Cisco Cisco Firepower Management Center 4000
2-5
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Enabling Idle Session Timeouts
Note
Use these credentials when configuring the Active Directory server connection. See
Step 2
Enable RPC on the Active Directory server for the user. You have the following options:
•
If the Active Directory server is running Windows Server 2008 R2 or Windows Server 2012, and the
user is not a member of the Administrators group, grant the user DCOM remote access, remote
launch, and activation permissions. See
user is not a member of the Administrators group, grant the user DCOM remote access, remote
launch, and activation permissions. See
for more information.
•
If the Active Directory server is running any other supported version of Microsoft Windows, RPC
is already enabled.
is already enabled.
To grant the agent permission to retrieve logoff data:
Step 1
Grant the created user Administrator privileges to ensure the user can log into all workstations that
authenticate against the Active Directory server.
authenticate against the Active Directory server.
To grant the agent permission to access the security logs:
Step 1
Grant the created user full permissions to the WMI Root/CIMV2 namespace on the Active Directory
server. See
server. See
for more
information.
Continue with
.
Enabling Idle Session Timeouts
After you configure permissions to connect to the Active Directory server, you can optionally enable idle
session timeouts in the group policy. This helps prevent the agent from detecting and reporting
extraneous logins due to multiple sessions on a host.
session timeouts in the group policy. This helps prevent the agent from detecting and reporting
extraneous logins due to multiple sessions on a host.
Terminal Services allows multiple users to log into a server at the same time. Enabling idle session
timeouts helps reduce the instances of multiple sessions logged into a server.
timeouts helps reduce the instances of multiple sessions logged into a server.
Remote Desktop allows one user at a time to remotely log into a workstation. However, if the user
disconnects from the Remote Desktop session instead of logging out, the session remains active. Without
user input, the active session eventually idles. If another user logs into the workstation using Remote
Desktop, two sessions are running. Multiple running sessions can cause the agent to report extraneous
logins. Enabling idle session timeouts causes those sessions to terminate after the defined idle timeout
period, which helps prevent multiple remote sessions on a host.
disconnects from the Remote Desktop session instead of logging out, the session remains active. Without
user input, the active session eventually idles. If another user logs into the workstation using Remote
Desktop, two sessions are running. Multiple running sessions can cause the agent to report extraneous
logins. Enabling idle session timeouts causes those sessions to terminate after the defined idle timeout
period, which helps prevent multiple remote sessions on a host.
Citrix sessions function similarly to Remote Desktop sessions. Multiple Citrix user sessions can be
running on a computer at once. Enabling idle session timeouts helps prevent multiple Citrix sessions on
a host, reducing extraneous login reporting.
running on a computer at once. Enabling idle session timeouts helps prevent multiple Citrix sessions on
a host, reducing extraneous login reporting.
Note that depending on the configured session timeout, there may still be situations where multiple
sessions are logged into a computer.
sessions are logged into a computer.