Video Screencast Help

SWG NTLM - Why Domain Admin account needed

Created: 19 Mar 2012 | 4 comments
viktor.nagy's picture

Dear All,

I've deployed SWG at one of our customers. They want to use NTLM authentication for content filtering, but they don't like to give us domain admin account because of company policy.

Why is domain admin account needed exactly? Is it possible to use a normal user with extended rights? If it's possible which plus rights does it need?

Thanks in advance!


Discussion Filed Under:

Comments 4 CommentsJump to latest comment

BenDC's picture

The manual requests a domain admin account so it has rights to read/access user/group information from the AD. While it is likely possible to use a regular account with extended rights, if it authentication for users becomes is not working proplerly symantec support would likely request you use a admin account as per the requirements.

viktor.nagy's picture

Have you heared about any cases where a not domain admin user was used and it worked?

BenDC's picture

No. This is not information that we track.

Muhammad Ishaq Khan's picture

Dear all,

I have also domain admin user issue, NTLM did not authenticate using normal AD user, and comapany policy did not allow admin user.... I also lock a support case the response is below:

"I checked again on my Symantec Web Gateway and normally, normal domain user account should be able to query the ldap. My Symantec Web Gateway uses an normal domain user account to query the ldap server.

Please, you will have to check the domain account you are using as by default with Active Directoy, domain users are able to query LDAP.

Kinldy someone guide me regarding this.

Best regards

Best Regards,                                     &nbsp