Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1733
Views
10
Helpful
5
Replies

Monitor Multiple Users Logged to Terminal servers

guibarati
Level 4
Level 4

‎10-16-2015 08:49 AM - edited ‎03-12-2019 05:47 AM

How can I monitor different users logged in to a single terminal server with different permissions?

From what I know user agent 2.2 couldn't identify it, does anything change on 2.3?

 

 

Thanks

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Dinkar Sharma
Cisco Employee
Cisco Employee

‎10-20-2015 02:18 AM

You can not do that. FirePOWER would only be able to learn about the last user who logged into the terminal server and implement the policy accordingly. As of now we don't support it. I have filed an enhancement request to add a different approach to it CSCuw60492.

 

Thanks,

 

Dinkar

 

 

securantakra
Level 1
Level 1
In response to Dinkar Sharma

‎03-25-2016 12:22 PM

Are there any information to fix this in future or to get this enhancement? Does anybody have access to the roadmap? 

If we have more than one user the per user permissions are obsolete.

Any ideas for a workaround?

0 Helpful

Dinkar Sharma
Cisco Employee
Cisco Employee
In response to securantakra

‎03-25-2016 12:44 PM

For now we don't support it and there is no roadmap for this feature. You can get in touch with your Cisco Accounts team and they can get in touch with BU to discuss the roadmap for this feature.

Thanks,

Dinkar

0 Helpful

securantakra
Level 1
Level 1
In response to Dinkar Sharma

‎03-26-2016 12:02 AM

Hi Dinkar, 

thanks for this information. I will contact my Cisco accounts.

There is a new feature in 6.0.1 called "Captive Portal and Active Authentication"

In order to provide better visibility in mapping users to IP addresses and their associated network events, the Captive Portal and Active Authentication feature can be configured to require users to enter their credentials when prompted through a browser window. The mapping also allows policies to be based on a user or group of users. This feature supplements the existing Sourcefire User Agent (SUA) integration with Active Directory to address non-Windows environments, BYOD users, and guests.

I think this could be a way to get the user information even if they connected to a terminal server. The user have to authenticate each session, this is not convenient but it works.

What do you think? 

regards

securantakra

0 Helpful

shansfeldt
Level 1
Level 1
In response to securantakra

‎08-31-2016 03:53 AM

Hi,

Seems to be available in 6.1.0.

Note: The TS Agent feature (VDI Identity Support) is available in a limited availability program adjacent to Version 6.1.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card