SonicWall SSO - Excluding Service User Accounts

Dell SonicWall Single Sign On (SSO) agent often pulls service user accounts (Sophos Antivirus, Nvidia Updater, etc.) instead of actual logged in users. I noticed that this is especially prominent when DC Security Logs option is used.

In this example SonicWall SSO agent is pulling sophos.update account instead of actual logged-in domain users.

To resolve the issue login to SonicWall firewall and navigate to Users > Settings. Click on Configure SSO button, then change to Users tab and add "sophos.update" and other system / service accounts you want to exclude to "User names used by Windows services" list.

SonicWall tutorial didn't mention this, but for changes to take affect I had to restart SSO Agent service using Directory Connector Configuration.

April 2017
SonicWall NSA 220W


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait