Using NRPE-NT to check WMI on Windows Server

Cook, Garry Garry.Cook at arcadis-us.com
Fri Apr 25 00:10:09 CEST 2008


Thank you Tony,
I see that you're the author of NC_Net, and I think you sent a message the other day stating that there was a newly released version.
What are your thoughts on doing things the way I described below vs. using NC_Net (or any agent).
Pros, cons, reason to use both?

Thanks,
Garry

From: Anthony Montibello [mailto:amontibello at gmail.com]
Sent: Thursday, April 24, 2008 4:04 PM
To: Cook, Garry
Cc: Nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Using NRPE-NT to check WMI on Windows Server

Each WIndows element and WMI stuff require different permissions,

When using WMI, you have access to do almost anything,
for example when query for users WMI contacts the primary domain controler and waits for its results of all users in the Domamin.  Naturally this requires higher permissions than just qurying processes running in your user space.

To minimize your headacks, I assunme you want to test many system stats that only System, Network Services or Administrators have access.
If this is true,Try to convince the domain admins to approve all your scripts as non-destructive scripts.  Then  get the Domain Admins to add a user with thesse administrator permissions, then restict that user to no logon rights, and only rights to access the particular NRPE port.

I hope this helps

TOny
(Author of NC_NEt)



On Thu, Apr 24, 2008 at 4:05 PM, Cook, Garry <Garry.Cook at arcadis-us.com<mailto:Garry.Cook at arcadis-us.com>> wrote:

Question for the Window's gurus out there. I'm not really a 'windows guy' and don't have access to the Windows servers that I've been asked to monitor. Therefore, I'm using the NRPE VBScript setup developed by Groundwork to monitor some Windows servers via WMI. The NRPE-NT service runs on one box which I do have control over and this is also where the VBScript plugins live.



When running NRPE-NT as my own Windows account, I can check services on File/Print servers, but not Domain Controllers. I tried several other accounts that have various levels of access and receive different errors. I've been reduced to having one of our Domain Admins run this service under his account, which works. This was done temporarily to test that this method is possible, but cannot be used as a permanent solution. The goal is to have NRPE-NT run as an account with the minimum level of permissions to perform these service checks.



What level of access does the account that runs the NRPE-NT service need to have on all of the servers in order to function properly?

Thank you,

Garry W. Cook, CCNA
Network Systems Specialist
ARCADIS U.S., Inc.
630 Plaza Drive, Suite 200
Highlands Ranch, CO 80129
720.344.3708 (Office)
720.220.1862 (Mobile)

________________________________
NOTICE: This e-mail and any files transmitted with it are the property of ARCADIS U.S., Inc. and its affiliates. All rights, including without limitation copyright, are reserved. The proprietary information contained in this e-mail message, and any files transmitted with it, is intended for the use of the recipient(s) named above. If the reader of this e-mail is not the intended recipient, you are hereby notified that you have received this e-mail in error and that any review, distribution or copying of this e-mail or any files transmitted with it is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately and delete the original message and any files transmitted. The unauthorized use of this e-mail or any files transmitted with it is prohibited and disclaimed by ARCADIS U.S., Inc. and its affiliates.

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080424/0c949bcf/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list