How to configure remote WMI for Solarwinds.
Without using a local administrator or domain admin to access WMI for monitoring purposes.
- Create a local user account, or a domain account, for documentation, the account will be called monitor
- On each server that you want to monitor, add the monitor account to the local groups Distributed COM Users and Performance Monitor Users
- Open computer management and under services and applications or Configuration (depending on OS version), select WMI Control. Then right click on it and choose properties
- In Propeties go to the security tab
-
Select Root then click on Security
-
In the next window click on Advanced
-
Click on Add
-
Click on Select Principal
- Add the monitoring users account
-
Check the boxes for Enable Account and Remote Enable
- Click OK to close out through the entire window
- Open the DCOM configuration manager by running dcomcnfg
-
Expand Console Root/Component Services/Computers, right click on My Computer and choose properties
- Select the COM security tab.
- Under Access Permissions click Edit Limits
- Add the monitor user account and check the options for Lcoal Access and Remote Access
- Click OK
- Back in the COM Security tab, under Launch and Activation Permissions click Edit Mimits
- Add the monitoring account and check Local Launch, Remote Launch, Local Activation, Remote Activation
- Click OK to close out all the dialog boxes
- Open a command prompt with elevated permmisions (NOT powershell)
- Run the following command (this is all one line):
-
Start the Remote Registry Service and set the service to automatic start (delayed)
This should get most of the common metrics, if you need more data that this is returning, it becomes more difficulty, and follow these steps. Again, these steps are not commonly done
- Open a command prompt on the local machine as the monitor service
- From that same command prompt run the command: whoami /USER /FO LIST
- This will return the SID of the user
- Back at the elevated command prompt, NOT the one running as a different user
- Run the command SC sdshow scmanager and copy that string into notepad
- Using that SID create a new ACL section as follows: (A;;LC;;;S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx)
-
Add that to the string you copied earlier, it will now look like this, the part in bold is what is added:
- Copy that entire string into the command prompt (the one with elevated permmisions, not the one running as the monitor account and type sc sdset scmanager<the entire string above>
Cialis Rezeptfrei Apotheke [url=http://cialibuy.com]Buy Cialis[/url] Pastillas De Viagra Secure Ordering Real Bentyl Price Best Website
Cephalexin Grand Rapids Mi Best Life Rx Pharmacy Levitra Equivalent [url=http://buyciali.com]cialis generic[/url] Pharmacology Of Amoxicillin Cash On Delivery Progesterone
Proscar Y Propecia [url=http://cialisong.com]viagra vs cialis[/url] Does Zithromax Affect Birth Control Finasteride Online Worldwide Delivery Discount Stendra Quick Shipping Website Overseas Cod Accepted