SecureAuth Idp Version affected: 9.0.2 onwards
Since 9.0.2, the OVA that new customers are sent contains a locked down environment which prevents remote access to the Event Log. We recommend keeping these lock down settings as it allows for a more secure machine.
However, some agentless monitoring tools require remote access to the Event log.
Cause: Lock down settings
1. On the IdP Open up the "Windows Firewall with Advanced Security"
2. On the Inbound Rules,
2i. Enable Com+ Network Access (DCOM-In)
2ii. Enable Remote Event Log Management (NP-In)
2iii. Enable Remote Event Log Management (RPC)
2iv. Enable Remote Event Log Management (RPC-EPMAP)
3. Open Services.msc and set the Server Service to Automatic and then Start the Server service.
4. Open Regedit, Expand the tree to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft\ Windows \ CurrentVersion \ policies \ system.
5. Look for “LocalAccountTokenFilterPolicy” and give it the value of “1”. Click OK. If it didn't exist, Create a new key (Right click -> New -> choose “DWORD Value (32bit)”) and name it LocalAccountTokenFilterPolicy and give it the value of 1
6. Reboot the IdP
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.