Skip to Content

Windows 2012 configuration for events collection

        I.            Add User

Ref :http://technet.microsoft.com/en-in/library/jj713507.aspx#BKMK_Manage1

 

      II.            Set log access policy

  1. Goto the "Administrative Tools"
  2. Select Local Security Policy
  3. Navigate to "Security Settings->LocaL Policies->User Rights Assignment
  4. On the right hand frame double click on the "Manage auditing and security log" option
  5. Add the user you created earlier.

Ref : http://technet.microsoft.com/en-us/library/cc957161.aspx

 

    III.            To grant DCOM remote launch and activation permissions for a user or group

  1. Click Start, click Run, type DCOMCNFG, and then click OK.
  2. In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
  3. In the My Computer Properties dialog box, click the COM Security tab.
  4. Under Launch and Activation Permissions, click Edit Limits/Defaults.
  5. In the Launch Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:
  6. In the Launch Permission dialog box, click Add.
  7. In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.
  8. In the Launch Permission dialog box, select your user and group in the Group or user names box. In the Allow column under Permissions for User, select Remote Launch and select Remote Activation, and then click OK.
  9. Under Launch and Access Permissions , click Edit Limits/Defaults.
  10. In the Access Permissions dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:
  11. In the Access Permissions dialog box, click Add.
  12. In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.
  13. In the Access Permissions dialog box, select your user and group in the Group or user names box. In the Allow column under Permissions for User, select Remote Access and then click OK.
  14. Clock OK on the COM Security tab

Ref http://technet.microsoft.com/en-us/library/bb633148.aspx

 

    IV.            Setting Namespace Security with the WMI Control

  1. click start, click Run, type wmimgmt.msc and press enter
  2. In the WMI Control pane, right-click WMI Control, choose Properties, and then select the Security tab.
  3. Expand the Root node, selet the CIMV2 entry and then press the Security button
  4. click on the advanced button. In the permission tab click on the Add button
  5. In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.   
  6. From the "Apply to" drop down select "This namespace and subnamespaces" option
  7. Under the Allow column, select "Enable Account" and "Remote Enable" options.
  8. Press the ok button on all open windows (until the WMI control panel exits)

Ref http://technet.microsoft.com/en-us/library/cc771551.aspx

 

      V.            Adding the user to “Event Log Readers” group

  1. Go to Start-Computer-(right-click)->Manage->tools(on right hand top corner)->Computer Management
  2. Local Users and Groups (on the left hand side tree)
  3. Double click on Users
  4. Select your user and do a right click
  5. Select properties from the menu
  6. Click on tab "Member of", on the new window
  7. Adding the user to the group "Event Log Readers",
  8. Click on Add... Button, type in "Event Log Readers" to search for the group.
  9. Click on Check Names... button, press Ok.
  10. Close all open windows.

Ref: http://technet.microsoft.com/en-us/library/cc748890.aspx

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC TrueSight IT Data Analytics 1.1