Virtual Secure Web Gateway

 View Only

  • 1.  SWG NTLM - Why Domain Admin account needed

    Posted Mar 19, 2012 08:24 AM

    Dear All,

    I've deployed SWG at one of our customers. They want to use NTLM authentication for content filtering, but they don't like to give us domain admin account because of company policy.

    Why is domain admin account needed exactly? Is it possible to use a normal user with extended rights? If it's possible which plus rights does it need?

    Thanks in advance!

    Viktor



  • 2.  RE: SWG NTLM - Why Domain Admin account needed

    Posted Mar 19, 2012 09:37 AM

    The manual requests a domain admin account so it has rights to read/access user/group information from the AD. While it is likely possible to use a regular account with extended rights, if it authentication for users becomes is not working proplerly symantec support would likely request you use a admin account as per the requirements.



  • 3.  RE: SWG NTLM - Why Domain Admin account needed

    Posted Mar 22, 2012 06:58 PM

    Have you heared about any cases where a not domain admin user was used and it worked?



  • 4.  RE: SWG NTLM - Why Domain Admin account needed

    Posted Mar 23, 2012 10:40 AM

    No. This is not information that we track.



  • 5.  RE: SWG NTLM - Why Domain Admin account needed

    Posted Jun 08, 2012 03:52 AM
    Dear all, I have also domain admin user issue, NTLM did not authenticate using normal AD user, and comapany policy did not allow admin user.... I also lock a support case the response is below: "I checked again on my Symantec Web Gateway and normally, normal domain user account should be able to query the ldap. My Symantec Web Gateway uses an normal domain user account to query the ldap server. Please, you will have to check the domain account you are using as by default with Active Directoy, domain users are able to query LDAP. " Kinldy someone guide me regarding this. Best regards Ishaq