Reset Search
 

 

Article

KB44318 - Profiler, what can cause an approved device to become unapproved?

« Go Back

Information

 
Last Modified Date11/21/2019 9:27 PM
Synopsis
Use of the PPS profiler as a device attributes server provides admins options for authenticating and authorizing devices in a number of ways. In standard role mapping rules, the “status” device attribute can have one of two values ‘approved’ or ‘unapproved’. This KB will discuss under what conditions a previously approved device may become unapproved without admin intervention.


 
Problem or Goal
Why is this device unapproved, when it was previously approved?
 
Cause
There are a few conditions in which an approved device can become unapproved. I’ll outline those conditions below.

Use of Profiler Groups:
 
  1. If you have a profiler group with the “needs manual approval” option enabled any device added to the group will have its status changed to unapproved.

Exception: If an admin manually approved a device by editing its profile in the Device Discovery Report and the device is later matched to a group with “needs manual approve” its status will not change.
  1. If a device was moved from one profiler group to another group because its profile was updated, the status can change if the new group requires “needs manual approval”.
Example: A device was initially profiled as a Printer and added to the Printers profile group, this group does not require “manual approval”. Shortly later after active scans the device was more precisely identified and added to Projector group. If the Projector group requires “needs approval” the status of that device would become unapproved.

Device Sponsoring:

Device Sponsoring is a profiler feature that forces newly discovered devices of specific categories to be automatically unapproved. A newly discovered device will default to status-approved. After active scans by the profiler a category is added, or an older category can be change. If the new category is enabled under Device Sponsoring, the status of the device will become unapproved.

Whether you are using Profiler Groups or Device Sponsoring if you want to investigate the cause of a status change, save the event log from the PPS profiler and perform a keyword search for….
 “Device (aa:bb:cc:dd:11:22) has changed profile from” and replace the mac address with the mac address of the device you are investigating.
Example:
info - System()[][] - 2019/10/08 16:18:35 - Device (00:11:22:33:aa:bb) has changed profile from Linux 2.x to Linux 2.6.32.
You can also view status changes from the device entry in the Device Discovery Report by expanding the device entry and selecting the History tab and then selecting Status from the drop down. In the example below a device was unapproved due to having a category enabled in Device Sponsoring, its status was later changed by the admin manually approving it. The “source” can also be any collector that changes the category of a device. If a device with no category was scanned, let say by NMAP,  and NMAP determined the device to be a Printer/Scanner, if the Printer/Scanner category was sponsored, then the source for the status change would be NMAP.


 
Solution
Related Links
Attachment 1 
Created ByBrian Pimentel

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255