Can’t get Snare Agent working on Domain Controllers

Owned by Carlos Osorio
Nov 09, 2020
1 min read


SUMMARY

Aug 18, 2015

Symptoms

Cannot install or use the Snare Agents on domain controllers.

 Recommended

You will require local administrator access on the server to access the event log files.  The Windows agents need the following basic functions to work (the default administrator role):

  • run as a service as local administrator

  • read and write to the registry for its install location

  • read of the event log subsystem

  • ability to set the auditing settings in the OS

  • able to create network sockets to send data and run the web GUI interface

On a Domain Controller, local admin access may cause concern, however as part of the agent install we always recommend a long strong complex password for the agent access.

If you are not interested in remote management you can restrict the agent web GUI access to the local host or disable the web management interface as this will reduce the likelihood of any unauthorized access.