6.8. Windows Authentication Agent

For Windows users within an Active Directory domain, there is one more identification method available: using a dedicated authentication agent. The agent is a service that sends user information, including the username and IP address, to the UserGate server. This allows UserGate to uniquely identify all network connections of this user without having to use other identification methods. To start working with user identification using the authorization agent, follow these steps:



Step 1. Allow the authorization agent service in the desired zone.

In the Network --> Zones section, allow the Authorization agent service for the zone where the users are located.

Step 2. Set a password for terminal server agents.

In the UserGate console, go to the UserGate --> General settings --> Modules section, click the Configure button next to the Password for terminal server agent entry, and set a password for terminal server agents.

Step 3. Install the authentication agent.

Install the authentication agent on all computers that require user identification.

Important! The authentication agent is compatible with all Windows OS versions except Windows XP.

The authentication agent is supplied with an administrative template for distribution via Active Directory policies. The administrator can use this template to deploy a correctly configured agent to a large number of user computers. Using the administrative template, the administrator can specify the IP address and port of the UserGate server as well as the password set at the previous step. For more details on deploying software using Active Directory policies, see the Microsoft documentation.

You can also install the agent without using Group Policies. To do that, install it using the setup program, and in the registry keys:

  • [HKEY_LOCAL_MACHINE\Software\Policies\Entensys\Auth Client]: sending information about all users who use a PC with the installed authorization agent;

  • [HKEY_CURRENT_USER\Software\Policies\Entensys\Auth Client]: send information only about the user for whom the agent was installed on the PC;

specify the desired UserGate server connection parameters:




UserGate will now receive user information. You can use user names as shown in Active Directory in your security policies; for that, you will need a configured LDAP connector. Absent a configured connector, you can use the Known and Unknown users.