Does the given credentials of a Windows device have permission for log collection?

Does the given credentials of a Windows device have permission for log collection?


Case 1: The account is a local administrator or a domain administrator.  

The credentials will, by default, have the required permissions.

 

Case 2: The account is a non-admin domain user.  

  1. Provide the non-admin domain user with the required permissions. Learn how here.

  2. Verify the credentials using WBEMTEST. Learn more about WBEMTEST.

  3. Open the ELA_HOME\troubleshooting\invokeWBEMTEST.bat file using administrator privileges.

  4. Click Connect, provide credentials of the Windows device, and click Connect once again.

                         a. Sometimes log collection fails when the device name is used but succeeds when using the IP address or Fully                 Qualified Domain Name (FQDN). If connection fails, try connecting using the IP address or FQDN.

  5. Once connected, click Query and try the following queries:
              a. Select CurrentTimeZone, Version, Name from Win32_OperatingSystem
              b. Select * from win32_ntlogevent

These queries should be completed for EventLog Analyzer to successfully collect logs from the Windows device.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • Windows device status: Access denied

                        The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...

                      • Enabling historic log collection in EventLog Analyzer

                        EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...

                      • Windows device status: RPC server is unavailable

                        The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication ...

                      • Understanding your log management solution

                        Key log terminologies When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer.   Agentless and agent-based log ...

                      • Log collection failure alerts

                        Device down alert: When configured devices don't respond to pings from EventLog Analyzer, it implies either of the following: The selected Syslog devices are not sending logs to EventLog Analyzer. EventLog Analyzer has not collected logs from the ...

                        Related Products