What priviledge need user-id agent user to work with WMI?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What priviledge need user-id agent user to work with WMI?

Not applicable

Hello,

We need to know the priviledge minimum to the user-id user to work with the WMI probes and it can't look the security log of DC.

The problem is that on the security log appears one user of application siteadvisor that is installed on every PC of domain.

Then, when we execute the Get All on User-Id Agent, the 90% of IP addresses are assigned to the same username, but if we execute the " wmic /node:remotecomputer computersystem get username" with administrator domain user command we obtain the correct user logged on the PC.

If you know any other solution a this problem, I'm opened to hear.

Thanks.

5 REPLIES 5

L6 Presenter

I would suggest that you ignore the siteadvisor user. You can do this by creating a file in the Pan Agent installation folder named:

ignore_user_list.txt

In this file you would put one user per line for each user that you wish the Pan Agent to ignore. For example:

siteadvisor

administrator

NOTE: do not prepend the domain name!

Once you have created this file you must re-start the Pan Agent service. The service only reads this file when it starts up.

-Benjamin

Hello,

I have this very same problem. But if I ignore the administrator user, then the administrator can never have permits to go to Internet.

What can I do in this case???

Thanks

Hi There,

You can create a new AD account that has the relevant rights and ignore this system account.  Or you could enable captive portal for unknown users.

Thanks

James

Thanks for the answer 🙂

Anyway, how is it possible that we get the same user on so many IPs? Shouldn´t this be fixed already?

Thanks again

L2 Linker

You should add the USER-ID account to the "Remote Desktop Users"

From Microsoft Documentation

 

Connecting to WMI remotely requires that you first configure the Windows Firewall on the server to allow this. Incorrect Windows Firewall settings are usually identified by receiving the "RPC Server Unavailable" error message when trying to remotely connect to the VisualSVN Server using the management console.

Windows Firewall configuration should be done locally on the server by the user with administrator rights. While Windows Firewall can be configured via the Control Panel, you may find it easier to use the the netsh utility at the command prompt. Appropriate command lines are as follows:

  • For Windows XP/Windows Server 2003: 
    netsh firewall set service RemoteAdmin enable
  • For Windows Vista/Windows Server 2008 (note that command line should be executed in the elevated command prompt): 
    netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

 

Note that in a non-domain environment, granted permissions can be filtered-down by User Account Control (UAC) (set it to 1)

  • 3754 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!