Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Configuring normal (non-administrative) accounts for WMI remote access

03/26/2020 13 People found this article helpful 198,263 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    The SonicWall Directory Services Connector and the Single Sign-On Agent are used to identify users who are logged in to the Windows domain. In previous releases, the SSO Agent could be configured to use either WMI or NetAPI to communicate with user workstations for user identification, by using the Domain administrator account. A new Query Source option to use the Domain Controller Security Log is available, which does not require use of the Domain administrator account. This option still requires read access to the security log, but this can be accomplished for a non-admin account by using the method described in this article.

    Resolution

    The best configuration procedure is to create/allow a user, and then add the user to the DCOM Users and Performance Monitor Users groups. The DCOM Users group already has remote access rights to the DCOM and the Performance Monitor Users group already has rights to read the performance counts. To configure non- administrator accounts for WMI remote access, perform the steps in the following sections:

    Configuring the Domain Controller
    Perform the following steps on the Domain Controller:

    NOTE: This configuration example uses “TestDomainUser” as the username.

    1. Create a normal (non-administrative) user.
      Image

    2. Add the user to the Performance Monitor Users and DCOM Users groups.
      Image

      Image

    3. Open the wmimgmt.msc window.
    4. Select WMI Control (Local) from the left.
    5. Select the Properties.
      Image

    6. In the Properties window, select the Security tab.
    7. Select the Root file, then click the Security button.
      Image

    8. In the Enter the Object Names panel, enter the Performance Monitor Users group.
      Image

    9. In the Security for Root window, enable the Executive Methods, Enable Account, and Remote Enable checkboxes.
      Image

    10. Click the Advanced button
    11. Select the Performance Monitor Users group, then click the Edit button.
      Image

    12. In the Apply Onto: field, click the drop-down list and select This namespace and subnamespaces. This allows read-only access to the whole WMI tree.
      Image

    Configuring the Windows Firewall
    If the firewall blocks the remote WMI access, perform the following configuration steps on the Windows Firewall:

    1. Navigate to the Windows Control Panel.
    2. Click the Windows Firewall link.
    3. In the left panel, select the Allow a program or feature through Windows Firewall option.
      Image

    4. Navigate to Component Services | Computers | My Computer, then select Properties.
    5. Select the Windows Management Instrumentation checkbox, then select the Domain and Home/Work (Private) checkboxes.
      Image

    Configuring the DCOM Access
    If the predefined DCOM Users group is not used, perform the following configuration steps for DCOM access:

    1. Start the dcomcnfg.exe.
    2. Open Component Services | Computers | My Computer.
    3. Select the Properties.
      Image
    4. Click the COM Security tab.
    5. In the Launch and Activate Permissions panel, click the Edit Limits button.
      Image
    6. In the Group or User Names panel select Distributed COM Users.
    7. In the Permissions for Distributed COM Users panel, select all the Allow checkboxes.
      Image

    Updating Registry Settings for Windows 2003 and 2008
    To read the Security Event Log you need to update the registry settings for Windows. Perform the following configuration steps to update your registry settings:

    CAUTION: Be very careful when changing the registry settings on your Domain Controller. Be sure to make a backup copy of the registry before making any changes.

    •  Windows 2003
      1. Locate the Security Event Log Key:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
      2. Locate the original value of the CustomSD:
        O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)
      3. Insert the new value into the CustomSD:
        O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;AU)
    • Windows 2008
      1. Configure WMI remote access (if not already completed in the previous sections).
      2. Add the Event Log Readers group to the user account.
      3. Add the TestDomainUser to the Event Log Readers group.
        Image

    Related Articles

    • How to change the HTTP and HTTPS management ports on UTM Appliances using CLI
    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI

    Categories

    • Firewalls > SonicWall SuperMassive 9000 Series > User Login
    • Firewalls > SonicWall NSA Series > User Login
    • Firewalls > TZ Series > User Login

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top