Credentials for Accessing Remote Windows Computers
Last updated on 27 April, 2025No further credential modification is needed, if the Collector is running as an account with the right to connect to the remote computers.
If you are only monitoring a machine where the Collector is installed, Local System can be used; we recommend using a user with only the least privilege permissions by following the instructions in Migrating Windows Collector from Admin to Non-admin User.
If the account credentials for the Collector service do not have access rights to the remote computers you want to monitor. In that case, you can explicitly provide the credentials belonging to a user with the least privilege permissions on the computers to be queried. To do this using WMI, specify the following properties at the appropriate level (i.e., global, group, or resource level):
- wmi.user—Assign the username of an account with the least privilege permissions on the computers to be queried to this property.
- wmi.pass—Assign the password of an account with the least privilege permissions on the computers to be queried to this property.
- wmi.authType—Specifies the protocol to authenticate remote WMI hosts. The supported protocols are
NTLMv1
,NTLMv2
, andKerberos
. Starting with EA Collector 37.300, the default authentication protocol isNTLMv2
(replacing the previous default protocol,NTLMv1
)
. When using theKerberos
protocol, you must use the ServerName or FQDN to add a device and start your Collector services using AD account credentials instead of the Local System.
To configure the least privilege permissions for WMI, see Windows Server Monitoring and Principle of Least Privilege.
To configure WinRM monitoring instead of WMI, see Configuring WinRM for Windows Collector.
For more information on assigning properties, see Resource and Instance Properties.
A local non-domain account on a remote computer that is a domain member is possible. This is not recommended, even if the account is in the Administrators group. Doing so will subject the WMI access to UAC filtering in Vista and later OSs, limiting the data that can be collected. You may also trigger account lockout alerts.
Please note that the remote perfmon collection is not supported when using SYSTEM accounts, regardless of pdh.user/pdh.pass property usage.