Event Log Readers group missing on Server 2003

  • 1
  • Question
  • Updated 2 months ago
Creating account to tie in AD with LanGuardian but we have to group named "Event Log Readers" to make the AD Account a part of as directed. Does anyone have a work around for this? Thank you in advance
Photo of Mark Carpani

Mark Carpani

  • 1 Post
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes
You need to change the AD config to use RPC queries instead of WMI. We don’t come across Windows Server 2003 which is why we have everything set to use WMI. You just need to edit each DC in LANGuardian and choose the remote query option.

Two reasons for moving to WMI are that WMI is much more efficient at querying logs than RPC so it cuts down on the amount of data that is sent between Domain Controllers and LANGuardian. Additionally, RPC calls to DCs on LANGuardian use SMBv1 and since the Wannacry outbreak, the advice is to move away from this protocol.