Hello,

What we did, it was unintentional but would work in this case, was to only look at Exchange logs. Since our admin accounts dont have email accounts and we dont allow outlook on servers, we dont see user-id's on servers since moving away from active-directory lookups.

 

Just a thought.

vsys_remo
Cyber Elite

... or you simply exclude the servernetworks from user-id. This way these users still show up in the logs when they work from a computer in a clientnetwork.

MickBall
L7 Applicator

Hmmm so what is the other 1%......

ce1028
L3 Networker

why wouldn't you want to see the admin accounts in the logs? Wouldn't you want to know what they're doing?

MickBall
L7 Applicator

Thats a valid point @ce1028 but we never allow our servers to connect to tinternet.

as soon as a valid user is associated with the server it goes off and does all manner of things..

We could have achieved this via security policy but ignoring users works for us, not everybodys cup of tea...

 

others may haVe different reasons.

RobinClayton
L4 Transporter

We have servers that get DNS (this is required to make the world work)

We have servers that connect to SMTP ( e-mail seems to be a requirement of modern living)

Servers that transfer business related files ( SFTP, FTPS, ETC...)

 

All these run as service accounts, they don't generate a USER-ID...

 

As soon as an admin logs in, they become the associated user of this "server" traffic. Anythign they may really be initiatin gets lost. So it's a bit pointless.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!