https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136149#M24355 <P>Hi,</P><P>&nbsp;</P><P>as the title says, we currently face the problem that login to SC with AD-authentication is not possible, if the account is member of the group "Protected Users Security Group":</P><P><A href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fsecurity%2Fcredentials-protection-and-management%2Fprotected-users-security-group&amp;data=04%7C01%7Camir.glibic%40atos.net%7C33346fa7966b4390d50808d9bbefa449%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637747460195676310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yINdGtPCFw%2Fi%2FGx7FiffvMGy2Z%2Bf5C6SPnp71MPgCKE%3D&amp;reserved=0" target="_blank">https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group</A></P><P>Customer's admins are now in this group, which makes it impossible to manage the FW. Before implementing a workaround with a second account, I want to check if anyone has faced this before.</P><P>&nbsp;</P><P>Is this known behavior and is there any workaround?&nbsp;</P><P>&nbsp;</P><P>THX in advance!</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Dec 2021 10:32:03 GMT xiro 2021-12-13T10:32:03Z https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136149#M24355 <P>Hi,</P><P>&nbsp;</P><P>as the title says, we currently face the problem that login to SC with AD-authentication is not possible, if the account is member of the group "Protected Users Security Group":</P><P><A href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fsecurity%2Fcredentials-protection-and-management%2Fprotected-users-security-group&amp;data=04%7C01%7Camir.glibic%40atos.net%7C33346fa7966b4390d50808d9bbefa449%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637747460195676310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yINdGtPCFw%2Fi%2FGx7FiffvMGy2Z%2Bf5C6SPnp71MPgCKE%3D&amp;reserved=0" target="_blank">https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group</A></P><P>Customer's admins are now in this group, which makes it impossible to manage the FW. Before implementing a workaround with a second account, I want to check if anyone has faced this before.</P><P>&nbsp;</P><P>Is this known behavior and is there any workaround?&nbsp;</P><P>&nbsp;</P><P>THX in advance!</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Dec 2021 10:32:03 GMT https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136149#M24355 xiro 2021-12-13T10:32:03Z https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136208#M24367 <P>SC = SmartConsole?<BR />What version/JHF version?</P> Mon, 13 Dec 2021 20:46:58 GMT https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136208#M24367 PhoneBoy 2021-12-13T20:46:58Z https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136212#M24369 <P>yes, SmartConsole.</P><P>Server is 80.40 T125</P><P>SC was tested with different versions, including newest 80.40 build 425.</P><P>This is the configuration of the affected admins:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2021-12-13 220327.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14541iC22F18D227C1E135/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2021-12-13 220327.jpg" alt="Screenshot 2021-12-13 220327.jpg" /></span></P> Mon, 13 Dec 2021 21:04:38 GMT https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136212#M24369 xiro 2021-12-13T21:04:38Z https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136216#M24371 <P>Suggest debugging fwm to see why it's failing:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86186" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86186</A>&nbsp;<BR />You might need a TAC case to get to the bottom of it, though.</P> Mon, 13 Dec 2021 21:53:35 GMT https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136216#M24371 PhoneBoy 2021-12-13T21:53:35Z https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136237#M24376 <P>As you are using Radius for authentication the question is how is the Radius server authenticating against AD.</P> <P>Does this comply with protected users group? E.g. LDAP(S) is not!</P> Tue, 14 Dec 2021 06:49:00 GMT https://community.checkpoint.com/t5/General-Topics/Login-to-SC-with-an-AD-user-in-quot-Protected-Users-Security/m-p/136237#M24376 Norbert_Bohusch 2021-12-14T06:49:00Z