Creating account to tie in AD with LanGuardian but we have to group named "Event Log Readers" to make the AD Account a part of as directed. Does anyone have a work around for this? Thank you in advance
You need to change the AD config to use RPC queries instead of WMI. We don’t come across Windows Server 2003 which is why we have everything set to use WMI.
You just need to edit each DC in LANGuardian and choose the remote
Two reasons for moving to WMI are that WMI is much more efficient at querying logs than RPC so it cuts down on the amount of data that is sent between Domain Controllers and LANGuardian. Additionally, RPC calls to DCs on LANGuardian use SMBv1 and since the Wannacry outbreak, the advice is to move away from this protocol.