Randy is spot on - -been using Surf Control (SMTP and Web) for almost 4 years now.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Walton, Randy
Sent: Tuesday, March 28, 2006 8:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Surf control web filter and DC's
Yes, there is a EUM User Agent (not the whole EUM itself) that can be installed on domain controllers. It is not a required component, but security groups really like it.
Instead of Surf Control doing reverse DNS/WINS queries to determine the hostname of web requests passing through Surf Control, it instead uses the EUM UA to determine the * person* who logged in on that IP address, providing IP -> user mappings. It does have to be installed on all DCs in a domain to monitor that domain's users.
Here's a link to the docs about it: http://www.surfcontrol.com/general/assets/whitepapers/deploy_eum.pdf
We had talked with Surf Control tech support when Security asked to deploy it, and they couldn't tell us if it was a GINA extension or not. (It's an issue to us, since it might interfere with Identix biometrics GINA.) We're still in a holding pattern on this one.
Cheers,
Randy Walton
Cleveland Clinic
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Todd Hofert
Sent: Tuesday, March 28, 2006 7:36 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Surf control web filter and DC's
I am running Surf Control 5.0 with EUM. I did not install anything on my DC's. Do you know the name of the dll? I can search my DC's for it if you know what it is.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Monday, March 27, 2006 8:43 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Surf control web filter and DC'sIn their docs, it says EUM has to be installed on a DC....
And for greater user name accuracy, they recommend installing it on all DC's.
They claim its a dll that runs as a subauth under LSA.
Are we talking about the same thing?
Thanks
On 3/27/06, Todd Hofert < [EMAIL PROTECTED]> wrote:
I have Surf Control with the EUM. It does not require the installation of anything on any DC's. I have it installed on a member server and works fine for my entire organization.
________________________________
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Mon 3/27/2006 4:58 PM
To: activedirectory
Subject: [ActiveDir] Surf control web filter and DC's
Management wants to install the Surfcontrol web filter with something called Enterprise User Manager which allows the product to log which url's a user visits by user name in addition to ip and workstation name.
What troubles me is that the service has to be installed on every DC for user name resolution and is in the form of a dll which inserts itself in the LSA process as a subauth process.
Is this a security or preformance risk?
Am I worrying needlessly?
Has anyone else used this product?
Thanks.
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.------------------------------------------------------------------------------
Confidentiality Note: This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. Thank you.
------------
Visit us online at our award-winning http://www.clevelandclinic.org for a complete listing of Cleveland Clinic services, staff and locations from one of the country's leading hospitals.
==============================================================================
Thanks!!
Just curious, how does this work in a Citrix enviorment?
Don't all the users "look" like they are coming from the same ip(the Citrix box)?
Thanks again.
On 3/28/06, Craig Cerino <[EMAIL PROTECTED]> wrote:
- Re: [ActiveDir] Surf control web filter and DC's Tom Kern
