Setting the ‘Manage auditing and security log’ Group Policy
Note: Adding the OpenDNS_Connector user to this group policy for all AD Servers (DCs) is also required in certain Windows Server 2008 configurations.
- By default, Windows Server 2003 does not come with the Group Policy Management Console (GPMC) and it may be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=21895.
Note: Alternatively, 2008 R2 servers should have GPMC installed and you can apply the following permissions from this server to be replicated to the 2003 R2 server.
- Open the GPMC (via Start > Administrative Tools), and select a Group Policy that applies to Domain Controllers.
Note: If you aren’t sure what policy to change, open a command prompt and type the following command: "gpresult /scope computer /r". Look for the ‘Applied Group Policy Objects’ line. Under it will be a list of policies applied to that Domain Controller. Make note of one that is likely to be applied to all Domain Controllers (e.g. ‘Default Domain Controllers Policy’).
- Right-click that policy and select ‘Edit’ to bring up the Group Policy Management Editor.
- Browse to the ‘Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment’ folder and select ‘Manage audit and security log’ to view its properties.
- Check "Define these policy settings", click "Add user or group", browse and select the OpenDNS_Connector user.
- Run the "gpupdate" command on the Domain Controller to make sure the policy is applied.
Setting DCOM permissions
- From a command line run dcomcnfg.
- Navigate to Console Root > Component Services > Computers.
- Right-click on ‘My Computer’ and select ‘Properties’.
- From ‘My Computer Properties’ select ‘COM Security’ tab.
- In ‘Launch and Activation Permissions’ area click ‘Edit Limits’.
- Add OpenDNS_Connector user and allow ‘Remote Launch’ and ‘Remote Activation’ permissions.
- Click OK to confirm and close My Computer Properties.
Setting WMI permissions
- Run wmimgmt.msc (Windows Management Infrastructure Control console).
- Right-click on ‘WMI Control’. Click ‘Properties’ > ‘Security’ tab.
- Select Root > CIMV2 namespace and click the Security button.
- Add the OpenDNS_Connector user and Allow the following permissions: ‘Enable Account’, ‘Remote Enable’ and ‘Read Security’.
- Click OK to exit each dialog window, then click Save to apply changes.