https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492139#M496272 <HTML><HEAD></HEAD><BODY><P>these 2 keys: </P><P>HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}</P><P>HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}</P></BODY></HTML> Wed, 11 Jul 2018 14:27:48 GMT csco11552159 2018-07-11T14:27:48Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492138#M496271 <HTML><HEAD></HEAD><BODY><P>i m following the PIC document: </P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01000.html#task_784A7F6991594B11B1BAD206FDCD249B" title="https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01000.html#task_784A7F6991594B11B1BAD206FDCD249B">https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01000.html#task_784A7…</A></P><P></P><P>when we talk to our Corp Sec and ID team for changing registry key to allow our account with full control of DCOM/WMI key, they want to know the reason of the change. If we have Domain Admin account with read only access, will this do the work?</P><P></P><P>anyone can explain why we need full control?</P><P></P><P>this will be really help.</P><P></P><P>thank you.</P></BODY></HTML> Wed, 11 Jul 2018 14:21:32 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492138#M496271 csco11552159 2018-07-11T14:21:32Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492139#M496272 <HTML><HEAD></HEAD><BODY><P>these 2 keys: </P><P>HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}</P><P>HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}</P></BODY></HTML> Wed, 11 Jul 2018 14:27:48 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492139#M496272 csco11552159 2018-07-11T14:27:48Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492140#M496273 <HTML><HEAD></HEAD><BODY><P>In my earlier tests, it's to facilitate adding registry keys and values; that is, we won't be able to add the two registry keys (shown below) unless the administrators have the ownership and full control to "HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}".</P><P></P><UL><LI>reg add HKCR\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} /v AppID /t REG_SZ /d "{76A64158-CB41-11D1-8B02-00600806D9B6}"</LI><LI>reg add HKCR\AppID\{76A64158-CB41-11D1-8B02-00600806D9B6} /v DllSurrogate /t REG_SZ /d "&nbsp; "</LI></UL><P></P><P>IIRC, we need not touch the other key, the one under HKLM\Software, as it gets it from the first one.</P></BODY></HTML> Wed, 11 Jul 2018 17:19:04 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492140#M496273 hslai 2018-07-11T17:19:04Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492141#M496274 <HTML><HEAD></HEAD><BODY><P>thank you. so if we manually created these keys, we can try to avoid "Full control", right ? </P><P></P><P></P><P>regarding the key is adding, for 64 bit is located at, right? </P><P><CODE style="padding: 1px 0;">HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}<BR />AppID = {76A64158-CB41-11D1-8B02-00600806D9B6}</CODE></P></BODY></HTML> Wed, 11 Jul 2018 18:46:54 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492141#M496274 csco11552159 2018-07-11T18:46:54Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492142#M496275 <HTML><HEAD></HEAD><BODY><P>I can't think of a way for us to avoid changing owner to "Administrators" with "Full Control" in order to perform the "reg add" operations successfully.</P><P>We might be able to revert the ownership change afterwards but I've never tried it myself.</P></BODY></HTML> Wed, 11 Jul 2018 20:59:46 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492142#M496275 hslai 2018-07-11T20:59:46Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492143#M496276 <HTML><HEAD></HEAD><BODY><P>so we have to change all our DC's registry to make it work ,right? </P><P></P><P>will require the same setup for Server 16? </P><P></P><P>thank you.</P></BODY></HTML> Thu, 12 Jul 2018 18:10:17 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492143#M496276 csco11552159 2018-07-12T18:10:17Z https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492144#M496277 <HTML><HEAD></HEAD><BODY><P>Yes, if to use WMI providers directly, on all domain controllers, including Windows 2016 servers, to be monitored. If not using Easy Connect, you might want to consider installing PIC agents.</P></BODY></HTML> Fri, 13 Jul 2018 04:17:05 GMT https://community.cisco.com/t5/network-access-control/pic-identity-mapping-question-about-dcom-and-wmi-registry-key/m-p/3492144#M496277 hslai 2018-07-13T04:17:05Z