Forum Discussion

Expert

5 months ago

Windows Least Privilege and polling (WinServer)

Regarding the Dec 31 Windows Least Privilege nightmare fuel (I know the page claims it wont be strictly enforced) I started testing the script. I've just run it on one collector right now, and it see...

Cole_McDonald

Professor

2 months ago

Anything that access the Security event logs from a remote machine will fail... there is a registry permission that needs to be granted for the user:

$domainName = (get-wmiobject win32_computersystem).domain
$userName = "LM_ServiceAccount_Name"
$regPath  = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Security"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("$DomainName\$UserName","ReadKey","Allow")

$acl = Get-Acl $regPath
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $regPath

Forum Discussion

Windows Least Privilege and polling (WinServer)

Related Content

Least Privilege's script to set permissions on Services for Non Admin account.

Least Privilege not showing full list of Windows Services

Windows ProcessMonitoring

Windows service datasource error

Event Sources SNMP and Windows collectors?

Recent Discussions

Reporting Improvements

WQL Query Datapoint cant do Expressions or Scripts?

Any way to add the graphs into a ticket using the Integration to a ticketing system?

API v1 reference?

Escalation Chains for bank holidays vs standard weeks