How to check DCOM Permissions for Policy Compliance

Transcription

How to check DCOM Permissions for Policy Compliance
How to check DCOM Permissions for Policy Compliance
(This needs to be set correctly or WMI will not work)
One of the dependencies for WMI CID’s to report back data is that both remote WMI access and Remote
DCOM access is available to the user that’s configured in the Qualys Authentication record.
This article goes over the aspect of how to determine if the Qualys user in your Authentication Record
has the correct access for Remote Activation with DCOM.
Note: To see if remote WMI is available please see “How to check if remote WMI is enabled” in the
Qualys Community.
1. From the Start menu search for/run Dcomcnfg.exe
2. When the Component Services Window opens
click Console root, expand Component Services, expand Computers, and then click My Computer. On
the Action menu (More Actions on the right), click Properties.
3. When the My Computer Properties dialog box opens, click on the COM Security tab, and in the
Launch and Activation Permissions section, click Edit Limits.
4. In the Launch and Activation Permission dialog box you will see the Groups/Users that have
access to DCOM. Make sure the user specified in the Qualys Authentication Record has “Remote
Launch” and “Remote Activation” privileges to DCOM.
See the examples:
Correct Access
Incorrect Access
If the Qualys user does not have access to DCOM all WMI controls will fail for the policy scan.
NOTE: These changes are local to the host and can be over ridden by Group Policies that may be
pushed if the user logins into a Domain Server.
This information can be found at Microsoft’s website:
http://technet.microsoft.com/en-us/library/bb633148.aspx
For Windows 2000 the same principles apply, but the interface to make/check these setting will
look a little different. Here is the Microsoft Article that explains this for Windows Server 2000:
http://support.microsoft.com/kb/176799