Getting Data In

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

johannterc
New Member

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?

alt text

0 Karma

Baever
Engager

Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂  

I'll go back and have another read through those docs.

0 Karma

adonio
Ultra Champion
0 Karma

johannterc
New Member

Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).

0 Karma

adonio
Ultra Champion

please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,

0 Karma

Baever
Engager

I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

 

Here is some more docs for monitoring AD

 

Requirements

You must meet the following requirements to monitor an Active Directory schema:

You should read "Splunk Enterprise" => Splunk UF

It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.

r. Ismo

 

Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...