Terminal Server Agent Does Not Map System Level Sessions to a Username

Terminal Server Agent Does Not Map System Level Sessions to a Username

492
Created On 04/02/25 21:43 PM - Last Modified 04/02/25 21:56 PM


Symptom


If the traffic is initiated by an application running with the context of a user (e.g. web browser), the socket information can be intercepted by the Terminal Server Agent which will replace the source port. However, if the traffic is generated by a service running with System context, the agent is not able to determine the user information. For example, the Terminal Server Agent will not map SMB traffic to a username as this is run in a system context.

Additional Information


Please see:

Terminal Server Agent (TSA) Advanced Configuration using Windows Registry
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCccCAG

How to Troubleshoot Terminal Server Agent Problems
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLXCA0
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000TpoXCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail