- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 06:13 AM
Can anyone please explain exactly what the "Configure WMI" button does in ISE 2.2? I am having to detail out this information for our server admins as we attempt to implement PassiveID. I have been working with TAC but they cannot explain the detail.
Also, do anyone know if the communication between the ISE and Active Directory is Synchronous, Asynchronous, or Semisynchronous?
Thanks for any information
Dave
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 06:46 AM
Config WMI performs following tasks:
- Sets the Windows Audit Policy
- Sets permissions When AD User in the Domain Admin Group
- Sets required Permissions When AD User Not in Domain Admin Group
- Sets permissions to Use DCOM on the Domain Controller
- Sets permissions for Access to WMI Root/CIMv2 Name Space
- Grants access to the Security Event Log on the AD Domain Controller
Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:
/Craig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 06:46 AM
Config WMI performs following tasks:
- Sets the Windows Audit Policy
- Sets permissions When AD User in the Domain Admin Group
- Sets required Permissions When AD User Not in Domain Admin Group
- Sets permissions to Use DCOM on the Domain Controller
- Sets permissions for Access to WMI Root/CIMv2 Name Space
- Grants access to the Security Event Log on the AD Domain Controller
Prior to "Config WMI", it was necessary to perform these changes manually as detailed here:
/Craig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 08:13 AM
Craig, this is exactly what I was looking for.
Regards,
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 07:33 AM
Adding to Craig's above, it also configures the Windows firewall to allow connections from ISE PSNs.
The communication would be classified as asynchronous, as the domain controllers do not wait for such logging to pass onto all the subscribers before grant or deny accesses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 08:13 AM
Thanks for this information as well!
Regards,
Dave
