How to Ignore Users in User-ID

How to Ignore Users in User-ID

87946
Created On 09/25/18 20:40 PM - Last Modified 11/02/23 19:11 PM


Symptom


When using the User-ID Agent to identify users on the network, there is a way to ignore certain users. Generally, this is used for service accounts, but any desired username can be entered.

Environment


  • PAN-OS 7.1 and above.
  • Windows User-ID Agent.
  • Integrated User-ID Agent.

Resolution


 

  1. Stop the User-ID service
  2. Modify/create a file ignore_user_list.txt in the directory where User-ID Agent is installed.
    • This file will contain all the users to be ignored.
    • The format of the file needs to be one username on each line.
      Note: It is sometimes required to have two entries for each username, the normal username and the username with netbios name.
      • user1
      • mydomain\user1
  3. Start the User-ID service.
Please refer to the knowledge base below: 
How to Create Ignore_User_List with Special Characters in User-ID agent
 

Starting from PAN-OS 7.1 the ignore user list can also be configured for the Agentless User-ID through the WebUI

2016-09-30_16-12-38.png

 


 

 

Additional Information


How to Add/Delete Users from Ignore User List using Agentless User-ID
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000Clkl&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language