WMI log collection using a non-admin domain user

Similar documents
Grant Minimum Permission to an Active Directory User Account Used by the Sourcefire User Agent

User Agent Preparing the Windows Environment and Installing the User Agent. How-To

A guide to configure agents for log collection in Log360

Purpose. Target Audience. Windows Machine Requirements. Windows Server Core (No Desktop) Nagios XI. Monitoring Windows Using WMI

Password Reset Utility. Configuration

Backup using Quantum vmpro with Symantec Backup Exec release 2012

A guide to configure agents for log collection in EventLog Analyzer

ManageEngine EventLog Analyzer. Installation of agent via Group Policy Objects (GPO)

ADVANCED WINDOWS AUDITING

NETWRIX PASSWORD EXPIRATION NOTIFIER

Windows Management Instrumentation Troubleshooting for Orion APM

Required privileges and permissions

Course CLD211.5x Microsoft SharePoint 2016: Search and Content Management

Integrate Microsoft Office 365. EventTracker v8.x and above

Monitoring Windows Systems with WMI

JAMS 7.X Getting Started Guide

ManageEngine EventLog Analyzer Quick Start Guide

Content Matrix. Evaluation Guide. February 12,

NETWRIX INACTIVE USER TRACKER

Integrate Palo Alto Traps. EventTracker v8.x and above

High Availability Configuration Guide

Integrate Microsoft ATP. EventTracker v8.x and above

Managing the CaseMap Admin Console User Guide

DefendX Software Control-Audit for Hitachi Installation Guide

Administration Guide

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Causeway ECM Team Notifications. Online Help. Online Help Documentation. Production Release. February 2016

Outlook Desktop Application for Windows

Microsoft Outlook. How To Share A Departmental Mailbox s Calendar

Envelope Journaling for Microsoft Exchange 2003 Version 1.0

Netwrix Auditor for Active Directory

Esko. Suite 12 Engines Installation (Beta)

Multi-Sponsor Environment. SAS Clinical Trial Data Transparency User Guide

How to create a System Logon Account in Backup Exec for Windows Servers

Secret Server Demo Outline

High Availability Enabling SSL Database Migration Auto Backup and Auto Update Mail Server and Proxy Settings Support...

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

Remote Process Explorer

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Configuring Remote Access using the RDS Gateway

VMware AirWatch Database Migration Guide A sample procedure for migrating your AirWatch database

How to Configure Connection Fallback using Multiple VPN Gateways

Colligo Engage Console. User Guide

User Administration Vaultview Security

McAfee Security Connected Integrating epo and MFECC

Active Directory Auditing Guide

Web Intelligence Rich Client Getting Started Business Objects 4.1

File Synchronization Service User Manual. Delogue

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

1 Installing the integration server

Lab 11-1 Lab User Profiles and Tracking

Nagios XI Monitoring Windows Event Logs With NagEventLog

JAMS 7.X Getting Started Guide

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Sophos Transparent Authentication Suite Quick Start Guide. Product version: 2.0 Document date: Wednesday, July 05, 2017

Netwrix Auditor for Active Directory

CRA Wiz and Fair Lending Wiz: Installation Instructions NEW Installation

Remote Access User Guide for Mac OS (Citrix Instructions)

Windows 7 Professional 64 bit Installation and Configuration for MassLynx or Empower Controlled Ethernet Instrument Communication

ESOA_SPD_

Active Directory Validation - User Guide

XIA Configuration Server

Acronis Backup & Recovery 11 Beta Advanced Editions

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

SharePoint AD Administration Tutorial for SharePoint 2007

Avaya Event Processor Release 2.2 Operations, Administration, and Maintenance Interface

Cybowall Configuration Guide

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

BDM Hyperion Workspace Basics

Microsoft Outlook Live

Exclaimer Mail Archiver

Exchange Server 2010 Permissions Document

SARS ANYWHERE ADMINISTRATION MANUAL APPENDICES

Integrate EMC Isilon. EventTracker v8.x and above

Delegating Access & Managing Another Person s Mail/Calendar with Outlook. Information Technology

User Manual. Active Directory Change Tracker

NETWRIX PASSWORD EXPIRATION NOTIFIER

The purpose of this document is to get you up and running with SofTrack in 20 minutes or less!

