Welcome to docs.opsview.com

Overview

To use Opsview's 'Agentless' Windows monitors, an account that has access to Windows Management Instrumentation data counters is required. There are two methods to accomplish this.

  1. Create a standard Administrator account.
  2. Configure a restricted user that is only allowed access to standard user functions and WMI performance counters.

Creating an Administrator account solely for the purpose of monitoring may lead to security concerns, hence Opsview has outlined instructions on how to create an appropriate privileged user below.

Configuration

Our guide will implement three core tasks.

  • The account will need access to 'DCOM'. This is the facility used to execute WMI queries.
  • The account will need access to the WMI tree. At a minimum, the 'root/CIMv2' branch permission must be granted.
  • To allow for performance monitoring, the user needs to be a member of the Performance Monitor Users group.

Our supported configuration will be to create a user that is added to the following Windows Groups:

  • Distributed COM Users - this group has default remote access rights to DCOM
  • Performance Monitor Users - This group has default read only rights to WMI performance counters

Creating a read-only monitoring account

  1. Create a normal user with 'standard' privileges
  2. Add this user to the following groups:
    1. Distributed COM Users
    2. Performance Monitor Users
  3. Open the Windows Management Instrumentation control panel
    1. START > RUN > wmimgmt.msc
  4. Right click on WMI Control (local) and select Properties
  5. Navigate to the Security tab
  6. Select the Root namespace and click Security
  7. Add the group Performance Monitor Users to this account
  8. Select the following permissions for Performance Monitor Users
    1. Execute Methods: Allow
    2. Enable Account: Allow
    3. Remote Enable: Allow
    4. Read Security: Allow
  9. Once this is completed, select 'Performance Monitor Users' in the list
  10. Click Advanced within the 'Security for Root' dialog box
  11. Under Permissions, click on name 'Performance Monitor Users'
  12. Select Edit
  13. Ensure This namespace and subnamespaces is selected under the apply to object.
  14. Click 'OK'

Windows Firewall

If the Windows Firewall is running on your monitored host, there are some configuration changes that need to be implemented to allow WMI requests to be authorized.

  1. Ensure that the Windows Firewall is started and operating correctly
  2. Navigate to Control Panel and start the Windows Firewall' control panel
  3. On the left hand side, select Allow a program or feature through Windows Firewall
  4. Scroll down to the entry, Windows Management Instrumentation (WMI)
  5. Enable Home/Work (Private) and / or Public access as required
  6. Click OK

Configure DCOM permissions

  1. Open the Component Services Control Panel
    1. START > RUN > dcomcnfg.exe
  2. Expand Component Services, Computers, My Computer
  3. Right click on My Computer and select Properties
  4. Select the tab COM Security
  5. Under Launch and Access Permissions, select Edit Limits
  6. Ensure that the group Distributed COM Users has the following permissions applied:
    1. Local Launch
    2. Remote Launch
    3. Local Activation
    4. Remote Activation
  7. Once everything is confirmed, select OK then OK again to close the remaining control panel dialog.

You should now be ready to utilize this account for monitoring within Opsview.

Navigation
Print/export
Toolbox