Windows System

Configure Microsoft Windows for Monitoring

1. Navigate to Dashboards → Administrator.

4. A pop-up message will confirm that the Linux Host has been added successfully. Click OK to dismiss and proceed to configure the Linux user for monitoring.

Note: Please take note of the WinRM Configuration Requirements.

6. A pop-up message will confirm that the account has been created successfully. Click OK to complete the process.

7. The newly added system will appear in the "Windows System" panel.

8. The Windows System will show up in the service grid within 5-15 minutes.

WinRM Configuration Requirements

IT-Conductor accesses Windows systems utilizing WinRM. If WinRM TLS (HTTPS) has been enabled then ignore the Configuration section. Otherwise (which is the most common situation) Windows uses a proprietary payload encryption mechanism and client whitelisting for unsecured (HTTP) connections. In this case, the following configurations have to be performed:

Use Domain Group Policy to apply these settings to multiple Windows machines:

If configuring manually run the following commands on each monitored machine:

The commands need to be executed from the command prompt with elevated permissions (As Administrator).

  1. Make sure WinRM is enabled. Run the following command:

    winrm quickconfig

  2. Enable "AllowUnencrypted". Run the following command:

    winrm set winrm/config/service @{AllowUnencrypted="true"}

  3. Enable Basic Authentication (Optional). If the monitoring account for Windows host is a local account (not a Domain account) the Basic authentication needs to be enabled. Run the following command:

    winrm set winrm/config/service/auth @{Basic="true"}

User Access

The easiest way to enable remote user access to WinRM is to add it to the local Administrators group.

If granting administrative access is not possible due to the security policy please follow the procedure to enable monitoring with a non-privileged account:

Add domain account or group to local WinRM Accounts

The local group membership can be assigned with Domain Group Policy (see above), otherwise, follow the instructions below.

  1. Open the Computer Management console (compmgmt.msc).

  2. Go to Local Users and Groups.

  3. Expand Groups.

  4. Add desired domain Group or User to Performance Log Users, Performance Monitor Users, and Remote Management Users groups.\

Grant Access to WMI Namespace

WMI Namespace access configuration is not supported in Domain Group Policy and has to be configured on each monitored machine.

  1. From the Computer Management console, expand Service and Applications.

  2. Right-click on WMI Control and then click Properties to access to WMI configuration.

  3. Open the Security tab.

  4. Select the "\Root\CIMV2" namespace:\.

  5. Click Security to choose which user or group will be granted access.

  6. In the "Security" dialog box, click Add.

  7. In the "Select Users, Computers, or Groups" dialog box, enter the name of the object (user or group) you want to add.

  8. Click OK.

  9. Click Advanced to open the Advanced Security Settings dialog box:

  10. On the "Permissions" tab select the desired user in the Permissions entries.

  11. Click Edit.

  12. Set Type to Allow, set Applies to This namespace and subnamespaces, and select the Execute Methods, Enable Account, and Remote Enable options:

  13. Click OK to close all windows and apply the changed settings.

See Authorize WMI users and Set Permissions for more details.

Allow Windows Service Configuration Manager Access

We need to grant the user Windows Service Configuration Manager Access.

Run a Command Prompt as Administrator, and execute the following command:

sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
PreviousURL Monitoring LocationsNextMonitoring

Last updated