How to check DCOM Permissions for Policy Compliance
Transcription
How to check DCOM Permissions for Policy Compliance
How to check DCOM Permissions for Policy Compliance (This needs to be set correctly or WMI will not work) One of the dependencies for WMI CID’s to report back data is that both remote WMI access and Remote DCOM access is available to the user that’s configured in the Qualys Authentication record. This article goes over the aspect of how to determine if the Qualys user in your Authentication Record has the correct access for Remote Activation with DCOM. Note: To see if remote WMI is available please see “How to check if remote WMI is enabled” in the Qualys Community. 1. From the Start menu search for/run Dcomcnfg.exe 2. When the Component Services Window opens click Console root, expand Component Services, expand Computers, and then click My Computer. On the Action menu (More Actions on the right), click Properties. 3. When the My Computer Properties dialog box opens, click on the COM Security tab, and in the Launch and Activation Permissions section, click Edit Limits. 4. In the Launch and Activation Permission dialog box you will see the Groups/Users that have access to DCOM. Make sure the user specified in the Qualys Authentication Record has “Remote Launch” and “Remote Activation” privileges to DCOM. See the examples: Correct Access Incorrect Access If the Qualys user does not have access to DCOM all WMI controls will fail for the policy scan. NOTE: These changes are local to the host and can be over ridden by Group Policies that may be pushed if the user logins into a Domain Server. This information can be found at Microsoft’s website: http://technet.microsoft.com/en-us/library/bb633148.aspx For Windows 2000 the same principles apply, but the interface to make/check these setting will look a little different. Here is the Microsoft Article that explains this for Windows Server 2000: http://support.microsoft.com/kb/176799