Add Log On to the Passive Identity Agent Service
Use this procedure to enable the passive identity agent service to run as the Active Directory user. (Namely, the Directory Username user in the Active Directory realm on the Secure Firewall Management Center).
This task is optional but recommended so the passive identity agent service runs with the minimal permissions required to send login information to the Secure Firewall Management Center
Before you begin
Complete the tasks discussed in Add the Active Directory User to Groups.
You must be a Microsoft Server administrator familiar with how to add a user to a group and how to set a Windows service to run as a specific user.
Procedure
Step 1 | Log in as an administrator to the system on which the passive identity agent is running. You can log into any of the following:
|
Step 2 | In the Windows search bar, enter Services. |
Step 3 | In the Services window, right-click Cisco Passive Identity Agent. |
Step 4 | Click Properties. |
Step 5 | In the Properties dialog box, click the Log On tab. |
Step 6 | Click This account. |
Step 7 | Click Browse and follow the prompts on your screen to select the directory user. |
Step 8 | Enter the user's password in the provided fields. |
Step 9 | Click Apply. |
What to do next
-
Specify users to control and other options using an identity policy as described in Create an Identity Policy.
-
Associate the identity rule with an access control policy, which filters and optionally inspects traffic, as discussed in Associating Other Policies with Access Control.
-
Deploy your identity and access control policies to managed devices as discussed in Deploy Configuration Changes.
-
Monitor user activity .