User id installation and configuration
AlbertoRivai
14,896 views
25 slides
Nov 09, 2013
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
A quick documentation on how to install and configure User-ID in Palo Alto Networks firewall
Slide Content
The “almost” complete guide of User-ID
installation and configuration
Alberto Rivai
installation and configuration
Alberto Rivai
Contents
1. IP – User Mapping ........................................................................................................................... 3
a. IP - User Mapping ( with UID Agent ) .......................................................................................... 3
Create service account, configure account permission and install UID agent ............................... 3
Configure User-ID agent in the firewall .......................................................................................... 7
b. IP – User Mapping ( Agentless ) .................................................................................................. 8
Create service account and configure account permission ............................................................ 8
Configure UID in the firewall ......................................................................................................... 10
2. User enumeration ......................................................................................................................... 13
3. IP – User Mapping through User-ID API ............................................................................................ 15
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration ................................................ 15
Lab Diagram .................................................................................................................................. 16
Installation .................................................................................................................................... 16
UIDConfig.xml variables description ............................................................................................. 24
3.2 User-ID agentless API, Microsoft NPS, Microsoft DHCP integration .................................... 24
1. IP – User Mapping ........................................................................................................................... 3
a. IP - User Mapping ( with UID Agent ) .......................................................................................... 3
Create service account, configure account permission and install UID agent ............................... 3
Configure User-ID agent in the firewall .......................................................................................... 7
b. IP – User Mapping ( Agentless ) .................................................................................................. 8
Create service account and configure account permission ............................................................ 8
Configure UID in the firewall ......................................................................................................... 10
2. User enumeration ......................................................................................................................... 13
3. IP – User Mapping through User-ID API ............................................................................................ 15
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration ................................................ 15
Lab Diagram .................................................................................................................................. 16
Installation .................................................................................................................................... 16
UIDConfig.xml variables description ............................................................................................. 24
3.2 User-ID agentless API, Microsoft NPS, Microsoft DHCP integration .................................... 24
User Identification in PAN-OS 4.1 encompasses two primary functions:
· Mapping of those users to their current IP addresses
· Enumeration of users and their associated group membership.
1. IP – User Mapping
a. IP - User Mapping ( with UID Agent )
The first section is to map users to their current IP addresses. This section uses UID agent to perform
the function.
Create service account, configure account permission and install UID agent
1. create service account ( example Lab\uid ) in the DC
2. Login to any computer that is a member of the domain, you do not need to install the UID
agent in the AD server or Domain controller.
3. Login with an account that have local administrator permission
4. add Lab\uid to be a member of local Administrator group
5. download UID agent
6. run command prompt as administrator
7. install from command prompt
8. By default, the agent will be configured to log in as the user who installed the .msi file. In the
screen shot that follows, you will see that the “Lab\uid” account that installed the agent is
· Mapping of those users to their current IP addresses
· Enumeration of users and their associated group membership.
1. IP – User Mapping
a. IP - User Mapping ( with UID Agent )
The first section is to map users to their current IP addresses. This section uses UID agent to perform
the function.
Create service account, configure account permission and install UID agent
1. create service account ( example Lab\uid ) in the DC
2. Login to any computer that is a member of the domain, you do not need to install the UID
agent in the AD server or Domain controller.
3. Login with an account that have local administrator permission
4. add Lab\uid to be a member of local Administrator group
5. download UID agent
6. run command prompt as administrator
7. install from command prompt
8. By default, the agent will be configured to log in as the user who installed the .msi file. In the
screen shot that follows, you will see that the “Lab\uid” account that installed the agent is
now the agent service account. Use the “Edit” button on the configuration window to
change the service account to a restricted user account if desired.
9. Allow the Agent account to log on the member server as a service. On the member server
open the “Local Security Policy” mmc.
10. Under the “Local Policies” > “User Rights Assignments” add the service account to the “Log
in as a Service” option
11. For Win2K8, Add the service account user to the “Event Log Reader” and “Server Operator”
built in local security groups in the domain.
12. For Win2K3, the user right “Manage auditing and security log” must be given to that
account. Edit the Default Domain Controller Security Policy, found under Programs -> Admin
Tools. Drill down to Security Settings -> Local Policies -> User Rights Assignment. You will see
the screen below.
change the service account to a restricted user account if desired.
