Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2003
Views
10
Helpful
4
Replies
Highlighted
dmooregfb
Contributor
Contributor
‎05-15-2017 06:13 AM
‎05-15-2017 06:13 AM

Configure WMI

Can anyone please explain exactly what the "Configure WMI" button does in ISE 2.2? I am having to detail out this information for our server admins as we attempt to implement PassiveID. I have been working with TAC but they cannot explain the detail.

Also, do anyone know if the communication between the ISE and Active Directory is Synchronous, Asynchronous, or Semisynchronous?

Thanks for any information

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Craig Hyps
Advocate
Advocate
‎05-15-2017 06:46 AM
‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

4 REPLIES 4
Highlighted
Craig Hyps
Advocate
Advocate
‎05-15-2017 06:46 AM
‎05-15-2017 06:46 AM

Config WMI performs following tasks:

  • Sets the Windows Audit Policy
  • Sets permissions When AD User in the Domain Admin Group
  • Sets required Permissions When AD User Not in Domain Admin Group
  • Sets permissions to Use DCOM on the Domain Controller
  • Sets permissions for Access to WMI Root/CIMv2 Name Space
  • Grants access to the Security Event Log on the AD Domain Controller

Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

/Craig

View solution in original post

Highlighted
dmooregfb
Contributor
Contributor
In response to Craig Hyps
‎05-15-2017 08:13 AM
‎05-15-2017 08:13 AM

Craig, this is exactly what I was looking for.

Regards,

Dave

Highlighted
hslai
Cisco Employee
Cisco Employee
‎05-15-2017 07:33 AM
‎05-15-2017 07:33 AM

Adding to Craig's above, it also configures the Windows firewall to allow connections from ISE PSNs.

The communication would be classified as asynchronous, as the domain controllers do not wait for such logging to pass onto all the subscribers before grant or deny accesses.

Highlighted
dmooregfb
Contributor
Contributor
In response to hslai
‎05-15-2017 08:13 AM
‎05-15-2017 08:13 AM

Thanks for this information as well!

Regards,

Dave

Latest Contents
Cisco VPN Client - AnyConnect: connection problems
Created by ShamilaGul58174 on 09-19-2020 07:49 AM
1
0
1
0
the Cisco CPN Client for a long time to connect to a VPN Server. Now I've got a new machine with a Windows 7 64 bit. The Cisco VPN Client isn't avaiable in a 64 bit version. Cisco suggests to use Cisco AnyConnect instead because there'a 64 bit version ava... view more
How To: Splunk and ISE pxGrid Adaptive Network Control (ANC)...
Created by thomas on 09-18-2020 11:19 AM
2
2
2
2
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu... view more
Enabling AMP on Content Security Products – Best Practices
Created by Robert Sherwin on 09-18-2020 11:19 AM
1
10
1
10
8/7/2018 Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0).  Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis). &n... view more
NetFlow Support Matrix
Created by hanjabbo on 09-18-2020 11:19 AM
13
79
13
79
Updated: July 2018 New: Updated format , Netflow configuration examples per platform (End of Table) Note: Remember the table is scrollable horizontally to view other columns, not only vertically   Platform Feature Set IOS / IOS XE NetFlow F... view more
Email Security Content Tailored For You
Created by ashherri on 09-18-2020 11:19 AM
0
0
0
0
                                                                        &... view more
Content for Community-Ad
Cisco Community August2020 Spotlight Award Winners

Follow our Social Media Channels