Dell SonicWall Single Sign On (SSO) agent often pulls service user accounts (Sophos Antivirus, Nvidia Updater, etc.) instead of actual logged in users. I noticed that this is especially prominent when DC Security Logs option is used.

In this example SonicWall SSO agent is pulling sophos.update account instead of actual logged-in domain users.

To resolve the issue login to SonicWall firewall and navigate to Users > Settings. Click on Configure SSO button, then change to Users tab and add "sophos.update" and other system / service accounts you want to exclude to "User names used by Windows services" list.

SonicWall tutorial didn't mention this, but for changes to take affect I had to restart SSO Agent service using Directory Connector Configuration.

April 2017
SonicWall NSA 220W

No comments

Leave your comment

In reply to Some User
Captcha Image