07-18-2019 05:19 AM
Hello Experts,
Based on the information provided in the following guide :
For Windows 2012 R2, give the Active Directory user Full Control permissions on the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
The following permissions also are required when an Active Directory user is not in the Domain Admin group, but is in the Domain Users group:
Add Registry Keys to Allow ISE-PIC to Connect to the Domain Controller (see below)
I have some questions about this permissions :
1.When we use ISE-PIC Agent does the user need the same set of permissions including the DCOM and WMI ?
2.If they are required how exactly the permissions will be used / For example to look for Group Membership of the users / Reading Event logs / Deleting some events etc ?
If somebody know more about this permissions or has more information about that will be very appreciated .
Thanks,
Solved! Go to Solution.
07-22-2019 06:46 AM
The PIC agent is acting as a WMI client. The DCOM permissions are required by Microsoft to allow a WMI client to make the WMI requests.
07-20-2019 09:35 AM
If the AD infrastructure has no special hardening and if using the credentials of an AD domain admin user to monitor the domain controllers, then this is usually sufficient without needing any additional changes. If using those of a user without domain admin privileges, then the changes are usually required unless they already done for another integration, etc. If the AD infrastructure has some special hardening, then no changes are likely required. As AD hardening is out of scope for our support, please ask the customer to consult with Microsoft.
07-22-2019 06:30 AM
Hello hslai,
Thank you for the answers !
The most important part for my customer is to understand how exactly the agent will use the permissions for WMI and DCOM ?
Thanks,
Radostin
07-22-2019 06:46 AM
The PIC agent is acting as a WMI client. The DCOM permissions are required by Microsoft to allow a WMI client to make the WMI requests.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide