This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 Web filtering picks computer$ account for some users

Hi,

I am having very interesting problem. I have setup web filtering with active directory group and members of these groups can go to internet. I also set block action for the others who are not member of these groups. Some of my users which are members of these groups, blocked and when i checked the logs, i have found out that there is no user information for this users but only computer$ account. Those users are blocked and cannot use the internet now because of the block action.

I didnt set any proxy to my client yet.  I have checked couple of article and i couldnt find anything regarding to this either. When I set proxy on a client it comes with right information but otherwise keeps coming with computer$ account.

Has anyone ever struggle with this?

Regards,  



This thread was automatically locked due to age.
Parents
  • There are several ways of doing authentication, one of the common ones is NTLM.  IIRC NTLM will authenticate and cache that information for about 5 minutes before trying to authenticate again.  If the web request that is trying to authenticate comes from a browser or application running in user space, it will authenticate with that user.  If the request comes from something running as a system or computer account, it will authenticate like that.

    It will continue to use the computer account for five minutes, until it authenticates again.

    Off the top of my head, I do not recall what the solution is on the UTM.

  • Hi Michael,

     

    After all that deeply work on active directory and sophos plus clients feedback, i have found that services cause the problem so i made deep search in active directory if i can find anything related to this. I have found the solution under Computer Configuration\policies\windows settings\security settings\local policies\security options\

    Below settings must be disabled to use only username to authenticate.

    Thank you very much for your time and priceless guide.

     

    Regards,

Reply
  • Hi Michael,

     

    After all that deeply work on active directory and sophos plus clients feedback, i have found that services cause the problem so i made deep search in active directory if i can find anything related to this. I have found the solution under Computer Configuration\policies\windows settings\security settings\local policies\security options\

    Below settings must be disabled to use only username to authenticate.

    Thank you very much for your time and priceless guide.

     

    Regards,

Children
No Data