9. Allow the Agent account to log on the member server as a service. On the member server
open the “Local Security Policy” mmc.
10. Under the “Local Policies” > “User Rights Assignments” add the service account to the “Log
in as a Service” option
11. For Win2K8, Add the service account user to the “Event Log Reader” and “Server Operator”
built in local security groups in the domain.
12. For Win2K3, the user right “Manage auditing and security log” must be given to that
account. Edit the Default Domain Controller Security Policy, found under Programs -> Admin
Tools. Drill down to Security Settings -> Local Policies -> User Rights Assignment. You will see
the screen below.
In the right-hand pane, locate the user right “Manage auditing and security log”. Double click that
entry. You will see that only Administrators have that user right.
Click Add User or Group.
Enter the username of the account you just created, and click on Check Names to confirm that
account exists. The account name will become underlined.
entry. You will see that only Administrators have that user right.
Click Add User or Group.
Enter the username of the account you just created, and click on Check Names to confirm that
account exists. The account name will become underlined.
13. Make sure that the service is running in Services window.
14. To check if you have configured the UID agent correctly, go to Start -> Palo Alto Networks ->
User-ID Agent and open the UID agent GUI, go to Discovery Tab, you will see the Domain
Controller listed.
15. To check if the UID agent successfully reads the event viewer and discovers the username go
to Monitoring tab.
14. To check if you have configured the UID agent correctly, go to Start -> Palo Alto Networks ->
User-ID Agent and open the UID agent GUI, go to Discovery Tab, you will see the Domain
Controller listed.
15. To check if the UID agent successfully reads the event viewer and discovers the username go
to Monitoring tab.
16. Next step is adding the UID agent in the firewall.
Configure User-ID agent in the firewall
17. Login to the firewall
18. Go to Device tab
19. Then User Identification node, click User-ID Agents sub-tab
20. Click Add, and then enter the name, IP address and port (default 5007). Click OK then hit
commit.
21. You will see the green button when the UID agent successfully connected to the firewall.
Configure User-ID agent in the firewall
17. Login to the firewall
18. Go to Device tab
19. Then User Identification node, click User-ID Agents sub-tab
20. Click Add, and then enter the name, IP address and port (default 5007). Click OK then hit
commit.
21. You will see the green button when the UID agent successfully connected to the firewall.
22. To verify that the firewall receive the User-IP mapping, ssh to the firewall and execute the
below command
admin@PA-200> show user ip-user-mapping all
b. IP – User Mapping ( Agentless )
The IP – User Mapping function that was performed by the User-ID agent, can be replaced by an
agentless User-ID. Agentless User-ID allow server to be run from the PAN device.
The login which works on the User-ID agent - most likely will not work on the Agentless. (Additional
permission are needed)
Create service account and configure account permission
1. Create the service account in AD. This is utilized on the device. Be sure the user is part of the
Distributed COM Users, Server Operators and Event Log Readers groups.
below command
admin@PA-200> show user ip-user-mapping all
b. IP – User Mapping ( Agentless )
The IP – User Mapping function that was performed by the User-ID agent, can be replaced by an
agentless User-ID. Agentless User-ID allow server to be run from the PAN device.
The login which works on the User-ID agent - most likely will not work on the Agentless. (Additional
permission are needed)
Create service account and configure account permission
1. Create the service account in AD. This is utilized on the device. Be sure the user is part of the
Distributed COM Users, Server Operators and Event Log Readers groups.
2. Device uses WMI Authentication. you must modify the CIMV2 security properties on the AD server the
device connects to.
3. Run wmimgmt.msc (on the domain controller server) on the command prompt to open the console and
select properties as shown below.
4. Select the Security tab of the WMI Control Properties and drill down to the CIMV2 folder. Select this
folder and click the Security button. Add the service account from step 1. In this case, it's
[email protected]. For this account, check off both Enable Account and Remote Enable.
device connects to.
3. Run wmimgmt.msc (on the domain controller server) on the command prompt to open the console and
select properties as shown below.
4. Select the Security tab of the WMI Control Properties and drill down to the CIMV2 folder. Select this
folder and click the Security button. Add the service account from step 1. In this case, it's
[email protected]. For this account, check off both Enable Account and Remote Enable.
