What workaround are you using to get the Security events out of a Windows 2012 R2 without using a domain admin or assigning a normal domain user to the local administrators group on each system ?
My only option now is to use the SIEM Collector which runs as a service.
McAfee SIEM Event Receiver 9.6.x, 9.5.x, 9.4.x
Microsoft Windows Server 2012*
Microsoft Windows Server 2008
Microsoft Windows Server 2003
The following procedures describe how to use a non-Admin account for WMI.
Group membership, security policy assignments, and permissions
You can now use the WMI collection user to collect events from WMI without having to use WMI domain admin privileges.
SIEM Release Notes:
Windows WMI and SIEM:
You have copied that information from KB74126 but failed to notice that for Windows 2012 R2 it's not applicable in case of Security events.
Standard Edition but it doesn't matter because that procedure it not valid for Security Events from 2012 R2. It clearly stated at the beginning of it.
Wow, ok. BTW: the vendor is not always right forever. Things change. Code changes, features get added.... I'm not going to argue with you. ***However if anyone else reads this article, Win2012 R2 Datacenter version works as of 11/13/2016, and for months before***