HomeSupercharger KBHow ToControlling Which Computers Subscribe to a WEC Subscription

5.9. Controlling Which Computers Subscribe to a WEC Subscription

The simplest and most direct way to control which computers subscribe to a subscription on your Windows Event Collector is to use an Active Directory group that has those computers as members. Just make sure that a group policy object (GPO) that applies to at least those computers (it's fine if the GPO hits other computers in the domain) includes an entry in the Target Subscription Managers policy that points to Windows Event Collector server where you subscription resides. Then assign that group under Allowed Forwarders on the subscription and all computers belonging to that group will subscribe to the subscription after applying the group policy.

For most environments except perhaps very large enterprises, we recommend that you simply target all the computers in your domain to all of your WEC collectors. This is easy to do. Just add an entry in Target Subscription Managers policy for each Windows Event Collector. (see Target Computers at the Collector)  Then use groups to assign computers to appropriate subscriptions on any collector. The Refresh interval defaults to 15 minutes (900 seconds) which keeps bandwidth and other resource utilization low even if you have many computers and collectors.

If, for whatever reason, you can't use a group to control which computers subscribe to your subscription, you can use an alternative approach which relies on Organizational Units and more group policy objects. In this case you define a set of computers that should subscribe to a given subscription with one or more OUs. Create a GPO and link it to the OU(s) and add just one entry to the Target Subscription Managers policy that points to the Windows Event Collector where your subscription resides. Then on the subscription, under Allowed Forwarders, you assign Domain Computers. If you wish to monitor the health of the subscription with Deterministic Health Analysis, you will need to define an LDAP filter that corresponds to the computers in the OU(s). Following this model consistently means basically that a computer subscribes to all the subscriptions on whichever collector it is pointed to by group policy based on the OU where the computer currently resides. Move the computer to another OU and will re-subscribe to the subscriptions on the collector where that OU is pointed.

This page was: Helpful | Not Helpful