Consolidating windows domains

Rated 3.96/5 based on 579 customer reviews

This architecture then forms a part of the set-up needed for our Cred Defense Toolkit.

Also, there are some environments where deploying yet another agent to Windows endpoints may not be desirable.

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping events to a central location. I wanted a Windows-based server with all of the event logs from the environment so that I could use Power Shell for analysis purposes.

consolidating windows domains-88

It extends the endpoint’s logging capability beyond the standard event logs.

Turn on Windows Remote Management (WS-Management) Service via GPO The Windows Remote Management (WS-Management) service will need to be started on all the systems that will forward events.

Note that they do not need to be listening on HTTP or HTTPS – the only system that needs that needs to be listening and have firewall rules configured is the WEF server.

Alternatively, you could just use “Domain Computers” if you are in a testing environment.

Otherwise, using all computers in your environment to initially set up may not be the best idea.

Leave a Reply