Enabling WMI to Work with School Manager

Have more questions? Submit a request

This article is for IT support.

"WMI" Windows Management Instrumentation and School Manager can work together to monitor the appliances and devices on your network. This guide will explain how to configure the permissions to allow WMI to communicate security events to School Manager.

Before You Start

WMI will not populate the Users list in School Manager. You will need to sync School Manager with your LDAP or Azure Active Directory before adding WMI to allow School Manager to associate machine names from WMI with your Users.

You should use a domain administrator account to collect domain controller events and to authenticate your Users in School Manager. To maintain system security, you should not allow a non-domain administrator account to collect security events.

There are four steps in this process:

  1. Automatically Enable Services
  2. Check Event Viewer Logs
  3. Create and Configure the Log Reader User
  4. Configure WMI Settings

Automatically Enable Services

Confirm that the Server, DCOM Server Process Launcher (DCOM), and Windows Management Instrumentation (WMI) services are set to automatically start by opening the Services MMC snap-in.

  1. Open the Run window (Windows Key + R).
  2. Type services.msc and then select OK.
  3. The services should have a Startup Type of Automatic.
    If the service is a different Startup Type, change it to Automatic.
  4. Close the Services window.

Check Event Viewer Logs

Check the Event Viewer to ensure that the Domain Controller correctly logs events needed for WMI.

  1. Open the Run window (Windows Key + R).
  2. Type eventvwr and then select OK.
  3. Select Windows Logs > Security.
  4. Select Filter Current Log… from Action menu.
  5. Type 4768 in the <All Event IDs> box, then select OK.

Create and Configure the Log Reader User

Create a new user called Linewize Log Reader.

  1. Open the Run window (Windows Key + R).
  2. Type dsa.msc and then select OK.
  3. Expand the domain from the left-hand menu.
  4. Right-click the Users object and select New > User.
  5. In the First name box type Linewize.
  6. In the Last name box type Log Reader.
  7. In the User logon name box, type linewize.
  8. Select Next.
  9. Type a Password and confirm the password.
  10. Uncheck User must change password at next logon.
  11. Check Password never expires.
  12. Select Next.
  13. Select Finish.
  14.  

Add the new user to Distributed COM Users and Event Log Readers groups.

  1. Right-click the Linewize Log Reader user.
  2. Select the Member Of tab.
  3. Select Add...
  4. Type Distributed COM User and select Check Names.
  5. Type Event Log Readers and select Check Names.
  6. Select OK.

Tip

Add a user to your server’s local Event Log Readers group when the server is a member of the domain but not a Domain Controller.

  1. Open the Run window (Windows Key + R).
  2. Type dcomcnfg and then select OK.
  3. Expand Component services, expand Computer then right-click on My Computer and select Properties.
  4. Go to the Default Properties tab, ensure:
    • Enable Distributed COM on this computer is checked.
    • Default Authentication is set to Connect.
    • Default Impersonation Level is Identify.
  5. Go to the COM Security tab, and ensure both Access Permissions and Activation permissions are configured.
    • Under Access Permissions, select Edit Default…
    • Select Add... then type Linewize Log Reader.
    • Select Check Names and then OK.
    • Check both Allow for Local Access and Remote Access permissions.
    • Select OK.
    • Move down to Launch and Activation Permissions, select Edit Default…
    • Select Add... then type Linewize Log Reader.
    • Select Check Names and then OK.
    • Check the following Allow Local Launch, Remote Launch, Local Activation, and Remote Activation permissions.
    • Select OK.

Configure WMI Settings

Configure WMI settings through Windows Management Instrumentation (WMI).

  1. Open the Run window (Windows Key + R).
  2. Type wmimgmt.msc and select OK.
  3. Right-click WMI Control and select Properties.
  4. Go to the Security tab, expand the dropdown and select CIMV2.
  5. Select Security.
  6. Select the Linewize Log Reader user, then select Advanced.
  7. Select the Linewize Log Reader user, then select Edit.
  8. Select the Select a principal link.
  9. Type Linewize Log Reader and select Check Names.
  10. Select OK.
  11. In the Type field, select Allow.
  12. In the Applies to field, select This namespace only.
  13. Check the following Permissions:
    • Select Execute Methods.
    • Partial Write.
    • Provider Write.
    • Enable Account.
    • Remote Enable.
    • Read Security.
    • Edit Security.
  14. Select OK.
  15. Select Apply then OK.

 

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.