11-14-2025 12:09 AM - edited 11-14-2025 12:50 AM
Following the update to PanOS 11.2.10, a new user account will automatically be created on Panorama and the gateways:
__telemetryuser
I could not find any information about this user. What is this user used for?
11-17-2025 08:41 AM
I can just say that nothing has broken (noticeably) from removing this across a couple dozen devices. It's possible that it is preventing the collection of some new telemetry information, but it's removal hasn't caused any impact or alerting from the device itself.
02-06-2026 11:09 AM
The user is related to the Telemetry service found in Device - Setup - Telemetry.
However, in our experience, while the Telemetry service is disabled, but in moving from 11.1.10-h10 to 11.1.10-h12 this user was automatically created. We have verified that Telemetry is still disabled. As we have very rigid controls and don't allow undocumented/unneeded accounts to exist, we have deleted this account with no consequences.
11-16-2025 10:38 PM
hello @HeinzP
users starting with the underscores are usually system accounts.
From the name, it is the user account used for the device telemetry.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
11-17-2025 08:07 AM
I either did not receive this new user in my own upgrades to 11.2.10 or I was allowed to remove it by loading a configuration file that doesn't include this user. Since I manage my devices programmatically I'm actually not positive if I just didn't get this user, or I was allowed to remove it and it isn't strictly required. Can you try just removing the user?
11-17-2025 08:38 AM - edited 11-17-2025 08:42 AM
I can confirm that it is possible to delete this user on the the panorama-server and on the gateways.
However, I still have no idea what this user was created for during the upgrade, or what might break if I remove it.
11-17-2025 08:41 AM
I can just say that nothing has broken (noticeably) from removing this across a couple dozen devices. It's possible that it is preventing the collection of some new telemetry information, but it's removal hasn't caused any impact or alerting from the device itself.
02-06-2026 11:09 AM
The user is related to the Telemetry service found in Device - Setup - Telemetry.
However, in our experience, while the Telemetry service is disabled, but in moving from 11.1.10-h10 to 11.1.10-h12 this user was automatically created. We have verified that Telemetry is still disabled. As we have very rigid controls and don't allow undocumented/unneeded accounts to exist, we have deleted this account with no consequences.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
