This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Logging events from a w2k12 DC?

AlexColella
Beginner
Beginner

‎2015-01-23 12:27 PM

Running into an issue, we have a DC that we want system logs etc pulled into SA.  The issue of course is Domain Controllers do not contain local user/groups.  Is there an easy work around without major administrative work to get this functioning on a DC we want logs from?  I would like to hear what others have done in similar scenarios. Thanks!

0 Likes
3 REPLIES 3

AlexColella
Beginner
Beginner

‎2015-01-26 09:11 AM

Someone must have come across this type of issue while implementing this?

0 Likes

Anonymous
Not applicable

‎2015-01-27 09:59 PM

Collecting events from a Domain Controller is very common.

Have you reviewed the configuration steps here? http://sadocs.emc.com/@api/deki/files/43167/MicrosoftWindowsEventing.pdf

0 Likes

AlexColella
Beginner
Beginner

‎2015-01-28 09:29 AM

I've reviewed the document, it's expected that the service account be added to the local Log Readers group.  As you know, this can't be done on DC's since local users and groups do not exist.  Hence the only way I can think of doing this is using the domain log readers group and having the potential risks of additional access.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.