App Control: Agents flipping to Default policy when using AD mappings with AD users
Article ID: 291774
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Why are App Control Agents policies to the Default policy when using AD mapping rules based on AD users?
Environment
App Control Console: All Versions (was CB Protection)
Resolution
- The App Control Agent policy assignment is based on the most recent active user sessions present on the system
- The user session changes every time any user logs on/off, when the session connects/disconnects
- Thus, when the current user logs off or disconnects then their user session is removed and the agent is automatically assigned to the [all others] Default Policy
- To avoid the policy flipping behavior, CB recommends using AD Mapping rules with specific AD Computers instead of AD Users
Additional Information
- In case of a Multi user login, the most recent logged in user's policy is used; the previously logged in users will move to the default policy and hence we recommend to have computer specific policy instead of user specific one
- The [all others] config on the Policies Mapping tab is a catch all policy where all agents with no matching AD User sessions are assigned to
- The current active user sessions on a system can be displayed with:
dascli logonsessions
Feedback
Yes
No
Powered by
