User acceptance audit events
The following audit events are triggered by the user acceptance process during the start of a remote control session.
The session audit log from the target showed the same event to indicate that a session was accepted that is Session Accepted. Reason: User Allowed. It was not possible to tell from the audit event whether the session was accepted by the user or whether it was accepted automatically for another reason. To improve auditing, the following audit event was deprecated and replaced with four new audit events.
| Event ID | Event Description |
|---|---|
| ibm.trc.audit.0003 | Session Accepted. Reason: {\0} |
| Event ID | Event Description | Comments |
|---|---|---|
| ibm.trc.audit.0046 | Session Accepted by {0} | The session was accepted by the user on the target system. {0} is replaced with the user ID of the current user |
| ibm.trc.audit.0047 | Session accepted automatically after timeout | The session was accepted automatically because the user did not respond to the user acceptance prompt before the Acceptance grace time policy expired. The Acceptance timeout action policy is set to proceed. |
| ibm.trc.audit.0048 | Session accepted automatically because connect at logon is allowed | The session was accepted automatically because there was no user logged on to the target system console and Connect at logon was enabled and set to Yes. |
| ibm.trc.audit.0049 | Session accepted. User acceptance is disabled. | The session was accepted automatically because
user acceptance was not enabled. Note: User acceptance can be disabled by
using the Enable user acceptance for incoming connections policy.
However, when this policy is enabled and set to Yes, user acceptance
can be disabled for other reasons. If the Acceptance grace
time policy is set to less then 5 seconds, user acceptance
is disabled automatically. This is because the target user would not
have enough time to react to the user acceptance prompt. User acceptance
is also disabled automatically whenever the target is unable to start
the graphical user interface. |
Note: Take note of the following values for the user ID
that is displayed in the user acceptance window:
- If the session is started from the remote control server, the user ID that the controller uses to authenticate against the IBM® BigFix® Remote Control server is displayed.
- If the session is started by running the stand-alone controller console, the user ID that the controller user uses to log on to their local system is displayed.