Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6137
Views
11
Helpful
4
Replies

Configure WMI

Go to solution
dmooregfb
Level 5
Level 5

‎05-15-2017 06:13 AM

Can anyone please explain exactly what the "Configure WMI" button does in ISE 2.2? I am having to detail out this information for our server admins as we attempt to implement PassiveID. I have been working with TAC but they cannot explain the detail.

Also, do anyone know if the communication between the ISE and Active Directory is Synchronous, Asynchronous, or Semisynchronous?

Thanks for any information

Dave

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

4 Replies 4

Go to solution
Craig Hyps
Level 10
Level 10

‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

Go to solution
dmooregfb
Level 5
Level 5
In response to Craig Hyps

‎05-15-2017 08:13 AM

Craig, this is exactly what I was looking for.

Regards,

Dave

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-15-2017 07:33 AM

Adding to Craig's above, it also configures the Windows firewall to allow connections from ISE PSNs.

The communication would be classified as asynchronous, as the domain controllers do not wait for such logging to pass onto all the subscribers before grant or deny accesses.

Go to solution
dmooregfb
Level 5
Level 5
In response to hslai

‎05-15-2017 08:13 AM

Thanks for this information as well!

Regards,

Dave

Customers Also Viewed These Support Documents