This article provides an overview of how to enable User Awareness with AD query.
User Awareness lets you easily identify the end-users in your network. In addition, use the Analytics features to show traffic and events according to the AD first and last name, host name and IP address.
For more information about how to provision users with LDAP, see Provisioning Users with LDAP.
Changes that are made in the AD, are with automatically synced with the Cato Management Application (at 12:00 am UTC daily), or on demand by the administrator.
This section describes the end-to-end workflow to configure the Windows server to allow the PoPs to integrate for User Awareness with AD query.
-
Prepare the Windows Server for Cato Directory Services and User Awareness. See Configuring the Windows Server for Directory Services.
-
Create a dedicated AD user that belongs to Distributed COM Users and Event Log Readers groups. The PoPs use this user to connect to the AD server.
-
Configure these Windows settings for Directory Services:
-
Windows services
-
DCOM settings
-
COM security permissions
-
-
(For User Awareness) Configure the WMI settings to allow the PoPs to query the user login events:
-
Configure the server to allow remote connections using WMI. (See the Microsoft documentation, Securing a Remote WMI Connection).
-
Configure the WMI user access settings.
-
Configure the WMI Controller registry permissions.
-
Configure the Windows firewall to allow DCOM communications.
-
-
-
Configure the Directory Service settings in the Cato Management Application. See Provisioning Users with LDAP.
-
Add the AD domain to the Directory Services for the account.
-
Add the Domain Controllers.
-
Define the AD groups that are synchronized, and the sync settings.
-
-
Configure the User Awareness settings in the Cato Management Application. See the User Awareness articles .
-
User Awareness with an AD server:
-
Add the AD domain to User Awareness.
-
Add the Real Time Sync Domain Controllers.
-
Define the AD groups that are participating in User Awareness.
-
-
User Awareness with the Cato Identity Agent:
-
Enable User Awareness Identity Agent for your account.
-
Install the Cato Client on the devices where you're identifying the users.
-
-
To collect EventLog information for User Awareness using WMI, you can provide a user with limited access in your Active Directory and then add this user to Real Time Domain controllers.
In you Active Directory create a user with limited access.
To provide limited access to a user:
-
In your Active Directory, add the user to these groups:
-
Distributed COM Users
-
Event Log Readers
-
Server Operators
In Windows 2003, the service account must be given the “Audit and manage security log” user right through a group policy.
-
-
In the Command Prompt, run the following command to open the WMI console:
wmimgmt.msc
-
Right click on WMI Control (Local) and select Properties.
The WMI Control (Local) Properties dialog box opens.
-
On the Security tab, select the CIMV2 folder and click Security.
The Security for Root\CIMV2 dialog box opens.
-
Click Add and select the user that you are providing limited access to.
-
Check the Allow check box for Enable Account and Remote Enable.
-
Click Apply then OK.
-
Repeat steps 2-7 for every Domain Controller used as a Real Time Domain Controller.
Add the user to the Real Time Domain Controllers. For more information, see Adding User Awareness to Directory Services.
There are specific email notifications and events for Directory Services and User Awareness.
You can configure the Cato Management Application to send email notifications for Directory Service sync actions and connectivity status with the DC:
-
Syncing with the AD - success, failure, manual, or automatic
-
Connectivity failure with the DC - there is a connectivity issue between the Cato Management Application and the DC, and most likely impacts User Awareness
For more about configuring alerts, see Account Level Alerts and System Notifications.
The Event Discovery window shows all the Directory Services and User Awareness events for your account. You can learn more about using Event Discovery here.
0 comments
Article is closed for comments.