Replication functionality of AD Group filtering of subscriptions

kgouldsk@live.com

What is the recommended method of restricting groupings of clients/servers to accessing event collector subscriptions, absent support for computer group control that WEC has?

I thought about creating additional listeners and via GPO pointing particular groupings of clients at particular listeners. Is there a better alternative?

John Pondrom

The most direct way to filter this would be to use the GPO on only deploy the target subscription manager policy to the groups of machines you want to get that subscription.

To replicate the functionality of the of the computer control you would have in Windows the source has a "Targets" field under the subscription tab at the bottom of the subscription. This is an explicit whitelist of the DNS names of the host you want the subscription to apply to.

kgouldsk@live.com

Unless that field supports security groups, it's essentially unusable. We're talking about hundreds or thousands of endpoints to be allowed to it.

Perhaps a better implementation would be to have a different URL on the CRIBL server for different subscriptions, example:

Server=http://cribl.mydomain.com:5985/wsman/SubscriptionManager/WEC/Subscription1,R
efresh=60

and so on for subscription2,3,4.

As it is, you seem to be limited to a subscription per server unless we can implement using multiple ports. Some flexibility would be appreciated.