Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
Microsoft recommends Administrator group membership to ensure remote WMI functionality. However, you can run the remote WMI functionality without administrator privileges with some additional settings. This method works in most cases but not for all cases. Therefore, the assistance provided by your LogicMonitor support team may be limited and on a best-effort basis.
Note: This information also applies to Active Directory Domain Controllers. Also, you can run the group membership adjustments for domain controllers via “Active Directory Users and Computers” rather than “Local Users and Groups”. When a Windows host is promoted to a Domain Controller local group memberships are migrated into the BUILTIN groups within ADUC.
You can complete the following steps to run the services without administrator privileges.
To give the user remote WMI rights, log on to each system to be monitored and complete the following procedure:
If any of the following apply to the LogicMonitor Collector services, you may need to grant DCOM rights:
To grant the user DCOM rights, log on to each system to be monitored and complete the following procedure:
The following procedure describes how to grant DCOM remote access permissions for certain users and groups. If you are connecting computer A to computer B remotely. You can set permissions on computer B to allow a user group that is not a part of the Administrator’s group on computer B to connect to computer B.
For more information, see Securing a Remote WMI Connection.
Even after employing the mentioned methods, you may be required to review and adjust Windows Service permissions.
You can use one of the following tools to adjust Windows service permissions granting read-only access to the account in which you are using to monitor the host.