Forum Discussion

Professor

10 months ago

Windows Least Privilege and polling (WinServer)

Regarding the Dec 31 Windows Least Privilege nightmare fuel (I know the page claims it wont be strictly enforced) I started testing the script. I've just run it on one collector right now, and it see...

Cole_McDonald

Professor

7 months ago

Anything that access the Security event logs from a remote machine will fail... there is a registry permission that needs to be granted for the user:

$domainName = (get-wmiobject win32_computersystem).domain
$userName = "LM_ServiceAccount_Name"
$regPath  = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Security"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("$DomainName\$UserName","ReadKey","Allow")

$acl = Get-Acl $regPath
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $regPath

Forum Discussion

Windows Least Privilege and polling (WinServer)

Recent Discussions

Reporting back-end ignoring Time Range?

Any way to get the Memory Graphs to properly show data in Gigabytes?

Monitor a running .exe

Webhook Event Collection

Collector Service Account Locked Out