O'Reilly logo

Thor's Microsoft Security Bible by Timothy Thor Mullen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Remote Security Log Collection in a Least Privilege Environment
Information in this chapter:
▪ Log Fetcher Architecture
▪ Accessing WMI
▪ Show Me the Code!
Products, Tools, and Methods
▪ AD
▪ MS SQL Server
▪ Distributed Component Object Model (DCOM)
▪ Windows Management Instrumentation (WMI)
▪ Event Logs
▪ Service Users
▪ Visual Studio (C#)
This chapter focuses on using a low privileged service user to harvest Windows event log data and to warehouse it in a SQL database. This is done with the minimum of permissions over an encrypted Distributed Component Object Model (DCOM) call via Windows Management Instrumentation (WMI), using Security Descriptor Definition Language (SDDL) for individual event log permissions. It includes a fully functional ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required