WMI Authentication

  • Device
    User Identification
    User Mapping
    Palo Alto Networks User-ID Agent Setup
    WMI Authentication
To configure the PAN-OS integrated User-ID agent to use Windows Management Instrumentation (WMI) for probing client systems and monitoring Microsoft Exchange servers and domain controllers for user mapping information, complete the following fields.
Because WMI probing trusts data that is reported back from an endpoint, Palo Alto Network recommends that you do not use this method to obtain User-ID mapping information in a high-security network. If you configure the User-ID agent to obtain mapping information by parsing Active Directory (AD) security event logs or syslog messages, or using the XML API, Palo Alto Networks recommends you disable WMI probing.
If you do use WMI probing, do not enable it on external, untrusted interfaces. Doing so causes the agent to send WMI probes containing sensitive information—such as the username, domain name, and password hash of the User-ID agent service account—outside of your network. An attacker could potentially exploit this information to penetrate and gain further access to your network.
WMI Authentication Settings
Description
User Name
Enter the domain credentials (
User Name
and
Password
) for the account that the firewall will use to access Windows resources. The account requires permissions to perform WMI queries on client computers and to monitor Microsoft Exchange servers and domain controllers. Use domain\username syntax for the
User Name
.
Password/Confirm Password
The complete procedure TechDocs_logo_cropped.png to configure the PAN-OS integrated User-ID agent to monitor servers and probe clients requires additional tasks besides defining the WMI authentication settings.

Related Documentation