This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Help
David_Herselman
David_Herselman
Nickel
‎2018-12-19 08:28 PM

Stop clearing ADQuery Identity Awareness during policy installation

Installing policy has the effect of clearing known user identity awareness, the primary reason why we advocate only handling this outside of business hours.

There are however often reasons why customers ask for policy installations during work hours, is there no way for a security gateway not to clear PDP during this process as user's internet access is subsequently inhibited until they restart their browser (initiates Kerberos browser based authentication as the browser handles captive portal detection), switches or cycles connectivity (initiates captive portal detection) or re-login (initiates ADQuery event)?

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin
‎2018-12-21 02:37 PM

Re: Stop clearing ADQuery Identity Awareness during policy installation

As far as I know, this shouldn't happen.

There's a note in our Best Practice documentation about something that happens during policy installation, namely we re-lookup all the LDAP groups associated with each user the gateway knows about.

Best Practices - Identity Awareness Large Scale Deployment 

That couldn't happen if we cleared all the users on policy installation.

I recommend opening a TAC case.

0 Kudos
Reply