5. After you’ve completed the permission setting for UID account , you need to setup the UID
configuration in the firewall.
Configure UID in the firewall
6. Login to the firewall GUI
7. Go to Device tab -> User Identification select User Mapping sub-tab
8. Under Server Monitoring, click Add and add IP address of the server to be monitored.
configuration in the firewall.
Configure UID in the firewall
6. Login to the firewall GUI
7. Go to Device tab -> User Identification select User Mapping sub-tab
8. Under Server Monitoring, click Add and add IP address of the server to be monitored.
9. Click Edit on the Palo Alto Networks User ID Agent Setup
10. Be sure to configure with domain\username format for username under WMI Authentication tab along
with valid credentials for that user.
11. Enable Server Monitor options (enable security log/enable session) accordingly.
12. Client probing is enabled by default so disable if desired.
13. Click Commit
14. Confirm connectivity via GUI and/or CLI as shown below.
10. Be sure to configure with domain\username format for username under WMI Authentication tab along
with valid credentials for that user.
11. Enable Server Monitor options (enable security log/enable session) accordingly.
12. Client probing is enabled by default so disable if desired.
13. Click Commit
14. Confirm connectivity via GUI and/or CLI as shown below.
15. Confirm ip-user-mapping is working as shown below.
2. User enumeration
The second section is to configure Enumeration of users and their associated group membership.
Before a security policy can be written for groups of users, the relationships between the users and
the groups they are members of must be established. This information is retrieved from an LDAP
directory, such as Active Directory or eDirectory. The firewall or an agent will access the directory
and search for group objects. Each group object will contain a list of user objects that are members.
This list will be evaluated and will become the list of users and groups available in security policy and
authentication profiles. The only method of retrieving this data if through LDAP queries from the
firewall. An agent system can be configured to proxy the firewall LDAP queries if the topology
requires that.
1. Login to the firewall through GUI
2. Go to Device tab then Server Profile -> LDAP then click Add
3. List the directory servers that you want the firewall to use in the server list. You need to
provide at least one server; two or more are recommended for failover purposes. The
standard LDAP port for this configuration is 389.
4. Enter the name of the domain in the Domain field. The domain name should be a
Netbios name
5. Select a directory Type. Based on the selected directory type, the firewall can populate
default values for attributes and objectclasses used for user and group objects in the
directory server.
6. Enter the base of the LDAP directory in the Base field. For example, if your Active
Directory Domain is acme.local, your base would be dc=acme,dc=local, unless you
want to leverage an Active Directory Global Catalog.
7. Enter a user name for a user with sufficient permission to read the LDAP tree. In an
Active Directory environment, a valid username for this entry could be the User
Principal Name, e.g. [email protected] but also the users distinguished name,
e.g. cn=Administrator,cn=Users,dc=acme,dc=local.
8. Enter and confirm the authentication password for the user account that you entered
above.
9. In case you have difficulties identifying your directory base DN, you can simply follow
these steps:
The second section is to configure Enumeration of users and their associated group membership.
Before a security policy can be written for groups of users, the relationships between the users and
the groups they are members of must be established. This information is retrieved from an LDAP
directory, such as Active Directory or eDirectory. The firewall or an agent will access the directory
and search for group objects. Each group object will contain a list of user objects that are members.
This list will be evaluated and will become the list of users and groups available in security policy and
authentication profiles. The only method of retrieving this data if through LDAP queries from the
firewall. An agent system can be configured to proxy the firewall LDAP queries if the topology
requires that.
1. Login to the firewall through GUI
2. Go to Device tab then Server Profile -> LDAP then click Add
3. List the directory servers that you want the firewall to use in the server list. You need to
provide at least one server; two or more are recommended for failover purposes. The
standard LDAP port for this configuration is 389.
4. Enter the name of the domain in the Domain field. The domain name should be a
Netbios name
5. Select a directory Type. Based on the selected directory type, the firewall can populate
default values for attributes and objectclasses used for user and group objects in the
directory server.
6. Enter the base of the LDAP directory in the Base field. For example, if your Active
Directory Domain is acme.local, your base would be dc=acme,dc=local, unless you
want to leverage an Active Directory Global Catalog.
