Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

johannterc
New Member
‎02-28-2017 08:45 AM

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?

alt text

Preview file
1 KB
0 Karma
Reply

Baever
Engager
‎03-15-2023 04:23 AM

Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂  

I'll go back and have another read through those docs.

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 10:40 AM

Hi johannterc,
please refer to the docs here to decide on an the right windows user
http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
Hope it helps

0 Karma
Reply

johannterc
New Member
‎02-28-2017 10:45 AM

Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 01:06 PM

please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,

0 Karma
Reply

Baever
Engager
‎03-15-2023 03:54 AM

I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-15-2023 04:09 AM

Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

 

Here is some more docs for monitoring AD

 

Requirements

You must meet the following requirements to monitor an Active Directory schema:

You should read "Splunk Enterprise" => Splunk UF

It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.

r. Ismo

 

Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...