Active Directory Login Service
The AD Login Service is a user identification tool for use with the USS Gateway network proxy. It listens for network logon events (event ID 4624) to the domain and then securely sends the user and device information to one or more gateways in order to automatically identify the user.
The following operating systems are supported:
- Windows Server 2008 R2 (x64)
- Windows Server 2012 (x64)
- Windows Server 2012 R2 (x64)
Version 1.0.5 - please contact your Service Provider for more information
- Log on to the Windows server using a user account with local administrator rights.
- Run the downloaded ADLoginService.msi file
- Click Next and then select the folder to install the AD Login Service into.
- Click Next and then click Next again to confirm the installation.
- The installation files will begin copying.
- After a few moments, the installation will finish.
- Click Close to exit the installer.
The AD Login Service is installs a configuration tool called AD Login Configuration which can be used to configure the service. Run this tool from the Start menu.
It is possible to use multiple USS Gateway devices with the AD Login Service. All gateways must share the same API key and each gateway will receive all events.
To get your API key, go to the Authentication & Identification section of the local USS Gateway interface and:
- Generate a new key and paste it into the API Key field in the configuration tool, or
- Copy the existing key and paste it into the API Key field in the configuration tool
Once the API Key is set, add the IP address of each USS Gateway you want to send logon events to.
The Allow self-signed certification option allows the AD Login Service to work with the gateway, which out-of-the-box uses a self-signed certificate.
After adding or making changes to the Gateway list, you must click Save and Restart Service for the changes to take effect.
It is possible to ignore logon events from specific IP addresses. Add each IP address in IPv4 format, one per line.
After adding or making changes to the IP Filtering list, you must click Save and Restart Service for the changes to take effect.
It is possible to ignore logon events from users by creating regular expressions to match usernames.
The patterns must be valid regular expressions.
To test the patterns are working, enter the username you want to ignore into the Test text box.
After adding or making changes to the User Filtering list, you must click Save and Restart Service for the changes to take effect.