Who can audit machines?

ENT Server uses a technology called WMI to audit the machines across your Enterprise. WMI is a service that is built into the Windows operating system and, by default, Administrators and members of the Administrative group will have full access to the WMI service.

If you are running a domain controller on a network (such as Windows NT Server or Novell Server), then the machines on that network will be part of a domain. In this case, the computers on the network can get their security settings from the domain controller and anyone who is configured to be an administrative user of the domain will have administrative access to the machines that are connected to that domain.

If the network that you are auditing does not use a domain controller (for example, if the computers on the network are part of a Workgroup) then the machines are not capable of obtaining their security settings from a central domain controller. In this case, each of the machines will have to provide it's own security and, in order to audit the machines on the network, you will have to be logged into one of the machines on the workgroup as a user that is configured as an administrative user on each and every individual machine.

For example: You have a workgroup with 3 Windows 2000 Professional machines called Zeus, Hera and Bachus. You are logged into Zeus as the user "bob" and you password is "foo". Bob is configured as an administrative user on the machine Zeus. In order to be able to audit the machines Hera and Bachus remotely, you must add the user "bob" to each of these machines. The user "bob" on Hera AND Bachus MUST have the same password that you are using on Zeus (i.e. "foo") and MUST be configured to be an administrative user on both Hera and Bachus.

WARNING: The Windows 95, 9x and ME based operating systems are unable to provide their own security so, if you want to audit machines running these operating systems you must EITHER have a domain controller on the network, that these machines are connected to, OR audit these machines as if they were disconnected machines, using EntAudit.exe

Although by default, only administrators will have access to the WMI service, the security settings that specify who can/cannot access WMI are fully configurable. Security for the WMI service can be configured using WMI Control. To open the WMI Control console, from Windows click Start, and then click Run. In the Open box, type wmimgmt.msc, and then click OK. You can then configure the security settings for each of the machines that you have connected in the WMI Control console, by right clicking on the machine that you want to configure and selecting Properties from the popup menu.