Important
This is only for schools in Australia and New Zealand. Schools and districts in the United States must not enable WMI.
This article is for IT support.
Windows Management Instrumentation (WMI) and School Manager can work together to monitor the appliances and devices on your network. This guide explains how to configure WMI so it can communicate security events to School Manager.
Before You Start
WMI will not populate the Users list in School Manager. You will need to sync School Manager with your LDAP or Microsoft Entra ID before adding WMI. This will allow School Manager to associate machine names from WMI with your Users.
Configuring WMI for School Manager
Warning
If you have already created a dedicated Linewize administrator account for LDAP sync, you can use the same account to configure these roles.
There are six steps in this process:
- Verifying services are set to start automatically
- Assigning permissions to the administrator account
- Enabling Component Services
- Configuring WMI Settings
- Configuring 4768 Event Auditing
- Checking Event Viewer Logs
After completing these steps, you can continue Adding a WMI Domain Controller to School Manager.
1. Verify services are set to start automatically
First, you need to check if the 'Server' 'DCOM' and 'WMI' services will automatically start.
- Open the Run window.
- Type services.msc then select OK.
- In the services list, you should see Startup Type of Automatic.
If the service is a different Startup Type, change it to Automatic.
2. Assigning permissions to the administrator account
- Go to Active Directory Users & Groups.
- Find your dedicated Linewize administrator account.
- Right-click the User, and go to Properties > Member Of .
- Add the user to the Event Log Readers & Distributed COM Users groups.
3. Enabling Component Services
-
- Open the Run window.
- Type dcomcnfg then select OK.
- Right-click My Computer and open Properties.
- Go to the Default Properties tab.
- Tick the Enable Distributed COM on this computer checkbox.
- Tick the Enable COM Internet Services on this computer checkbox.
- Using the Default Authentication Level dropdown, select Connect.
- Using the Default Impersonation Level dropdown, select Identify.
- Go to the COM Security tab.
- For Access Permissions:
-
-
- Select Edit Default, then add your administrator account.
- Tick the Allow checkbox for Local Access and Remote Access.
-
- For Launch and Activation Permissions:
-
-
- Select Edit Default, then add your administrator account.
- Tick the Allow checkbox for Local Access, Remote Access, Local Activation and Remote Activation.
-
4. Configuring WMI Settings
- Open the Run window.
- Type wmimgmt.msc then select OK.
- Right-click WMI Control (Local) and open the Properties.
- Go to the Security tab, expand the Root folder, select CIMV2 then select Security.
- Select Advanced, select Add, then add your administrator account.
- Ensure the following Permissions are ticked:
- Execute Methods
- Partial Write
- Provider Write
- Enable Account
- Remote Enable
- Read Security
- Edit Security
5. Configuring 4768 Event Auditing
This policy should be set up in group policy to ensure it propagates to all domain controllers on the network. Typically, this is the 'Default Domain Controllers Policy'.
- Go to Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Account Logon > Kerberos Authentication Service > Account Logon Events > Success.
- Check if there are any additional audit policies configured. If there are other policies configured, you will need to disable them as it may cause issues with events.
Info
If you have concerns about disabling other policies, contact Linewize Support.
- Go to Command Prompt and run gpupdate /force
- Next, run auditpol /get /category:*
- If the steps were completed correctly. You will see that the only policy enabled is the policy created in Step 1.
6. Checking Event Viewer Logs
Check the Event Viewer to ensure the Domain Controller correctly logs events needed for WMI.
- Open the Run window
- Type eventvwr and then select OK.
- Select Windows Logs > Security.
- Select Filter Current Log from the Action menu.
- Type 4768 in the <All Event IDs> box, then select OK.
- If the events are functioning correctly, you will see the logs.
You can now continue to Adding a WMI Domain Controller to School Manager.
Comments
0 commentsPlease sign in to leave a comment.