In our company we have two internet browsing profiles.
Users who belong to the AD Domain users have limited access to internet and users AD group belongs to UsuariosInternet can access anywhere.
My AD user is canopr and I have internet access from my PC (10.5.1.149), when I log on to a server by remote desktop (mstsc) and I identify with the user oalgt\ explotacio, stopped internet access. The userID the user agent learns that identified on the IP 10.5.1.149 is explotacio. This performance understand that is wrong. Is there any way around it?
The problem you're having (user explotacion getting mapped to your local ip address) is perfectly clear. And like I said before: This is excpected behaviour because a logon event is logged. And no, we are not talking about the fact that user explotacio is logging on to the server, we are talking about "a" Windows logon event.
Check the security log in event viewer: you'll find thousands of logon events, that have nothing to do with a user logging on (entering username/password) to a computer.
The security log on a DC is the source PaloAlto uses to collect these events, since they contain the user and an ip....
After having logged on to the server, almost any action you do locally (like browsing in Windows Explorer, opening an application) will trigger a logon event that should eventually be picked up by UserID. On the conditions that you are in fact in a domein environment (the logon event is checked by the DC) and UserID interval is short enough.
I dont know why it should affect me in my local machine that I connect to other pc with other user by RDP and when i close this session i dont recuperate my privileges. In the moment that i connect to another machine via RDP with any user i get the privileges of this user in my local machine....... this is a weird behaviour....
Please understand that this actually has nothing to do with the RDP session.
This is standard Windows behaviour in a Windows domain: Your DC is the only "authority" that determines whether or not you have access to a resource. This is the logon even I'm talking about.
Nothing you do in PaloAlto config wil change that behaviour. All PA does is read that info.
This behavior is expected, UserID does ip-user-mapping based off of the Windows Security logs and when a user RDP's to a machine, Windows logs the security event based on the IP of the PC that initiated the RDP.
The only workaround for this to add the username: oalgt\ explotacio in the ignore users list. This is not an issue with the firewall or the agent.
Hope that helps,
Depends on how they log on.
Does the user have full access permission to the 2nd mailbox ? If so, you can make everything work with the same credentials.
Or does the 2nd mailbox actually require logging on to it ? If so, you again have a logon event that will be picked up by UserID.
In a AD environment, using different logins to different resources, is not really best practice for me. Give a user one account and make sure he can access whatever resource he needs with that account. You shouln't bother your users with several logins.
Obviously this doesn't apply to users who do administrative tasks, where the admin account should be strictly separate from their everyday user account.
I hope you get it sorted out...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!