7. Enter a user name for a user with sufficient permission to read the LDAP tree. In an
Active Directory environment, a valid username for this entry could be the User
Principal Name, e.g. [email protected] but also the users distinguished name,
e.g. cn=Administrator,cn=Users,dc=acme,dc=local.
8. Enter and confirm the authentication password for the user account that you entered
above.
9. In case you have difficulties identifying your directory base DN, you can simply follow
these steps:
a. Open the Active Directory Users and Groups management console on your
domain controller.
b. Select Advanced features in the View menu of the management console.
c. Select the top of your domain object and select Properties.
d. Navigate to the Attribute Editor in the properties window and scroll to the
distinguishedName attribute.
e. Copy the content of this attribute into the LDAP Server configuration Base
field in the firewall management UI.
Group Mapping Settings
After the LDAP server has been configured, you need to configure how groups and users are
retrieved from the directory and which users groups are to be included in policies.
In order to create a new group mapping entry, navigate to the Device > User Identification
menu and create a new entry under the Group Mapping Settings tab.
In this configuration, you specify which LDAP server profile is going to be used to identify users
and groups.
Select the LDAP Server Profile you configured earlier in the LDAP Server Profile section
in the drop-down list under Server Profile.
All LDAP Attributes and ObjectClasses will be pre-populated based on the directory server type
you selected in the “LDAP Server Profile”. Under normal circumstances, you should not have to
modify any of these attributes. Please refer to the Palo Alto Networks Administrator’s Guide for
customizations of these attributes.
The default update interval for changes in user groups is 3600 seconds (1 hour). You can
customize this value to a shorter period if needed.
domain controller.
b. Select Advanced features in the View menu of the management console.
c. Select the top of your domain object and select Properties.
d. Navigate to the Attribute Editor in the properties window and scroll to the
distinguishedName attribute.
e. Copy the content of this attribute into the LDAP Server configuration Base
field in the firewall management UI.
Group Mapping Settings
After the LDAP server has been configured, you need to configure how groups and users are
retrieved from the directory and which users groups are to be included in policies.
In order to create a new group mapping entry, navigate to the Device > User Identification
menu and create a new entry under the Group Mapping Settings tab.
In this configuration, you specify which LDAP server profile is going to be used to identify users
and groups.
Select the LDAP Server Profile you configured earlier in the LDAP Server Profile section
in the drop-down list under Server Profile.
All LDAP Attributes and ObjectClasses will be pre-populated based on the directory server type
you selected in the “LDAP Server Profile”. Under normal circumstances, you should not have to
modify any of these attributes. Please refer to the Palo Alto Networks Administrator’s Guide for
customizations of these attributes.
The default update interval for changes in user groups is 3600 seconds (1 hour). You can
customize this value to a shorter period if needed.
Go to Group include list tab, leave this blank if you want to include ALL groups, or select the groups
that you want to be mapped.
3. IP – User Mapping through User-ID API
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration
Pre-requisite
- Microsoft 2008 Server 64 Bit
- Microsoft NPS
- Microsoft DHCP server
- Palo Alto Networks UID Agent
- Scripts from https://github.com/cesanetwan/scripts/tree/master/paloalto
- At least 1 Windows server running IAS/NPS
- The server running the Palo-Alto User-ID Agent must have IP connectivity
- The Palo-Alto User-ID Agent must have the User-ID XML API enabled
- As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%\scripts\
- The script needs to be configured to trigger on a Windows Event 6272
- The User-ID timeout set in the Palo-Alto User ID Agent must be less than the session
timeout on the wireless controller
that you want to be mapped.
