Does the given credentials of a Windows device have permission for log collection?

Does the given credentials of a Windows device have permission for log collection?


Case 1: The account is a local administrator or a domain administrator.  

The credentials will, by default, have the required permissions.

 

Case 2: The account is a non-admin domain user.  

  1. Provide the non-admin domain user with the required permissions. Learn how here.

  2. Verify the credentials using WBEMTEST. Learn more about WBEMTEST.

  3. Open the ELA_HOME\troubleshooting\invokeWBEMTEST.bat file using administrator privileges.

  4. Click Connect, provide credentials of the Windows device, and click Connect once again.

                         a. Sometimes log collection fails when the device name is used but succeeds when using the IP address or Fully                 Qualified Domain Name (FQDN). If connection fails, try connecting using the IP address or FQDN.

  5. Once connected, click Query and try the following queries:
              a. Select CurrentTimeZone, Version, Name from Win32_OperatingSystem
              b. Select * from win32_ntlogevent

These queries should be completed for EventLog Analyzer to successfully collect logs from the Windows device.





      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Log import failure during remote log collection in EventLog Analyzer

                      Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...

                    • Windows device status: Access denied

                      The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...

                    • How to use a Device Group in EventLog Analyzer to update credentials for Windows devices

                      Objective This article offers detailed information on how to use a Device Group in EventLog Analyzer to update credentials for Windows log sources. Prerequisites You'll need administrator access to EventLog Analyzer. Steps to follow Step 1: Log in to ...

                    • Windows device status: RPC server is unavailable

                      The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication ...

                    • Enabling historic log collection in EventLog Analyzer

                      EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...

                      Related Products