Contact UsContact Us

WMI Configuration for School Manager

This article is intended for IT support.

Important

Allowing a non-domain administrator account to collect security events is not best practice and may not be secure. Please contact Linewize Support before setting this up. The easiest way to collect domain controller event logs to authenticate users is to use a domain administrator account.

This guide will explain how to configure an account with the appropriate permissions to allow a non-domain admin account to collect security events. There are four steps in this process:

  1. Automatically enable services
  2. Check Event Viewer logs
  3. Create and configure the user
  4. Configure WMI settings

Automatically enable services

  1. Confirm that the Server, DCOM Server Process Launcher, and Windows Management Instrumentation services are set to automatically start by opening the Services MMC snap-in.
    1. Open the Run window (Windows Key + R)
    2. Type services.msc and then select OK
    3. The services should have a Startup Type of Automatic. If they are set to a different Startup Type, change it to Automatic
    4. Close the Services window

Check Event Viewer Logs

  1.  Check the Event Viewer to ensure that the Domain Controller correctly logs events needed for WMI.
    1. Open the Run window (Windows Key + R)
    2. Type eventvwr and then select OK
    3. Select Windows Logs > Security
    4. Select Filter Current Log… from Action menu
    5. Type 4768 in the <All Event IDs> box, then select OK

Create and configure the user

  1. Create a new user called Linewize Log Reader
    1. Open the Run window (Windows Key + R)
    2. Type dsa.msc and then select OK
    3. Expand the domain from the left hand menu
    4. Right click the Users object and select New > User   
    5. In the First name box type Linewize
    6. In the Last name box type Log Reader
    7. In the User logon name box, type linewize
    8. Click Next
    9. Type a Password and Confirm password 
    10. Uncheck User must change password at next logon
    11. Check Password never expires
    12. Click Next
    13. Click Finish
  2. Add the new user to Distributed COM Users and Event Log Readers groups
    1. Right click the Linewize Log Reader user
    2. Click the Member Of tab 
    3. Click Add...
    4. Type Distributed COM User and click Check Names
    5. Type Event Log Readers and click Check Names
    6. Click OK
      Note
      When reading event logs from a server that is a member of the domain rather than a Domain Controller, you will need to add the user to the server's local Event Log Readers group
    7. Create a new user called Linewize Log Reader
      1. Open the Run window (Windows Key + R)
      2. Type lusrmgr.msc and then select OK
      3. Right click Users and select New User…
      4. In the User name box type linewize
      5. In the Full name box type Linewize Log Reader
      6. Type a Password and Confirm the password
      7. Uncheck User must change password at next logon
      8. Check Password never expires
      9. Click Create
      10. Add the new user to Event Log Readers groups
      11. Click the Linewize Log Reader user
      12. Click the Member Of tab 
      13. Click Add...
      14. Type Distributed COM Users and click Check Names
      15. Type Event Log Readers and click Check Names
      16. Click OK
      17. Click Apply and OK 
  3. Additional permissions for the Linewize Log Reader require configuration.

    1. Open the Run window (Windows Key + R)
    2. Type dcomcnfg and then select OK
    3. Expand Component Services > Computers
    4. Right click on My Computer
    5. Click Properties
  4. Go to the Default Properties tab, ensure:
    1. Enable Distributed COM on this computer is checked,
    2. Default Authentication is set to Connect, and  
    3. Default Impersonation Level is Identify
  5.  Go to the COM Security tab, and ensure both Access Permissions and Activation permissions are configured.
    1. Under Access Permissions, click Edit Default…
    2. Click Add... then type Linewize Log Reader
    3. Click Check Names and then OK
    4. Check both Allow for Local Access and Remote Access permissions
    5. Click OK
    6. Move down to Launch and Activation Permissions, click Edit Default…
    7. Click Add... then type Linewize Log Reader
    8. Click Check Names and then OK
    9. Check the following Allow Local Launch, Remote Launch, Local Activation and Remote Activation permissions
    10. Click OK

Configure WMI Setting

Configure WMI settings through Windows Management Instrumentation (WMI) 

  1. Open the Run window (Windows Key + R)
  2. Type wmimgmt.msc and select OK.
  3. Right click WMI Control and select Properties
  4. Go to the Security tab, expand the dropdown and select CIMV2
  5. Click Security
  6. Select the Linewize Log Reader user, then click Advanced
  7. Select the Linewize Log Reader user, then click Edit
  8. Click Select a principal link
  9. Type Linewize Log Reader and click Check Names 
  10. Click OK 
  11. In the Type field, select Allow
  12. In the Applies to field, select This namespace only  
  13. Check the following Permissions:
    1.  Select Execute Methods
    2. Partial Write
    3. Provider Write
    4. Enable Account
    5. Remote Enable
    6. Read Security
    7. Edit Security
  14. Click OK
  15. Click Apply then OK