3. IP – User Mapping through User-ID API
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration
Pre-requisite
- Microsoft 2008 Server 64 Bit
- Microsoft NPS
- Microsoft DHCP server
- Palo Alto Networks UID Agent
- Scripts from https://github.com/cesanetwan/scripts/tree/master/paloalto
- At least 1 Windows server running IAS/NPS
- The server running the Palo-Alto User-ID Agent must have IP connectivity
- The Palo-Alto User-ID Agent must have the User-ID XML API enabled
- As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%\scripts\
- The script needs to be configured to trigger on a Windows Event 6272
- The User-ID timeout set in the Palo-Alto User ID Agent must be less than the session
timeout on the wireless controller
- Task must be configured to run under the designated sync account for the content filter at
sites
- Said account must be granted log on as service, log on as batch job rights, in addition to
full permissions to read, write and modify to the installation directory of the Palo-Alto User
ID Agent, and additionally be a member of the "DHCP Users" builtin group in Active
Directory
- The ignore_user_list and UIDConfig.xml must be present in the installation directory of
the Palo-Alto User ID Agent, and customised to the sites configuration as per the
samples in this repository
- The scheduled task should be configured to queue new instances should the task be
running when a new instance is called, and modified to fit the template provided in this
repository
This integration script was provided and developed by the guys from Catholic Education SA, mainly
Gareth Hill. Their link can be found https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-
RADIUS-script
The CESA UID RADIUS script is a means of enumerating 802.1x authorised users to the Palo-
Alto Networks User-ID Agent such that the appropriate filtering policies are applied automatically,
allowing for a seamless user-experience with Palo Alto Networks NGFW and User-ID.
Lab Diagram
Installation
The below steps are to be used for the above sample diagram. Please change the variables according
to the instruction at https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
1. Copy the below file UIDRADIUSScript.vbs to C:\Windows\SYSVOL\domain\scripts\ ( note
that this can be changed to any location )
sites
- Said account must be granted log on as service, log on as batch job rights, in addition to
full permissions to read, write and modify to the installation directory of the Palo-Alto User
ID Agent, and additionally be a member of the "DHCP Users" builtin group in Active
Directory
- The ignore_user_list and UIDConfig.xml must be present in the installation directory of
the Palo-Alto User ID Agent, and customised to the sites configuration as per the
samples in this repository
- The scheduled task should be configured to queue new instances should the task be
running when a new instance is called, and modified to fit the template provided in this
repository
This integration script was provided and developed by the guys from Catholic Education SA, mainly
Gareth Hill. Their link can be found https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-
RADIUS-script
The CESA UID RADIUS script is a means of enumerating 802.1x authorised users to the Palo-
Alto Networks User-ID Agent such that the appropriate filtering policies are applied automatically,
allowing for a seamless user-experience with Palo Alto Networks NGFW and User-ID.
Lab Diagram
Installation
The below steps are to be used for the above sample diagram. Please change the variables according
to the instruction at https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
1. Copy the below file UIDRADIUSScript.vbs to C:\Windows\SYSVOL\domain\scripts\ ( note
that this can be changed to any location )
UIDRADIUSScript.vb
s
2. Copy the below file UIDConfig.xml to C:\Program Files (x86)\Palo Alto Networks\User-ID
Agent\
UIDConfig.xml
3. Create a scheduled task to trigger on Windows Event 6272
s
2. Copy the below file UIDConfig.xml to C:\Program Files (x86)\Palo Alto Networks\User-ID
Agent\
UIDConfig.xml
3. Create a scheduled task to trigger on Windows Event 6272
Click on Properties
Check Run with Highest Privileges
Check Run with Highest Privileges
Change to Queue a new instance
Right click on the event and click export task to XML
Edit the tasks XML to reflect the example XML file below
User-id.xml
Importantly, the Triggers and the Exec sections
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
Edit the tasks XML to reflect the example XML file below
User-id.xml
Importantly, the Triggers and the Exec sections
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription><QueryList><Query Id="0" Path="Security"><Select
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security -Auditing'] and
EventID=6272]]</Select></Query></QueryList></Subscription>
<ValueQueries>
<Value name="SubjectUserName">Event/EventData/Data[@Name='SubjectUserName'] </Value>
<Value
name="CallingStationID">Event/EventData/Data[@Name='CallingStationID'] </Value>
</ValueQueries>
</EventTrigger>
</Triggers>
Exec Section
<Exec>
<Command>C:\Windows\System32\cscript.exe</Command>
<Arguments>C:\Windows\SYSVOL\domain\scripts\UIDRADIUSScript.vb s "$(SubjectUserName)"
$(CallingStationID)</Arguments>
</Exec>
Then delete the original task and import the modified XML.
