SSO (AD authentication) authenticates wrong user?

Hi,
I have a bunch of users in a group that is the 'from' for some HTTP(S) proxy policies. Some of them will authenticate as a different user when they make external requests and the wrong policy is applied. The user they authenticate as is a local admin on all the machines this happens on. It isn't even logged on, I use it for inventory software (There is no agent or anything, I think it just queries WMI). Additionally, it does not happen for every user in the group, just some of them. It also does it with users that are not in the group, just randomly some users authenticate as this service user.

Anybody got an idea on how this could happen?

Best Answer

  • You should install the SSO client on your PCs.

    My guess is that this admin account logon happens on some PCs after the user logs on, and the SSO ELM sees the last logon, and that is what is being used.

Answers

  • Thanks Bruce, that's exactly what it is. When I scan machines with PDQ it generates a logon event that the event log monitor sees.

Sign In to comment.