[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Sonicwall SSO Agent accuracy for multiple users sharing PC.

Posted on 2014-12-10
6
Medium Priority
?
240 Views
Last Modified: 2015-01-27
Hi,

We currently have a NSA 240 running 5.9.0.4-127o with SSO agents running Directory Connector 3.6.56.  The problem we have is when user A logs off a PC and user B logs in, the sonicwall still has the active session of user A.  User B then also has the CFS policy assigned to user A.  We are using NetAPI for the query source which seems to be the most accurate in my tests using the Directory Connector Diag tool, even though it says its supposed to be the least accurate.  If I kill the users session in the sonicwall the new users CFS policy is correctly identified but this would be a hassle to manage.  

Has anyone had a better experience using WMI or DC logs when multiple users share a PC with different CFS policies?

Thanks in advance.
0
Comment
Question by:RHNOC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40493694
you can have user logout script that logs them out from soncwall
0
 
LVL 65

Expert Comment

by:btan
ID: 40493742
Shouldnt the logoff of user from machine also consider session as logoff. I was seeing this below on the SSO configuration and supposedly
Log out from the windows domain computer and log in back with a user from either the full access or restricted access groups and check whether the policy is getting enforced correctly for the user.
https://support.software.dell.com/kb/sw7782

There is a CleWMI vbs that can query current login user but not sure that can help to officiate log off or remap policy. For shared PC, it is not recommended to hold active session once user logoff.
https://support.software.dell.com/kb/sw7363
(more WMI query) http://msdn.microsoft.com/en-us/library/aa394586(v=vs.85).aspx

I also understand there is polling time to poll the workstation running SSO Agent to verify that users are still logged on. Wondering if there are a timeout for inactive session to terminate session though
https://support.software.dell.com/kb/sw5952
0
 
LVL 62

Accepted Solution

by:
gheist earned 1500 total points
ID: 40494074
Ask support why your installation does not meet documentation and how to make it work...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40494102
If you use the directory connector (which I highly recommend) it has a refresh time
http://help.mysonicwall.com/sw/eng/6931/ui2/25500/PANEL_ssoProps.html
0
 

Author Comment

by:RHNOC
ID: 40573122
Well I ended up calling support and when they dialed in we could not get the SSO to fail.  After one minute, which is the polling rate the SSO would identify the new user and the CFS policy would change.  Although I still had the same problem occur a few weeks later where the SSO would test correctly but the sonicwall would not release the current users session.  So unfortunately I never came to a solid conclusion.  Thanks for the replies.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40573134
So for some reason polling is stopped at some moment? Power saving? clock adjustments...
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question