This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cesar_Santos
Explorer
‎2020-11-17 09:16 AM

Identity Agent | Run App as admin

Hi Checkmates,

Let me share a quick question with you. So, what's the behaviour of the Identity Agent if a Domain Admin runs an Application as Administrator in a Windows session of a normal user? It will send an update to the Gateway with a new mapping of the IP and the user admin? In that case, the rules applied on the gateway will be far more distinct that if the user mapping remains with the normal user. Is there a way to exclude the Administrator user from the events of the Identity Agent logs and updates? I've searched the documentation, but I've found nothing about this. Can anyone share knowledge on this?

Thanks in advance.

0 Kudos
4 Replies
Elad_Shoval
Employee
Employee
‎2020-11-19 06:46 AM

Hi Cesar,

Are you asking about the Identity Agent or the Terminal Service (AKA MUH Agent)?

In Identity Agent, a user must authenticate with Username/Password or via Kerberos ticket. Even if the Administrator will run an app in a Windows session of a normal user, no update will be sent to the Security Gateway, because the authentication was done with the normal user credentials. 

Please let me know if you have additional questions,

 

Elad Shoval | Team Leader, Identity Awareness, Identity Clients, R&D

0 Kudos
Cesar_Santos
Explorer
‎2020-11-19 07:28 AM
In response to Elad_Shoval

Hi Elad,

This is about the Identity Agent, not the MUH.

Are you sure that if I run an application in windows as administrator, the Identity Agent will just ignore that? Because we have a customer exactly wit this problem. So, basically the the end users are working properly, with the correct rules being applied, all normal. But, if a guy of the IT team run a software as administrator and uses his admin credentials, the Identity Agent running on background will pass a new IP/user mapping to the Gateway and the applied rules will be totally different. The only workaround that we know that works is to logoff and then logon again on the windows machine, which is not practical for our end users.   

Any suggestion,

César Santos

0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-21 05:36 PM
In response to Cesar_Santos

Are the admins elevating privileges when they run, say, the installer or are they doing a full desktop login to the same system?

0 Kudos
Cesar_Santos
Explorer
‎2020-11-23 12:40 AM
In response to PhoneBoy

Hi,

The admins are elevating privileges when they install a new application, for example. It's not a full desktop login.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top