Can’t get Snare Agent working on Domain Controllers
SUMMARY
Aug 18, 2015
Symptoms
Cannot install or use the Snare Agents on domain controllers.
Recommended
You will require local administrator access on the server to access the event log files. The Windows agents need the following basic functions to work (the default administrator role):
run as a service as local administrator
read and write to the registry for its install location
read of the event log subsystem
ability to set the auditing settings in the OS
able to create network sockets to send data and run the web GUI interface
On a Domain Controller, local admin access may cause concern, however as part of the agent install we always recommend a long strong complex password for the agent access.
If you are not interested in remote management you can restrict the agent web GUI access to the local host or disable the web management interface as this will reduce the likelihood of any unauthorized access.