The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to provide an Active Directory (AD) user with the minimal permissions needed to query the AD domain controller. The Sourcefire User Agent uses an AD user in order to query the AD domain controller. In order to perform a query, an AD user does not require any additional permissions.
Cisco requires that you install the Sourcefire User Agent on a Microsoft Windows system and provide access to the AD domain controller.
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
First, an administrator must create a new AD user specifically for User Agent access. If this new user is not a member of the domain administrators group (and they should not be), the user might have to be explicitly granted permission to access the Windows Management Instrumentation (WMI) security logs. In order to grant permission, complete these steps:
Root\CIMV2), and then click Security.
There is currently no verification procedure available for this configuration.
This section provides information you can use to troubleshoot your configuration.
If an issue persists after the configuration changes, update the Distributed Component Object Model (DCOM) settings in order to allow remote access: