en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

Users

The Users function allows you to view and manage users on the Policies tab at Directory Services > Users. If you have an environment with more than one firewall in it, you can manage Users at two levels: globally and on the firewall. By selecting the global node, you can configure and make changes across all the firewalls in your environment. By selecting an individual firewall you can configure and make changes that apply only to that particular unit.

Topics:

About the Users List

The Users list has several tools that are useful for finding and managing user information. At the top of the list is a search function. Refer to Searching for Users for information on using the search.

The names in the body of the table represent what has been mirrored from either LDAP or Google Directory. Both the Name and the Display Name are shown.

The information in the Primary Group column shows that a user is a member of multiple groups. The number indicates how many other groups that user is a member of. If you hover the mouse over the group icon, a message will show indicating if this user needs to be assigned to a Primary Group. Go to Assigning a Primary Group for information on how to assign a user to a Primary Group.

A green check in the Allowed column indicates that the user is not blocked from using the filtering client. A red X indicates the user is blocked.

The Directory column indicates the source for the Users information. The options are LDAP or Google (for Google Directory).

In the Configuration column, the edit and delete icons allow you to mange the user data. Refer to Editing Users for more information on using the edit icon. Refer to Deleting Users for more information on using the delete icon.

Searching for Users

The Users Search function is useful if you have a large number of users and need find a specific one. The function can search for text in the Name, Display Name, Allowed or Directory fields. To search for a specific users, choose the node that you want to search. On the Policies tab, select Directory Services > Users.

To search for a user:
1
Select the user group field to be searched. You can select either the Name, Display Name, Allowed, or Directory fields.
2
To specify what part of that field to match against, choose from the following:
Equals—The entire field must match the text you provide.
Starts with—The field must start with the text you provide.
Ends with—The field must end with the text you provide.
Contains—The field must contain the text you provide.
3
In the blank field, type in the text that you want to search for.
4
Click Search.
5
Click Clear to return the search fields to their default values and clear the text field.

Editing Users

Selecting the edit icon for a user allows you to block or unblock a user and select a primary group.

To edit a user:
1
On the Policies tab, navigate to Directory Services > Users.
2
Click on the edit icon for the user you want to change.

3
Check the Block box to block this user from being filtered.
4
Select the Groups tab.

5
Select the Primary Group from the drop down list.
6
Click on OK to save settings.

Deleting Users

To delete users:
1
On the Policies tab, navigate to Directory Services > Users.
2
Check the box corresponding to the User you want to delete. Then, click the Delete User(s) link at the bottom of the page or click the Delete icon in the Configure column for that group.
3
When the confirmation message pops up, click on OK if you want to continue with deleting the user.
 
* 
NOTE: You can delete multiple users at a time. Check the boxes by the user names you want to delete and click the Delete User(s) link at the bottom of the page.

Assigning a Primary Group

The Users page allows you to assign users to primary groups. Primary Groups are essential in organizing users and ensuring the proper policies are assigned to each user. An individual user may belong to multiple groups, each of which has a variety of policies to enforce. To ensure the correct policies are applied to this user, the administrator should assign the primary group to which the user should belong.

To assign a user to a primary group:
1
On the Policies tab, navigate to Directory Services > Users.
2
Check the box for the user you want to assign. Multiple nodes can be selected and assigned at the same time.
3
Click on the Assign Primary Group link at the bottom of the list. A window displays.

4
Select the Primary Group from the drop-down list at the top of the window.
5
Click the OK button to finish and save changes.
 
* 
NOTE: When assigning a user to a user group, you can approach from one of two perspectives. When making the assignment from the Users page, you only see the group that individual belongs to, and you can choose a different group, if appropriate. When making the assignment from the User Group page, you can look at all the individuals that make up the user group. You can then easily validate that all the users needed for that group are included and remove any that should not be in there.

Blocking/Unblocking Users

Blocking and unblocking provides a way of managing individual licenses. If, for example, someone changed assignments and no longer needs a filtering license, you can opt to block that user’s use of the license, making it available to someone else. A blocked license can be restored.

To block users:
1
On the Policies tab, navigate to Directory Services > Users.
2
Check the box for the user you want to block. You can select more than one user at a time.
3
Select the Block User(s) link. The system asks for verification that you want to block this user.
4
Click OK to confirm that you want to block this user.
To unblock users:
1
On the Policies tab, navigate to Directory Services > Users.
2
Check the box for the user you want to unblock. You can select more than one user at a time.
3
Select the Unblock User(s) link. The system asks for verification that you want to unblock this user.
4
Click OK to confirm that you want to unblock this user.

Importing Users

You can import users from your LDAP server or from the Google Directory.

To import users:
1
On the Policies tab, navigate to Directory Services > Users.
2
Click the Import Users link at the bottom of the page. A list of available users displays. The following figure shows the view for Google Directory, but LDAP would be very similar.
3
Check the Directory Type and change it to the type you want by selecting LDAP or Google Directory from the drop down list.
4
Select the users to import and click the Save selected button to add those users to your EPRS users.

You can perform other functions from this same window. You can search for users and remove users. The search function works the same as described in other areas. Choose the field to search on, select the search parameters, provide the search string and select Search.

Users can be removed in several ways:

All selected users—Select the users from the list, then select the All selected users option. Click the Remove from list button.
Any user whose [Name/Description/Location] contains [field]—Select either Name, Description or Location from the drop down list and then the search string. For example, you may select Location, then specify the field as “San Jose” to find all users that located in San Jose. Click the Remove from list button to remove these users from the list.
All users [at/at or under]—Select either at or at or under from the drop down list. From the next drop down list, select the location of the users. For example, this option can be used to remove users under an email alias or similar groups, such as engineering@sonicwall.com. By clicking the Remove from list button, it removes all users listed in the engineering@sonicwall.com group.
 
* 
NOTE: If there are no user groups found on the LDAP server or Google Directory, a list of possible reasons displays. See the image below for an example.

Importing Users from LDIF

Similar to importing user groups from LDIF, you can import users from LDIF files. While LDAP is the recommended format to use, LDIF is a more secure method for administrators because they do not have to connect to a server to retrieve information, unlike LDAP. LDIF files must contain schema attributes that are the same as the current LDAP schema settings. The following schema is currently configured for Users:

LDAP Schema - Microsoft Active Directory
User Object class - user
Login name attribute - sAMAccountName
User group membership attribute - memberOf
Use Additional User group membership attribute - false
Group Object class - group
Member attribute - member
 
* 
NOTE: Including other LDAP attributes in the file may result in large file volume. The server may take a considerable amount of time to process the large files
 
* 
NOTE: If you need to edit the Users, you need to upload a new LDIF file with the changes.
To import Users from an LDIF file:
1
On the Policies tab, navigate to Directory Services > User Groups.
2
Click the Import Users from LDIF link at the bottom of the Users page.

3
Click the Browse button to select the LDIF file.
4
Select Import.