Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5104
Views
10
Helpful
4
Replies

Configure WMI

Go to solution
dmooregfb
Level 5
Level 5

‎05-15-2017 06:13 AM

Can anyone please explain exactly what the "Configure WMI" button does in ISE 2.2? I am having to detail out this information for our server admins as we attempt to implement PassiveID. I have been working with TAC but they cannot explain the detail.

Also, do anyone know if the communication between the ISE and Active Directory is Synchronous, Asynchronous, or Semisynchronous?

Thanks for any information

Dave

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

4 Replies 4

Go to solution
Craig Hyps
Level 10
Level 10

‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

Go to solution
dmooregfb
Level 5
Level 5
In response to Craig Hyps

‎05-15-2017 08:13 AM

Craig, this is exactly what I was looking for.

Regards,

Dave

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-15-2017 07:33 AM

Adding to Craig's above, it also configures the Windows firewall to allow connections from ISE PSNs.

The communication would be classified as asynchronous, as the domain controllers do not wait for such logging to pass onto all the subscribers before grant or deny accesses.

Go to solution
dmooregfb
Level 5
Level 5
In response to hslai

‎05-15-2017 08:13 AM

Thanks for this information as well!

Regards,

Dave

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents