Highlighted
Absent Member.
Absent Member.
568 views

Remote credential permission

Jump to solution
HI,
If I well understood the sitescope doc, to monitor a windows system, sitescope must use an account with admin priviledges (local or in domain).
If it's not possible to get such account (due to restrictive security policy), how sitescope can monitor a windows server to get Cpu, mem, disk and service status?
Regards,
Marc
Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.
Hi, Marc.

Please, refer to the "How to Configure the Microsoft Windows Resources Monitoring Environment" article in SiteScope help for detailed explanation what rights SiteScope need to monitor the remote Windows machine.

Thank you.
Sergey.
_______________
This thread is now 20% cooler

View solution in original post

8 Replies
Highlighted
Absent Member.
Absent Member.
Hi, Marc.

Please, refer to the "How to Configure the Microsoft Windows Resources Monitoring Environment" article in SiteScope help for detailed explanation what rights SiteScope need to monitor the remote Windows machine.

Thank you.
Sergey.
_______________
This thread is now 20% cooler

View solution in original post

Highlighted
Absent Member.
Absent Member.
Hi,
In fact it works to get mem, cpu, disk but no way to get if service/process are running.
What is the solution ?
Regards,
Marc
0 Likes
Highlighted
Absent Member.
Absent Member.
Hi

To monitor certain process/services on remote windows machine which require admin access to fecth the details.

Refer to sitescope monitor configuration guide which describes clearly read permission to few registry entry on machine that can help to monitor services.

What all services/prcess you are able to view under perfmon tool in that machine using that account can be monitor in sitescope
0 Likes
Highlighted
Absent Member.
Absent Member.
Hi, Marc.

I'll forward your question to our perfex specialist on Monday (he's currently on vacation).

Thank you.
Sergey.
_______________
This thread is now 20% cooler
0 Likes
Highlighted
Absent Member.
Absent Member.
Thank's a lot Sergey, any update from the specialist?
Regards,
Marc
0 Likes
Highlighted
Absent Member.
Absent Member.
Hi Arvind,
I think I did everything in sitescope configuration:
I used non-admin account (sitescope) and then:
1) subinacl /service RemoteRegistry /grant=sitescope=f
2) added the user 'sitescope' in Performance Monitor Users and Performance Log Users local user groups
3) give read access to: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Perflib]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg]
') check that user 'sitescope' can read files in %WINDIR%\System32\perf?XXX.dat

So i'm able to get cpu, mem, disk but not allow to get service status. Did I miss something ?
Regards,
Marc
0 Likes
Highlighted
Absent Member.
Absent Member.
Hi, Marc.

Unfortunately, to get information about services and processes you need administrator rights.
The reason is that we're using OpenSCManager() function (http://msdn.microsoft.com/en-us/library/ms684323%28v=vs.85%29.aspx) to access the services and processes information and, according to http://msdn.microsoft.com/en-us/library/ms685981%28v=vs.85%29.aspx , "Remote authenticated users" do not have required rights.

Sorry for the delay.
Sergey.
_______________
This thread is now 20% cooler
Highlighted
Absent Member.
Absent Member.
Thank's a lot for your answer.
Regards,
Marc
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.