Using NRPE-NT to check WMI on Windows Server

Livio Zanol Puppim livio.zanol.puppim at gmail.com
Fri Apr 25 16:01:34 CEST 2008
Previous message: Using NRPE-NT to check WMI on Windows Server
Next message: Hosts reboots too fast for check_alive notification
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sometime ago, I've tried to search suchthing, and determine the
minimum permissions to make WMI specific queries. I've stopped on WMI
and COM+ custom permissions that couldn't be set via GPO and for a big
enviroment, this is a big problem.

Have a check on google + microsoft searching for WMI query permissions...

[]'s
Lívio Zanol Puppim
2008/4/24, Cook, Garry <Garry.Cook at arcadis-us.com>:
>
>
>
>
> Thank you Tony,
>
> I see that you're the author of NC_Net, and I think you sent a message the
> other day stating that there was a newly released version.
>
> What are your thoughts on doing things the way I described below vs. using
> NC_Net (or any agent).
>
> Pros, cons, reason to use both?
>
>
>
> Thanks,
>  Garry
>
>
>
>
> From: Anthony Montibello [mailto:amontibello at gmail.com]
>  Sent: Thursday, April 24, 2008 4:04 PM
>  To: Cook, Garry
>  Cc: Nagios-users at lists.sourceforge.net
>  Subject: Re: [Nagios-users] Using NRPE-NT to check WMI on Windows Server
>
>
>
>
>
> Each WIndows element and WMI stuff require different permissions,
>
>
>
>
>
> When using WMI, you have access to do almost anything,
>
>
> for example when query for users WMI contacts the primary domain controler
> and waits for its results of all users in the Domamin.  Naturally this
> requires higher permissions than just qurying processes running in your user
> space.
>
>
>
>
>
> To minimize your headacks, I assunme you want to test many system stats that
> only System, Network Services or Administrators have access.
>
>
> If this is true,Try to convince the domain admins to approve all your
> scripts as non-destructive scripts.  Then  get the Domain Admins to add a
> user with thesse administrator permissions, then restict that user to no
> logon rights, and only rights to access the particular NRPE port.
>
>
>
>
>
> I hope this helps
>
>
>
>
>
> TOny
>
>
> (Author of NC_NEt)
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Apr 24, 2008 at 4:05 PM, Cook, Garry <Garry.Cook at arcadis-us.com>
> wrote:
>
>
>
> Question for the Window's gurus out there. I'm not really a 'windows guy'
> and don't have access to the Windows servers that I've been asked to
> monitor. Therefore, I'm using the NRPE VBScript setup developed by
> Groundwork to monitor some Windows servers via WMI. The NRPE-NT service runs
> on one box which I do have control over and this is also where the VBScript
> plugins live.
>
>
>
> When running NRPE-NT as my own Windows account, I can check services on
> File/Print servers, but not Domain Controllers. I tried several other
> accounts that have various levels of access and receive different errors.
> I've been reduced to having one of our Domain Admins run this service under
> his account, which works. This was done temporarily to test that this method
> is possible, but cannot be used as a permanent solution. The goal is to have
> NRPE-NT run as an account with the minimum level of permissions to perform
> these service checks.
>
>
>
> What level of access does the account that runs the NRPE-NT service need to
> have on all of the servers in order to function properly?
>
> Thank you,
>
> Garry W. Cook, CCNA
>  Network Systems Specialist
>  ARCADIS U.S., Inc.
>  630 Plaza Drive, Suite 200
>  Highlands Ranch, CO 80129
>  720.344.3708 (Office)
>  720.220.1862 (Mobile)
>
>
>  ________________________________
>
>
> NOTICE: This e-mail and any files transmitted with it are the property of
> ARCADIS U.S., Inc. and its affiliates. All rights, including without
> limitation copyright, are reserved. The proprietary information contained in
> this e-mail message, and any files transmitted with it, is intended for the
> use of the recipient(s) named above. If the reader of this e-mail is not the
> intended recipient, you are hereby notified that you have received this
> e-mail in error and that any review, distribution or copying of this e-mail
> or any files transmitted with it is strictly prohibited. If you have
> received this e-mail in error, please notify the sender immediately and
> delete the original message and any files transmitted. The unauthorized use
> of this e-mail or any files transmitted with it is prohibited and disclaimed
> by ARCADIS U.S., Inc. and its affiliates.
>
>
> -------------------------------------------------------------------------
>  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>  Don't miss this year's exciting event. There's still time to save $100.
>  Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>  _______________________________________________
>  Nagios-users mailing list
>  Nagios-users at lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>  ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
>  ::: Messages without supporting info will risk being sent to /dev/null
>
>
> -------------------------------------------------------------------------
>  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>  Don't miss this year's exciting event. There's still time to save $100.
>  Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
>  Nagios-users mailing list
>  Nagios-users at lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>  ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
>  ::: Messages without supporting info will risk being sent to /dev/null
>

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Using NRPE-NT to check WMI on Windows Server
Next message: Hosts reboots too fast for check_alive notification
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list