NETWRIX WINDOWS SERVER CHANGE REPORTER

Netwrix Auditor. Tips and Tricks: How To Create Custom Active Directory Alerts. Version: /22/2014

IBM Cognos Analytics 11 Report User Training Scheduling Reports Job Aid

Cisco TelePresence Management Suite Extension for Microsoft Exchange

Perceptive Interact for EpicCare Link

Using the Orchestration Console in System Center 2012 R2 Orchestrator

Reset the Admin Password with the ExtraHop Rescue CD

10ZiG Technology. Thin Desktop Quick Start Guide

Farin Foresight/Insight RemoteApp Access Document last updated: 2/7/2017

Contents Upgrading BFInventory iii

Integrate MySQL Server EventTracker Enterprise

Application Notes for Infoblox DNSone in an Avaya IP Office IP Telephony Infrastructure Issue 1.0

DOWNLOADING AND LICENSING STEALTHWATCH PRODUCTS

SmartLock Pro Plus Photo View OPERATOR GUIDE

Interact for Epic. Installation Guide. Version: 6.7.x

Integrating Barracuda SSL VPN

Status Web Evaluator s Guide Software Pursuits, Inc.

ANIXIS Password Reset

NETWRIX GROUP POLICY CHANGE REPORTER

!!!!!!!!!!Please Read before upgrading!!!!!!!!

BusinessObjects Enterprise / Crystal Reports Server XI R1 and R2

Transcription:

WMI log collection using a non-admin domain user

To collect WMI logs from a domain controller in EventLog Analyer, it is necessary to add a domain admin account of that domain in it. Alternatively, you can create a user account in Active Directory with sufficient permissions to collect WMI logs from the Domain Controller, and add that account in EventLog Analyzer. This document provides step-by-step instructions to create a domain user account in Active Directory and assign permissions to collect WMI logs from a domain controller. Outline Create a non-admin domain user in Active Directory. Add the user to Performance Log Users and Distributed COM Users group. Create a new group policy in the Group Policy management console. Assign rights to the created user. Enforce the created Group Policy. Update the Group Policy on the WMI client and server. Grant WMI Namespace Security Rights to the created user. Grant COM permissions to the created user. For log collection, use this user s credentials in the EventLog Analyzer web-console. 1

Steps 1. Create a non-admin domain user in Active Directory a. Navigate to Active Directory Users and Computers. b. Click on Users New User. c. Enter the user details such as first name, last name, logon name, and password in the window that opens and create the user. 2. Add the created user to the Performance Log Users and Distributed COM Users group Right-click on the created user and click Add to a group. The user needs to be added to the following groups. Performance Log Users Distributed COM Users 2

3. Create a new Group Policy in the Group Policy Management console. 4. Assign rights to the created user a. Right click on the created Group Policy and click Edit. b. The Group Policy Management Editor will open. Navigate to Computer Configurations Policies Windows Settings Security Settings Local Policies User Rights Assignment. c. Right-click on the specific right and click on Properties. Rights to be granted Act as part of the operating system Log on as a batch job Log on as a service Replace a process level token Manage Auditing and Security Log Properties d. Enable the Define these policy settings, click on Add User or Group, select the created user and click Apply. 3

5. Enforce the created Group Policy In the left pane, right-click on the created Group Policy and click Enforce. 6. Update the created Group Policy on the WMI client and server Open Command Prompt as an administrator in both the client and server, and run the command below. 7. Grant WMI Namespace Security Rights to the created user a. In the Domain Controller from which the logs are to be collected, open the Run command and type wmimgmt.msc to open the WMI Management Console. 4

b. Right-click on WMI Control(Local) and click on Properties. c. In the WMI Control Properties popup that opens, click on the Security tab. d. In the Security tab, expand the Root NameSpace and select CIMV2 Namespace. e. Click the Security button that appears on the bottom right corner to open the Security for ROOT\CIMV2. f. Click Add and select the created user. g. The user now needs to be granted permissions. To do this, click on the user and check the Allow boxes for the permissions below. i Execute Methods ii Enable Account iii Remote Enable iv Read Security h. Apply the changes and click OK to exit the WMI Management console. 5

8. Grant COM permissions to the created user a. In the Domain Controller from which the logs are to be collected, navigate to Start Administrative Tools Component Services. b. Expand the Computers folder, navigate to My Computer Properties COM SECURITY. c. Under Access Permissions, click on Edit Limits and add the created user by clicking Add. Grant all the permissions and click OK. 6

d. Under Launch and Activation Permissions, click on Edit Limits and add the created user by clicking Add. Grant all the permissions and click OK. Once you grant all the above mentioned permissions, the created non-admin user will be able to collect logs from a domain controller. 9. For log collection, use this user s credentials in the EventLog Analyzer web-console. EventLog Analyzer is a comprehensive log management and IT compliance tool for SIEM. The solution provides detailed insights into your log data with audit reports and alert profiles to help mitigate threats and secure your network.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback