Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

McAfee SIEM Event Collector 11.0 and Windows 2008 R2 Domain Controller

Has anyone found a way to use the Mcafee SIEM Collector work on a Domain Controller and tail the DNS.log file without making it a Domain Admin. I have been working on this for days trying to figure out what files, folders and registry keys it needs but not luck..

I keep getting the same message: "Failed to start impersonation: 1326" but with the same config works fine under my domain admin account.
0
compdigit44
Asked:
compdigit44
  • 4
1 Solution
 
BusbarSolutions ArchitectCommented:
It didn't work with us and we created domain admin account
0
 
compdigit44Author Commented:
This seems SO WRONG TO ME from a security point of view
0
 
Mohammed KhawajaManager - Infrastructure: Information TechnologyCommented:
Same here when I tested.   It is kind of funny that a security software requirements goes against most security recommendations.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
compdigit44Author Commented:
Here are my thoughts..

1) Create a domain admin account but only grant it the ability to log into one or two DC's running DNS. yes this account can still access AD from the servers both at least it is not as wide open.

2) From my testing the application does not linke UNC paths or network drives. I was trying to see if I could install the softwrae on anther server and map to the DC folder to read the log file...Even tried a linked directory..  and it did not work...

It has to be something with the registry but do not want to  change anything on a DC.

So the trick is to create a mount point that is really a \\unc path which I know you cannot do BUT wondering if you could trick windows to think the network drive is local

http://superuser.com/questions/812433/can-i-make-a-mapped-network-share-appear-as-a-local-drive
0
 
compdigit44Author Commented:
It looks like there is a way to added a user to the "local administrators " group on a DC....

http://www.richardawilson.com/2010/06/add-user-as-local-administrator-on.html

Hope this helps...
0
 
compdigit44Author Commented:
Found solution and posted finding for others.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now