Server 2012 R2

Monitoring with Non admin accounts

How to configure remote WMI for Solarwinds.

Without using a local administrator or domain admin to access WMI for monitoring purposes.

  1. Create a local user account, or a domain account, for documentation, the account will be called monitor
  2. On each server that you want to monitor, add the monitor account to the local groups Distributed COM Users and Performance Monitor Users
  3. Open computer management and under services and applications or Configuration (depending on OS version), select WMI Control. Then right click on it and choose properties
  4. In Propeties go to the security tab
  5. Select Root then click on Security

  6. In the next window click on Advanced

  7. Click on Add

  8. Click on Select Principal

  9. Add the monitoring users account
  10. Check the boxes for Enable Account and Remote Enable

  11. Click OK to close out through the entire window
  12. Open the DCOM configuration manager by running dcomcnfg
  13. Expand Console Root/Component Services/Computers, right click on My Computer and choose properties

  14. Select the COM security tab.
  15. Under Access Permissions click Edit Limits
  16. Add the monitor user account and check the options for Lcoal Access and Remote Access
  17. Click OK
  18. Back in the COM Security tab, under Launch and Activation Permissions click Edit Mimits
  19. Add the monitoring account and check Local Launch, Remote Launch, Local Activation, Remote Activation
  20. Click OK to close out all the dialog boxes
  21. Open a command prompt with elevated permmisions (NOT powershell)
  22. Run the following command (this is all one line):
  23. Start the Remote Registry Service and set the service to automatic start (delayed)

     

    This should get most of the common metrics, if you need more data that this is returning, it becomes more difficulty, and follow these steps. Again, these steps are not commonly done

  24. Open a command prompt on the local machine as the monitor service
  25. From that same command prompt run the command: whoami /USER /FO LIST
  26. This will return the SID of the user
  27. Back at the elevated command prompt, NOT the one running as a different user
  28. Run the command SC sdshow scmanager and copy that string into notepad
  29. Using that SID create a new ACL section as follows: (A;;LC;;;S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx)
  30. Add that to the string you copied earlier, it will now look like this, the part in bold is what is added:

     

  31. Copy that entire string into the command prompt (the one with elevated permmisions, not the one running as the monitor account and type sc sdset scmanager<the entire string above>

3 thoughts on “Monitoring with Non admin accounts

  1. Cephalexin Grand Rapids Mi Best Life Rx Pharmacy Levitra Equivalent [url=http://buyciali.com]cialis generic[/url] Pharmacology Of Amoxicillin Cash On Delivery Progesterone

  2. Proscar Y Propecia [url=http://cialisong.com]viagra vs cialis[/url] Does Zithromax Affect Birth Control Finasteride Online Worldwide Delivery Discount Stendra Quick Shipping Website Overseas Cod Accepted

Leave a Reply

Your email address will not be published. Required fields are marked *