This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We are implementing ISE PIC - Stealthwatch integration via pxGrid.
One of the requests is to create ISE PIC user with certain permissions to use DCOM and WMI root access, as depicted in a great instructions on the link.
Customer want to know which WMI root/CIMv2 commands does ISE PIC user executes while accessing the domain controllers?
Also, on Windows Server 2016 there are limitations on providing permissions for DCOM and WMI root/CIMv2 usage. While defining permissions for ISE PIC user on DC, there also needs to be defined on which part do permissions refer to. On the whole domain or on certain Application.
On the instruction link there is a registry key value for an App id 76A64158-CB41-11D1-8B02-00600806D9B6. Does permission need to reffer to just on this App id or on the entire DC?
Solved! Go to Solution.
ISE PassiveID WMI providers use WMI to query Kerberos events in the security event logs on the domain controllers. All the group membership, DCOM, WMI, and registry changes are to ensure that.
Thank you for your reply.
As our customer is security aware and a little bit skeptic they are interested which commands does user executes under the WMI.
Do you have that information?