article WMI User Permissions

To monitor a system via WMI, it must be added to up.time using a user with domain admin or local admin privileges.  This requirement is due to Windows permissions.  It is important to note that up.time does not make any changes to the domain or Active Directory environment or systems in any way; it simply makes read-only requests for the system information.

 

After the system has been added to up.time, if there are security concerns related to the elevated privileges, a user account with the limited permissions described below should be sufficient to enable WMI agentless operation to function properly.  Although administrator user credentials should eliminate potential access issues, this level is not strictly required for monitoring.

 

Permissions required for monitoring a system via WMI:

  1. User Roles: Distributed COM User, Performance Monitor Users.
  2. Enable Account and Remote Enable for the user to the CIMV2 WMI namespace.

Note: If a restricted user with the above permissions is used, up.time will not be able to perform the regular system re-scans to pick up any system changes, as it will not have the required privileges.

 

Note also that local policies at the Active Directory level may over-ride your local standard user (e.g. wmiuser, as in the example below) so you may need to consult with server or authorization administrators to ensure proper operation and/or to maintain compliance with corporate security policies.

 

The options format for WMI-based agentless monitoring includes the following fields in addition to the standard element fields:

WMI Domain (optional)
WMI Username
WMI Password

For example:

Host Name: hostname1 
Display name: windows machine 
Type: WMI Agentless 
WMI Username: wmiuser
WMI Password: uptime 
%%

Related Articles


How do I set user permissions?

RatingViews
article

To control what actions a user can take in the up.time interface you must define a User Role that sets the action permission and then assign that role to an existing User. 1. On the up.time tool...

By: uptime Support | Date Created: 12-31-1969 | Last Modified: 8-25-2011 | Index: 338

  3714

Changing Linux Agent port or permissions

RatingViews
article

By: uptime Support | Date Created: 10-14-2005 | Last Modified: 7-24-2013 | Index: 011

  6475

Common User Agent Strings

RatingViews
article

By: uptime Support | Date Created: 6-26-2007 | Last Modified: 6-28-2011 | Index: 203

  4903

Linux Agent filesystem permissions

RatingViews
article

Listed below are the set of post-install chmod and chown commands used to set permissions on the agent's installed files. chmod -R u+rx /opt/uptime-agent/bin chmod go+rx /opt/uptime-agent chmod...

By: uptime Support | Date Created: 7-7-2011 | Last Modified: 8-11-2011 | Index: 536

  2546

What permissions does up.time require for ESX monitoring?

RatingViews
article

We recommend using the root account for ESX 3 monitoring. If the root account is not available you can add a user for up.time using the instructions below.1. SSH login to the ESX system as root2. C...

By: uptime Support | Date Created: 7-7-2008 | Last Modified: 8-12-2011 | Index: 309

  3121

User Comments



No comments have been posted.

Copyright © 2021 IDERA, Inc.   Legal   Privacy Statement