How to configure Windows authentication for the SELog virtual directory in AVIcode Intercept Studio

Article
02/22/2011

Looks like the wait is over as Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 Service Pack 1 should be available today via the Windows Download Center. Or if you're the patient type you can always wait for it to show up via Windows Update which should also happen today. Just remember that if you're using one of previous releases of the Service Pack, such as the Beta or RC, you'll need to uninstall that before installing the final release.

But on to the meat of today's post, which is a notification on the latest AVIcode Knowledge Base article we published this morning that explains how to secure the SELog virtual directory to prevent unauthorized systems from connecting. The contents of the article are below but as always, be sure you check out the direct link below to make sure you're seeing the latest version.

=====

In AVIcode Intercept Studio, the Intercept Service on the agents connects to the SELog virtual directory on the SE-Viewer to upload collected monitoring data. The SELog virtual directory is configured to allow anonymous authentication by default, but some organizations may want to enable Windows authentication for this virtual directory to prevent unauthorized systems from connecting.

Use the following steps to configure Windows authentication for the SELog virtual directory:

Create a service account for the Intercept Service to use on agents.
On the SE-Viewer computer, grant the service account Read and Write permissions for the SELog virtual directory. The following is the default local path of the directory on 32-bit Windows versions:
C:\Program Files\AVIcode\Intercept\SEViewer\LogWS
On 64-bit Windows versions, the following is the default path:
C:\Program Files (x86)\AVIcode\Intercept\SEViewer\LogWS
On the Intercept Agent computers, add the service account to the local Administrators group to allow it to logon as a service and monitor all .NET applications.
Configure the Intercept Service on agents to logon using the designated service account.
Add the username and password to the SEAgent.config file on each agent. See details about this step later in the article.
Log on to the Intercept Agent computers with the credentials of the service account and encrypt the SEAgent.config file using EFS to protect the username and password.
On the SE-Viewer computer, use IIS Manager to disable anonymous authentication for the SELog virtual directory and enable Windows authentication instead.
Restart the Intercept Service on agents and monitor the Intercept event log to make sure that it connects successfully.

Details about step 5:

The SEAgent.config file on each agent stores its connection configuration. The following is the default location of the file:

C:\Program Files\AVIcode\Intercept\Agent\v5.x.x\Configuration

In the above folder path, 5.x.x is the version and build number of Intercept Studio.

The Start menu contains a shortcut to open the configuration file. To use the shortcut, click AVIcode Intercept Studio on the All Programs menu, point to Intercept Configuration and then click Connection Configuration.

SEAgent.config is an XML file. Within its alias element, add userName and password elements immediately after initializeString. Here is an example:

<alias>
<name>SEViewer</name>
<connectionType>WebService</connectionType>
<initializeString>https://site/selog/semlogws.asmx</initializeString>
<userName>SomeUser</userName>
<password>SomePassword</password>
<proxy/>
</alias>

=====

For the latest version of this article see the link below:

KB2509259 - How to configure Windows authentication for the SELog virtual directory in AVIcode Intercept Studio

J.C. Hornbeck | System Center Knowledge Engineer

How to configure Windows authentication for the SELog virtual directory in AVIcode Intercept Studio

Additional resources