[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Lock down WMI information

Posted on 2011-09-06
7
Medium Priority
?
846 Views
Last Modified: 2012-05-12
We have a company that wants to monitor primarly security events and etc of all servers in our domain.
They also want to pull all WMI information from all the servers and send to their appliance\application\server.

I want to know is there a way to filter what WMI information they get on our servers, and limit to only what they need. security event logs. I do not want them to have all WMI information.
Can we filter this to only the service account we create
Can we do this via a GPO
I need help restricting this company of what WMI information they see on our servers.
I dont want them seeing everything.
Thanks in advance


0
Comment
Question by:Indyrb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 14

Expert Comment

by:Psy053
ID: 36493728
Rather than allowing them any access to extract the data, could you look at simply providing them the "relevant" data?

0
 
LVL 2

Assisted Solution

by:AJRDev
AJRDev earned 2000 total points
ID: 36495259
WMI security is provided at the namespace level. Event log data is provided by the Win32_NTLogEventLog WMI class which is in the root/cimv2 namespace. You can set a security descriptor (with a user account) on the namepace, but not at the level of the class. And even if you could, that would apply to all event logs and not just the security log.

I think the only way to do what you want is as Psy053 says, proxy the access on the external company's behalf. You could write whatever WMI query(s) you like and wrap that up in some sort of IPC mechanism - perhaps a web service.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36495803
The system that they use, pulls the information automatically per say. So me handing off only relevant data, would probably be a huge feat.

I am confused. How would you set a security descriptor on a namespace and tie it to a user account.
I am new to WMI so I need further explanation.
Thank you
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 2

Accepted Solution

by:
AJRDev earned 2000 total points
ID: 36496553
1. Open the Computer Management MMC from Control Panel/Administrative Tools
2. Connect to whichever computer you want.
3. Expand the Services and Applications node, right click WMI Control and select Properties.
4. Expand the root node and select the CIMV2 node.
5. Click the Security button and set the user permissions you need.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36496856
Can you do this via a GPO?
0
 
LVL 2

Assisted Solution

by:AJRDev
AJRDev earned 2000 total points
ID: 36498319
Good article on MSDN about how to do this:
http://blogs.msdn.com/b/spatdsg/archive/2007/11/21/set-wmi-namespace-security-via-gpo-script.aspx

I've tried it and it works perfectly..
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 36515156
Pulling the information for them is trivial using a free tool called Log Parser from Microsoft or using PowerShell.  If their application lacks flexibility it might not be able to handle the permission denied response if the do lock the other logs from them.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
New style of hardware planning for Microsoft Exchange server.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question