Monitoring Services With WMI
Learn how to Monitor Services using WMI
Suggest Edits

copyrigth : https://knowledge.opsview.com/v5.3/docs/monitoring-services-with-wmi
 
Windows Management Instrumentation Configuration
To use Opsview Monitor's 'Agentless' Windows checks, a user account that has access to Windows Management Instrumentation data counters is required. There are two methods to accomplish this.
  1. Create a standard Administrator account.
  1. Configure a restricted user that is only allowed access to standard user functions and WMI performance counters.
Creating an Administrator account solely for the purpose of monitoring may lead to security concerns, hence the outlined instructions on how to create an appropriate privileged user below.
Configuration
Our guide will implement three core tasks.
  • The account will need access to 'DCOM'. This is the facility used to execute WMI queries.
  • The account will need access to the WMI tree. At a minimum, the 'root/CIMv2' branch permission must be granted.
  • To allow for performance monitoring, the user needs to be a member of the Performance Monitor Users group.
Our supported configuration is to create a user that is added to the following Windows Groups:
  • Distributed COM Users - this group has default remote access rights to DCOM
  • Performance Monitor Users - This group has default read only rights to WMI performance counters
Creating a read-only Monitoring Account
  1. Create a normal user with 'standard' privileges
  1. Add this user to the following groups:
    2a. Distributed COM Users
    2b. Performance Monitor Users
  1. Open the Windows Management Instrumentation control panel: Start > Run > wmimgmt.msc
  1. Right click on WMI Control (local) and select Properties
  1. Navigate to the Security tab
  1. Select the Root namespace and click Security
  1. Add the group Performance Monitor Users to this account
  1. Select the following permissions for Performance Monitor Users
    8a.     Execute Methods: Allow
    8b. Enable Account: Allow
    8c. Remote Enable: Allow
    8d. Read Security: Allow
  1. Once this is completed, select 'Performance Monitor Users' in the list
  1. Click Advanced within the 'Security for Root' dialog box
  1. Under Permissions, click on name 'Performance Monitor Users'
  1. Select Edit
  1. Ensure This namespace and subnamespaces is selected under the apply to object.
  1. Click 'OK'
Windows Firewall
If the Windows Firewall is running on your monitored host, there are some configuration changes that need to be implemented to allow WMI requests to be authorized.
  1. Ensure that the Windows Firewall is started and operating correctly
  1. Navigate to Control Panel and start the Windows Firewall control panel
  1. On the left hand side, select Allow a program or feature through Windows Firewall
  1. Scroll down to the entry, Windows Management Instrumentation (WMI)
  1. Enable Home/Work (Private) and / or Public access as required
  1. Click OK
Configure DCOM Permissions
  1. Open the Component Services Control Panel: Start > Run > dcomcnfg.exe
  1. Expand Component Services, Computers, My Computer
  1. Right click on My Computer and select Properties
  1. Select the tab COM Security
  1. Under Launch and Access Permissions, select Edit Limits
  1. Ensure that the group Distributed COM Users has the following permissions applied:
    6a.     Local Launch
    6b. Remote Launch
    6c. Local Activation
    6d. Remote Activation
  1. Once everything is confirmed, select OK then OK again to close the remaining control panel dialog.

Entradas populares de este blog

Ubiquiti UniFi – Ejecute el controlador como un servicio de Windows

Ubiquiti UniFi – Ejecute el controlador como un servicio de Windows CopyRigth : http://soporte.syscom.mx/es/articles/1743759-ubiquiti-unifi-ejecute-el-controlador-como-un-servicio-de-windows Redactado por Nancy Covarrubias Alarcon Actualizado hace más de una semana Los lectores aprenderán cómo ejecutar el software del controlador UniFi como un servicio de Windows. Los servicios de Windows suelen ser útiles ya que son aplicaciones de “fondo” que no requieren atención del usuario final. De esta forma, el servicio se lanzará al inicio, sin intervención del usuario. El servicio es un reemplazo / sustituto directo para ejecutar el programa del controlador manualmente (a través del ícono o una tarea programada), por lo que no es necesario ejecutar la aplicación del controlador si lo está ejecutando como un servicio de Windows. Tabla de contenido Pasos: cómo ejecutar el controlador como un servicio de Wi...
Leer más

Configuring an EX2200 Virtual Chassis

Configuring an EX2200 Virtual Chassis (CLI Procedure) date_range 23-Sep-19 info_outline Platform and Release Support You configure an EX2200 Virtual Chassis by configuring interfaces connecting EX2200 switches into Virtual Chassis ports (VCPs). Optical interfaces on EX2200 and EX2200-C switches can be configured into VCPs and can be used to connect EX2200 switches into a Virtual Chassis over short and long distances (up to 49.7 miles). All RJ-45 interfaces, including built-in network ports with 10/100/1000BASE-T Gigabit Ethernet connectors and 1000BASE-T RJ-45 transceivers, on EX2200 and EX2200-C switches can also be configured into VCPs. An EX2200 Virtual Chassis can be configured with either: A preprovisioned configuration—You can deterministically control the member ID and role assigned to a member switch by tying it to its serial number. A nonprovisioned configuration—The master sequentially assigns a member ID to other member switches. The role is dete...
Leer más
  Switch boots from backup root partition after file system corruption occured on the primary root partition   Copyright Summary: This article describes the issue when an EX Switch booting from the backup root partition after a file corruption occured on the primary root partition. Symptoms: EX switches running Junos 10.4R3 or later have added resiliency based on the "resilient dual-root partition", which if the switch detects a corruption on the primary root file system, it boots from the alternate root partition. When this occurs, you are notified in two ways: Alarm and Warning Banner Alarm: The following alarm message is generated: user@switch> show chassis alarms 1 alarms currently active Alarm time Class Description 2011-02-17 05:48:49 PST Minor Host 0 Boot from backup root Warning: **************************************************************************************** ** ** ** WARNING: THIS DEVICE H...
Leer más