Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
9
Helpful
4
Replies

CSA Policies for dynamic users

pemasirid
Level 1
Level 1

‎08-27-2010 09:53 AM - edited ‎03-09-2019 11:08 PM

Hi,

We are going to start with our CSA deployment (CSA Ver 6.0.2) and having following points to be clarify. Appreciate if someone can advise me on the bellow points:

1) How  policies to be dynamically applied to the user, independent of which workstation / server the user is logging on to. This way IT support staff should be able to troubleshoot or login to user's PCs regardless of its installed policies.

In other way... policies to be applied based on users accounts (users login name or Active directory name)

2) how much bandwidth/traffic will consume to run 200 agents to communicate with MC Server (as some of the clients are located remotely via microwave link)

3) What are best practise to run the policies for agents and severs.

We going to have 1000 clients with 100 servers.

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

tsteger1
Level 8
Level 8

‎08-30-2010 03:10 PM

1. User states is how we apply policies based on username no matter which workstation they are logged in to.

2. Bandwidth has rarely been an issue except when agent software updates. Polling intervals can be adjusted for slow sites if this is an issue.

3. This questions is rather broad and it depends on many factors.

HTH

Tom

0 Helpful

pemasirid
Level 1
Level 1
In response to tsteger1

‎09-02-2010 02:33 AM

Hi Tom,

Many thanks for your response.!

With regard to policies for dynamic users, could you please explain how we can deploy policies for the user with user states?. Can there be agent kit with policies having user states and system states combined?.

Actually as I described earlier in my query, I need to know how we deploy policies with agent kit on the following situation.

I have normal users with restricted policies, however when admin or IT support staff want to use or access the same system those policies should not be applicable rather admin/IT support staff should have their policies effected once they login to the same system.

Thanks in advance.

0 Helpful

tsteger1
Level 8
Level 8
In response to pemasirid

‎09-02-2010 11:14 AM

I use user states to allow admin users to do things by using a rule module that applies only to them.

Look at the built in user state sets to become familiar with the structure.  If you use AD to define roles, you can create user state sets that include certain AD groups and assign them to rule modules that allow the activities you want them to perform.

For example, I have an AD group called AD\ServiceDesk.  I created a user state set called AD Service Desk Members with users matching and groups matching AD\ServiceDesk.

I created a rule module that allows activities that are denied by other rule modules and applied the user state set to it.

I associated it with the standard Desktop policy that is associated with the group.

Any member of that group can do things on any host in the Desktops group but standard users cannot.

Tom

pemasirid
Level 1
Level 1
In response to tsteger1

‎09-02-2010 11:33 AM

Hi Tom,

Many thanks for your reply and it was really clear explanation what I wanted to do and I really appreciated a lot..

However this is our pilot project and we going to start with 1000 clients and 100 servers. Client was concerned the above requirement and I'm glad that I will be able to fulfill now

Should I have any further issues, I will post in the netpro and looking forward your answers.. let me know how do I rate this..

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents