Re: Will Splunk WMI inputs work on servers not in ...

maverick · ‎04-26-2011

I need to set up WMI polling on my Windows boxes that cannot run agents or belong to a domain.

With Splunk, is it possible to use local accounts for WMI polling provided that the permissions are set correctly?

maverick · ‎04-26-2011

If the machines are not in a domain, then you can query them from another stand-alone Windows server if the user name (i.e. the name Splunk is installed as on the collector) also exists as a local administrator on the target machine(s).

e.g. install splunk as myhost\foo, where $everyremotehost also has an account ‘foo’ with sufficient (probably local administrator) permissions.

Note: you will probably want to wrap that in a VPN or native IPSec, as without a domain, Windows reverts to NTLMv2, which I believe is crackable.

maverick · ‎04-26-2011

thanks and corrected!

mw · ‎04-26-2011

Your backslash was lost in myhost\foo

Will Splunk WMI inputs work on servers not in same domain?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Will Splunk WMI inputs work on servers not in same domain?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!