cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1846
Views
10
Helpful
4
Replies
Highlighted
Contributor

Configure WMI

Can anyone please explain exactly what the "Configure WMI" button does in ISE 2.2? I am having to detail out this information for our server admins as we attempt to implement PassiveID. I have been working with TAC but they cannot explain the detail.

Also, do anyone know if the communication between the ISE and Active Directory is Synchronous, Asynchronous, or Semisynchronous?

Thanks for any information

Dave

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Re: Configure WMI

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

4 REPLIES 4
Highlighted
Advocate

Re: Configure WMI

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

Highlighted
Contributor

Re: Configure WMI

Craig, this is exactly what I was looking for.

Regards,

Dave

Highlighted
Cisco Employee

Re: Configure WMI

Adding to Craig's above, it also configures the Windows firewall to allow connections from ISE PSNs.

The communication would be classified as asynchronous, as the domain controllers do not wait for such logging to pass onto all the subscribers before grant or deny accesses.

Highlighted
Contributor

Re: Configure WMI

Thanks for this information as well!

Regards,

Dave