ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 4 question 27 discussion

Actual exam question from Microsoft's MD-100
Question #: 27
Topic #: 4
[All MD-100 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:

Lab Instance: 11145882 -


Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3. The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. Go to Control Panel -> System and Security -> Windows Firewall.
2. Click on the Advanced settings link in the left-hand side.

3. Enable COM+ Network Access (DCOM-In).

4. Enable all the rules in the Remote Event Log Management group.

Reference:
https://www.zubairalexander.com/blog/unable-to-access-event-viewer-on-a-remote-computer/
by Anthony_2770 at Oct. 27, 2020, 11:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
forummj
Highly Voted 4 years, 7 months ago
The actual rules that work now with Windows 10 are Remote Event Log Management (The entire group) Windows Management Infrastructure (WMI - The entire group) Create two inbound rules using the Predefined option, select each of the above and then select all the possible sub-categories. I've tested it and it works.
upvoted 13 times
Anthony_2770
4 years, 6 months ago
YES better answer, but I was able to connect to the event logs without enabling WMI. It is a win 10 client not a server. Anyone else ?
upvoted 1 times
Anthony_2770
4 years, 6 months ago
All WMI incoming firewall rules on the client were disabled
upvoted 1 times
FrancisLai
3 years, 2 months ago
All WMI incoming firewall rules are enabled in my computer
upvoted 1 times
...
...
...
pd3vlin
4 years, 6 months ago
Isn't it Windows Management Instrumentation (WMI)?
upvoted 2 times
...
...
Anthony_2770
Highly Voted 4 years, 7 months ago
Solution appears to be based on Windows 7 Win 10 – Performance Logs and Alerts (DCom-In) – Enable Win 10 – Remote Event Log Management (NP-in) - Enable (Domain Rule)
upvoted 7 times
redadz
4 years, 5 months ago
WRONG Rule: Note Named Pipe, it should be RPC for the right Network Profile
upvoted 1 times
ad2531
4 years, 5 months ago
WRONG: RPC for public, wrong port
upvoted 2 times
...
...
Anthony_2770
4 years, 5 months ago
Yes Remote Event Log Management (The entire group) Windows Management Infrastructure (WMI - The entire group)
upvoted 1 times
...
Cycubxl
2 years, 8 months ago
I've tested on Win10 19044 with : Performance Logs and Alerts disabled WMI disabled RPC enabled It worked without any problem
upvoted 1 times
...
...
Hatsapatsa
Most Recent 2 years, 5 months ago
Tested in Windows 11 21H2. Enabled event log management rules on and then could successfully view remote event log with admin account.
upvoted 1 times
...
flabezerra
2 years, 7 months ago
There are two application possibilities to resolve this lab. The first is more invasive, less secure and does not use the principle of least privilege. It is necessary to access a session with the other machine. The problem with doing this in a professional environment is when you lose access to the remote computer and end up losing log data. In practical terms you can open a lot of ports by creating many rules and it will work fine. The other, less invasive scenario, with the possibility of maintaining the organization of the logs and even saving copies of the machine's logs. I'm talking about Windows Event Subscription. The stream of events from a source to a collector is called a subscription. Based on the statement, it is understood that it is necessary to maintain a level of security, the Firewall must be activated. The first solution would still work here as you will keep the Firewall enabled. It doesn't hurt to look at the other scenario and try to use that in the lab.
upvoted 1 times
flabezerra
2 years, 3 months ago
If we gonna apply the settings to all administrators, we must use Group Policy via mmc to set up a new inbound rule Firewall.
upvoted 1 times
...
...
Cycubxl
2 years, 8 months ago
It's not necessary to allow WMI, only the RPC is enough I've tested on Win10 19044
upvoted 3 times
...
Barrybobslee_111
2 years, 9 months ago
I would only enable Remote Event Log Management for the domain profile. Why enable the rest?
upvoted 1 times
...
syougun200x
2 years, 9 months ago
Only enabling FW rules Remote Event Log management worked in my environment.
upvoted 1 times
...
veteran_tech
2 years, 11 months ago
I tried it with Win10 v 1809. Only had to enable the group of Remote Event Log Management rules.
upvoted 1 times
...
ninja
3 years ago
Would enabling all inbound rules work? lol
upvoted 1 times
...
Mohaala
3 years, 7 months ago
Simply on source PC you need to have the WINRM enabled On collector PC you need to have Event collector service started I got this info from the MD-100 Exam book and using the below link https://www.loggly.com/ultimate-guide/centralizing-windows-logs/
upvoted 5 times
...
Goofer
3 years, 7 months ago
Open firewall inbound --> Remote Event log management (RPC) That's all 1. Open event viewer 2. Connect to other computer --> Another computer 3. Connect as another user --> administrator
upvoted 2 times
...
Perycles
4 years, 1 month ago
For Remote Event Viewer : 1 - configure 2 firewall exceptions : (Windows Remote Management (HTTP-in) and (Romte Event Logs (RPC) 2 - ensure that Service "Windows Remote Manager" is on "Automatic"
upvoted 2 times
...
geoffC
4 years, 2 months ago
Elevated command prompt on Client3: type "winRM qc" would this work?
upvoted 2 times
J4ck13
4 years, 1 month ago
I thought this too.
upvoted 1 times
...
J4ck13
4 years, 1 month ago
Looking at the below link, it says that winrm qc only configures this for the current profile, so we would have to do this for all admins and doesnt work. It would reach the goal if it was for one user however. https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel