We have a Sonicwall E5500 that uses SSO to transparently allow various levels of Internet access to Windows Active Directory domain users.  The Sonicwall's SSO service inspects the user's PC upon first the attempt to access the Internet--keep in mind that the first attempt to access the Internet after the PC has booted can occur whether or not the PC has a human user logged in, i.e., if a service account / process is running while not logged in and that account/process attempts to access the Internet.

On the firewall we see multiple SSO "logins" from different IP addresses of PCs, all of which show the same "k1000" username instead of the indivual username of whomever is currently logged in at each PC (IP address).  When this happens, the user at an affected IP address loses certain Internet access rights because the firewall sees them as a the username "k1000" instead of their own username.  The only way to fix this is to have the user shut down/reboot their PC and log in again.

We use the domain adminstratior account to deploy the k1000 agent.  We have a single "Online Shell" script enabled on the k1000 that are set to run as Local System.  We do have an active directory domain admin "k1000" user account, but as far as we can tell it's not specified anywhere on the k1000, e.g., agent deployment, script run as, or other credentials.

How can we prevent the k1000 agent (if the agent is at fault) from showing as the user logged in or otherwise correct this problem? 


1 Comment   [ - ] Hide Comment


  • I would open a ticket on that one
Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity