Saucepan

User Tools

Site Tools

Trace: logging subscriptions ecs multimaster_dns
paloaltonetworks:configuration:user_id

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:configuration:user_id [2021/04/01 08:59] bstaffordpaloaltonetworks:configuration:user_id [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 3: Line 3:
 =====User-ID Requirements===== =====User-ID Requirements=====
 [[https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/create-a-dedicated-service-account-for-the-user-id-agent.html|Palo Doc Here]]. [[https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/create-a-dedicated-service-account-for-the-user-id-agent.html|Palo Doc Here]].
 +
 +=====Win-RM=====
 +[[https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrm|Setup]]
 +Run this command on each DC. Then add the account.
 +
 +<code>winrm configSDDL default</code>
 +
 +The service account needs to belong to the 'Remote Management Users' group in AD to allow WinRM connections from the firewall to query WMI.  This is because the service account is not an administrator on the domain, and by default PowerShell Remoting requires admin privileges.
 =====User-ID Account Permissions===== =====User-ID Account Permissions=====
 The service account requires the following domain permissions per forest. The service account requires the following domain permissions per forest.
paloaltonetworks/configuration/user_id.1617267559.txt.gz · Last modified: (external edit)