Skip to main content
Skip table of contents

Windows Host Wizard

The Windows Host Wizard connects to Active Directory to find Windows systems on the domain. Eligible systems returned by the scan can be selected for remote log collection. Correctly defined permissions are essential to identify systems and collect logs.

The wizard can only scan domains that have the Include in Scan option selected in the domain properties under Windows Host Wizard. For more information, see Configure Initial Host Settings (Domain, Entity, and Log Source Types).

Requirements for Scanning

The Remote Registry service on Agent-less systems must be started for machines to be identified in the scan.

The user logged in to the machine where the scan is taking place must be a domain user on the domain being scanned or the scan will fail to run.

Requirements for Firewall Settings

If firewalls are used on systems in your network:

  • To allow for remote log collection, an exception for port 443 must be added to the Windows Firewall settings on the Agent-less systems.
  • The Client Console machine should also have an exception for port 443.
  • To allow the host machine to be identified, the Remote Admin exception must be added to the Windows Firewall settings on the Agent-less systems. If it does not appear in the list of Programs and Services within Windows firewall exceptions tab, add it from a command prompt by typing the following command:

    CODE
    netsh firewall set service remoteadmin enable

    To confirm it is enabled, type the following:

    CODE
    netsh firewall show state

Requirements for Remote Collection

To collect logs remotely from another system, the collecting Agent’s service must be running under an account that is in the Event Log Readers group. For more information, refer to the LogRhythm Guide: Least-Privileged User.

Requirements for Security Event Logs

The user running the scan must have administrator privileges on the system that is running the Client Console and for the systems on the domain from which logs will be collected. This can be achieved by setting up local users with Administrator rights or by using users with domain administrator privileges.

Miscellaneous Requirements

Any other settings on the systems related to firewall, permissions, or security may impact scanning, identification, or collection of event logs.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.