cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

WMI Permissions

I am looking to use WMI to get a number of events. Would someone be able to help me with the permissions that are needed for this? The point of this is to not us Local or Domain admins.

Also, does anyone know how much bandwidth a WMI event normally uses?

8 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: WMI Permissions

I would start with this document on allowing access to WMI.

The easiest way to access WMI calls without using a domain admin account would be to make the account a member of the "Performance Monitor" users group.  Enable the account and enable the "Remote Enable" options for the account.  You would also want to assign the user to the Distributed COM users as well.

Dan

Highlighted
Level 9
Report Inappropriate Content
Message 3 of 9

Re: WMI Permissions

I've had good luck with using the SIEM Collector Agent to send Microsoft events instead of WMI pulls.  Sure, it means that an agent must be installed on the Windows system, but it is pretty small and I don't have to manage service accounts and permissions.

-Dave

Highlighted

Re: WMI Permissions

I am also using the SIEM collector for a large number of my systems. The problem is that is does not work on Server 2012. Plus, we are going through a merger, and have a number of systems that are not in ePO. I know the guys on the other side of the merger are not going to want to do a ton of manual configuration.

Highlighted
Level 9
Report Inappropriate Content
Message 5 of 9

Re: WMI Permissions

Okay, it was just a suggestion.  I have it running on Server 2012-Core, although I did push it with ePO.  I suspect it can be manually installed, but I haven't tried with a vanilla Server 2012.

Highlighted

Re: WMI Permissions

You're right. It does install on Server 2012. I just now remember that you must have .Net 3.5 installed, and we would perfer to not install that, and the SIEM collector is not compatible with .Net 4.5

Highlighted

Re: WMI Permissions

Highlighted

Re: WMI Permissions

Thanks for this. Not sure why I couldn't find this myself. I'll give this a try.

Highlighted

Re: WMI Permissions

No problem. LEt me know if you encounter any issues.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community