We currently have the FSSO DC Agent 5.0.0264(latest, I believe) running on our Domain Controllers. We are using a FortiAuthenticator VM as the collector and everything is reporting as expected. However, when I first installed the DC Agent, I never selected any users for the Ignore User List. Now that I have everything running I would like to exclude service accounts. When I open the DC Agent Configuration Utility, I see a box for "Ignore user list" but I am unsure what should be put in the box specifically.
Is it a field to enter a text file location listing all of the users in a specific format? Do I just list users in a "user, user, user" format or is it a "domain\user, domain\user, domain\user" format?
I have attached a screenshot of the field I am referring to:
Any info or an example would be extremely helpful!
After speaking with support real quick, it looks like the best method to deal with this in our situation is to filter via the FortiAuthenticator as it lets us choose to exclude an account or include it when we need to.
Hello,
import desired users or groups into SSO Users or SSO Groups and then in Fine-grained Controls set those to exclude.
Pay attention to additional option, but default "Do not affect current user when excluded user logs in" is most probably desired handling as you said you'd like to exclude service/system accounts. And so with this they will not interfere with originally logge4d on user and SSO will be kept for such original user & workstation.
That's on FortiAuthenticator.
From another point of view newer standalone Collectors like 5.0.0264 push ignored users list to DC Agents automatically ..
- see registry keys
"pushIgnoreListToDC"=dword:00000001
"ignore_users"="ALFA\\srv_ces;ALFA\\srv_ndes;ALFA\\testexclusion" .. this one in Filters under collectoragent
and those correspond to
ignore_list=ALFA\srv_ces;ALFA\srv_ndes;ALFA\testexclusion;
under dcagent registry folder
Kind regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thanks for the reply, Tomas!
Your first suggestion for the FortiAuthenticator is the method support recommended and the one we chose to go with it. Everything appears to be working great on that side of things!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.