Hi, I've a problem with the WMI privilege on a Domain Controller running Win 2003 R2. This is what I done:
no firewall between the pc and the server.
I can't add my special user to the administrator's group, but if I do everyting works correctly.
There are other Group Policy to enable? other setting to change? thanks
I don't understand what you mean by "you can't add" but "it works correctly" if you do. You mean you are not allowed to, and you are trying to see if there is another way to do it besides adding the user to to group?
Looking at MSDN: http://msdn.microsoft.com/en-us/library/aa389290%28v=VS.85%29.aspx
"...Windows Server 2003, Windows XP, and Windows 2000: The account on Computer B must be in the Administrator group, but a domain account is not required...."
From this document it sounds like the user running Splunk has to be in the Administrative group to be able to connect to WMI remotely. The same user context that Splunk is running as will be used to log in to remote box and connect to WMI
Sorry, this sounds like that's what Windows requires. It does not entirely surprise me. It is possible that you can fiddle around with settings in the DCOMCNFG.EXE application to make it work with a non-Administrator group, but this is something probably more readily answered at a Windows-specialist site.
I've already give to my user the DCOM permission! The only think is that quen I test the WMI the answer to the query is empty! not an error...
Exactly, I try to put in the Administrators group, and it works fine, but the system administrator doesn't give me the permission to use forever this way.