To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Duplicated UID due to cloned image

Avaya
Avaya W/ Alumni Posts: 5 Security Scout
edited January 2023 in WithSecure Business Suite

The subject problem probably happened years before I onboard. I know how to reset the UID but have no clue how to identify the windows machines which have the duplicated UID.

I tried to export an identities report from PMC, however it only shows one record per UID but not all. Is there any way to do so?

Best Answer

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff
    Answer ✓

    Hi Avaya,

    If host has duplicated ID, it means that each time it connects to Policy Manager, it gets new policies. So, if you have thousands in policy version - it means number of clients are behind same identity.

    But, ancient clients were using epoch timestamp as policy version and with those ones it is not that easy and you need aggregation of request.log

    But again, if you did not change policies for a week but see that hosts are receiving response 200 for 'settings' request, you get the list of identities to check.

Answers

  • Avaya
    Avaya W/ Alumni Posts: 5 Security Scout

    Thank you so much MonikaL!

    I followed your suggestion and managed to identify the PCs from the request logs.

    The log location is .\F-Secure\Management Server 5\logs

This discussion has been closed.