Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

johannterc
New Member
‎02-28-2017 08:45 AM

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?

alt text

Preview file
1 KB
0 Karma
Reply

Baever
Engager
‎03-15-2023 04:23 AM

Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂  

I'll go back and have another read through those docs.

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 10:40 AM

Hi johannterc,
please refer to the docs here to decide on an the right windows user
http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
Hope it helps

0 Karma
Reply

johannterc
New Member
‎02-28-2017 10:45 AM

Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 01:06 PM

please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,

0 Karma
Reply

Baever
Engager
‎03-15-2023 03:54 AM

I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-15-2023 04:09 AM

Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

 

Here is some more docs for monitoring AD

 

Requirements

You must meet the following requirements to monitor an Active Directory schema:

You should read "Splunk Enterprise" => Splunk UF

It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.

r. Ismo

 

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...