HOMEPAGE SITE MAP CONTACT US english francais
Company
Solutions
Downloads
Support
Ordering Assistance
Knowledge Base
Tutorials
Documentation
Subscribe
Store

Configuring Windows 95/98 to be audited using Microforge.net Enterprise Server

Last updated: Friday, February 04, 2005
TOC :: Up

The following document details the steps that you will have to take in order to prepare any Windows 95/98 machines on your network to be audited using Microforge.net Enterprise Server.

Article Details

Preparing Windows 9x machines for auditing

In order to be able to audit Windows 95/98 machines, you will need to install the following piece of software:

  • WMI Core version 1.5 for Windows 95/98. This can be obtained as a free download from http://microforge.net/links/wmi.htm. Once you have installed WMI Core 1.5, you should be able to audit the machine to an Audit Snapshot File, using our command line auditing utility: EntAudit.exe. Further information can be found in the documentation for ENT NetCenter under the topic Auditing disconnected machines

Configuring Windows 9x machines to be audited remotely

In order to be able to audit Windows 95/98 machines over the network, using Microforge.net ENT NetCenter, the following software must be installed on the Windows 95/98 machines that you wish to audit remotely:

 

  • DCOM for Windows 95/98, version 1.3. The appropriate DCOM installation may be downloaded from http://microforge.net/links/dcom.htm. Make sure you also download and install the DCOM configuration utility, since this will be required to configure DCOM once it is installed.

Configuration

Once you have installed the required software, you will also need to grant access privileges on the Windows 95/98 machine, which must match the network security credential supplied in the Network Details dialog in ENT NetCenter.

In the above example, we have configured ENT NetCenter to use the credential of the Admin user, who is a member of the Domain admins group on the MICROFORGE domain. Later, we will grant access permissions on the local Windows 95/98 machine for this group.

There are three things that need to be configured on each of the Windows 95/98 machines on your network before you will be able to audit these remotely:

  1. Configure WinMgmt server to start at system startup
  2. Configure the workstation for user-level access
  3. Configure DCOM to allow remote connections

The following is a detailed description of how to perform each of these three steps.

1. Configure WinMgmt server to start at system startup.

Windows 95/98 cannot start a DCOM server on demand, so the WinMgmt server which is installed on Windows 95/98 by WMI Core 1.5, must be launched during windows startup by adding a new string value to the windows registry

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: WinMgmt

Value:  C:\WINDOWS\SYSTEM\WBEM\WinMgmt.exe

The following screenshot shows the registry editor for a system with these changes already made.

2. Configure the workstation for user-level access

You will also have to change the workstation’s network security settings to allow user-level access, as follows:

  • Go to the control panel and open the Network applet;
  • From the Access Control tab, select “User-level access control” and provide the name of a security provider on your network (i.e. the name of a Windows NT domain, workstation or server which can then act as a security provider for the Windows 95/98 machine).


  • Reboot the workstation when prompted.

3. Configure DCOM to allow remote connections.

DCOM is configured, by default, not to allow remote connections. As such, we need to modify the security settings for DCOM to allow remote connections. This can be accomplished by using the DCOM configuration utility, as follows:

  • Run dcomcnfg.exe (the default install path is “C:\WINDOWS\system\”)
  • On the Default Properties tab, select Enable Distributed COM on this computer.
  • Set Default Authentication Level to Connect.
  • Set Default Impersonation Level to Impersonate.

  • Go to the Default Security tab and edit the list of accounts that can access COM objects on this computer.
  • Click the Edit Default… button.
  • Click the Add button.

Here you will need to add the user (or a group to which that user belongs) that you specified in ENT NetCenter, in the Credentials section of the Network details.

  • Select the required group or user and click Grant Access.
  • Click OK and OK again.

    In the following screenshot, we have added a group to which our Admin user belongs - the Domain Admins group.

You can find further information on setting the Credentials to be used when auditing networks in the helpfiles for ENT NetCenter at http://microforge.net/support/helpfiles/usa/networkdetails.htm.

Finished

OK, that’s it! Now you can restart the Windows 95/98 machine, to make sure that all of these changes have been applied and that WinMgmt.exe is running. You should now be able to connect to and audit the machine remotely, from the Networks area in ENT NetCenter.

Technical Support

If you need any further help with this or if anything isn't clear then please feel free to contact support@microforge.net for assistance.