?
Solved

McAfee SIEM Event Collector 11.0 and Windows 2008 R2 Domain Controller

Posted on 2016-07-19
6
Medium Priority
?
146 Views
Last Modified: 2016-07-29
Has anyone found a way to use the Mcafee SIEM Collector work on a Domain Controller and tail the DNS.log file without making it a Domain Admin. I have been working on this for days trying to figure out what files, folders and registry keys it needs but not luck..

I keep getting the same message: "Failed to start impersonation: 1326" but with the same config works fine under my domain admin account.
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 41721084
It didn't work with us and we created domain admin account
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41721476
This seems SO WRONG TO ME from a security point of view
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 41721552
Same here when I tested.   It is kind of funny that a security software requirements goes against most security recommendations.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Author Comment

by:compdigit44
ID: 41722044
Here are my thoughts..

1) Create a domain admin account but only grant it the ability to log into one or two DC's running DNS. yes this account can still access AD from the servers both at least it is not as wide open.

2) From my testing the application does not linke UNC paths or network drives. I was trying to see if I could install the softwrae on anther server and map to the DC folder to read the log file...Even tried a linked directory..  and it did not work...

It has to be something with the registry but do not want to  change anything on a DC.

So the trick is to create a mount point that is really a \\unc path which I know you cannot do BUT wondering if you could trick windows to think the network drive is local

http://superuser.com/questions/812433/can-i-make-a-mapped-network-share-appear-as-a-local-drive
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 0 total points
ID: 41726665
It looks like there is a way to added a user to the "local administrators " group on a DC....

http://www.richardawilson.com/2010/06/add-user-as-local-administrator-on.html

Hope this helps...
0
 
LVL 20

Author Closing Comment

by:compdigit44
ID: 41734462
Found solution and posted finding for others.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question