Type in your username and password
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security -Auditing'] and
EventID=6272]]</Select></Query></QueryList></Subscription>
<ValueQueries>
<Value name="SubjectUserName">Event/EventData/Data[@Name='SubjectUserName'] </Value>
<Value
name="CallingStationID">Event/EventData/Data[@Name='CallingStationID'] </Value>
</ValueQueries>
</EventTrigger>
</Triggers>
Exec Section
<Exec>
<Command>C:\Windows\System32\cscript.exe</Command>
<Arguments>C:\Windows\SYSVOL\domain\scripts\UIDRADIUSScript.vb s "$(SubjectUserName)"
$(CallingStationID)</Arguments>
</Exec>
Then delete the original task and import the modified XML.
Type in your username and password
Enable the task
Test by authenticating user through 802.1x, you should then see 802.1x authenticated user appear
in the User-ID agent monitoring tab.
UIDConfig.xml variables description
<?xml version="1.0" encoding="UTF-8"?>
<user-id-script-config>
<domain>LAB</domain> - the domain of the site in question
<LogFormat>DHCP</LogFormat> - The log format - valid values are NPS, IAS and DH CP, for
the various methods of processing this information, in this example we’re using DHCP
<AgentServer>192.168.6.3</AgentServer> - server the UID agent is installed on
<AgentPort>5008</AgentPort> - port the User-ID XML API is listening on
<Debug>1</Debug> - a debug flag (not implemented yet)
<DHCPServer>main.lab.com</DHCPServer> - the DHCP Server at the site in question, used to
do remote queries if there are 2 NPS servers at a s ite
</user-id-script-config
3.2 User-ID agentless API, Microsoft NPS, Microsoft DHCP integration (
Work in progress )
Pre-requisite
- Microsoft 2008 Server 64 Bit
- Microsoft NPS
- Microsoft DHCP server
- Palo Alto Networks PANOS 5.0
- Scripts from https://github.com/cesanetwan/scripts/tree/agentle/paloalto
Agentless branch
- At least 1 Windows server running IAS/NPS
- The Palo-Alto Networks firewall must run PANO 5.0
- As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%\scripts\
- The script needs to be configured to trigger on a Windows Event 6272
Test by authenticating user through 802.1x, you should then see 802.1x authenticated user appear
in the User-ID agent monitoring tab.
UIDConfig.xml variables description
<?xml version="1.0" encoding="UTF-8"?>
<user-id-script-config>
<domain>LAB</domain> - the domain of the site in question
<LogFormat>DHCP</LogFormat> - The log format - valid values are NPS, IAS and DH CP, for
the various methods of processing this information, in this example we’re using DHCP
<AgentServer>192.168.6.3</AgentServer> - server the UID agent is installed on
<AgentPort>5008</AgentPort> - port the User-ID XML API is listening on
<Debug>1</Debug> - a debug flag (not implemented yet)
<DHCPServer>main.lab.com</DHCPServer> - the DHCP Server at the site in question, used to
do remote queries if there are 2 NPS servers at a s ite
</user-id-script-config
3.2 User-ID agentless API, Microsoft NPS, Microsoft DHCP integration (
Work in progress )
Pre-requisite
- Microsoft 2008 Server 64 Bit
- Microsoft NPS
- Microsoft DHCP server
- Palo Alto Networks PANOS 5.0
- Scripts from https://github.com/cesanetwan/scripts/tree/agentle/paloalto
Agentless branch
- At least 1 Windows server running IAS/NPS
- The Palo-Alto Networks firewall must run PANO 5.0
- As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%\scripts\
- The script needs to be configured to trigger on a Windows Event 6272
Revision History
Date Revision Comment
12 April 2013 1.0 Draft
References
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://live.paloaltonetworks.com/docs/DOC-3664
https://live.paloaltonetworks.com/docs/DOC-3120
https://live.paloaltonetworks.com/docs/DOC-1807
Date Revision Comment
12 April 2013 1.0 Draft
References
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://live.paloaltonetworks.com/docs/DOC-3664
https://live.paloaltonetworks.com/docs/DOC-3120
https://live.paloaltonetworks.com/docs/DOC-1807
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 14,896
- Slides 25
- Favorites 6
- Age 4406 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views