cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

Agentless User-ID agent permissions

L1 Bithead

We are attempting to use the agentless User-ID setup with the understanding that the service account needed to be a member of the following AD groups: Distributed COM Users, Event Log Readers, and Server Operators. However, after reading the following Palo Alto documentation on how to create the service account it seems that there is some conflicting information. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/user-id/map-ip-addresses-to-users/create-.... It states that the Server Operator privilege is "Not Recommended" do to security concerns.

 

Also, for the DCOM privileges and Event Log Reader setup the document starts each piece with "If you want to". Does that mean you can setup User-ID with any of the 3 AD privileges but not necessarily all of them?

 

"If you want to use Server Monitoring to identify users, add the service account to the Event Log Reader builtin group to allow the service account to read the security log events."

"If you want to use WMI to collect user data, assign DCOM privileges to the service account so that it can use WMI queries on monitored servers."

Who Me Too'd this topic