Collection Account Requirements and Options

  • Updated on Jun 27, 2025
  • Published on Mar 31, 2025
  • 1 minute(s) read
Prev Next

WISdom Collector – Service Account Requirements

To ensure secure and reliable operation of the WISdom Collection Service, the service account used on the host machine must meet the following requirements:

Account Type

  • Preferred:
    • Group Managed Service Account (gMSA) – Recommended for enhanced security, automatic password management, and simplified administration.
  • Alternative Options:
    • Domain Account – Acceptable if gMSA is not available. Offers centralized control but requires manual password management.
    • Local Windows Account – Supported, but not recommended. Requires manual credential configuration for each monitored instance via the WISdom UI.

🔒 Best Practice: Use a gMSA whenever possible to align with Microsoft’s security and automation standards.

Required Permissions

Permission Purpose
Log on as a Service Required to run the WISdom service as a Windows service.
Local Administrator Rights Required on the WISdom host to:
  • Access system resources
  • Perform privileged operations
  • Ensure reliable data collection

🔒 Non-Local Admin Account: If using a service account without local administrator rights, the account must have full control of the installation folder.

Security Best Practices

  • Use strong, regularly rotated passwords (if not using gMSA).
  • Restrict permissions to the minimum required for operation.
  • Monitor and audit service account activity.
  • Avoid using shared or personal user accounts for service operations.

WISdom Collection Account Requirements

The WISdom Collection Service supports multiple account types for collecting data from target systems. Choose the appropriate method based on your environment and security policies.

Collection Account Options

Account Type Use Case
Service Account (Recommended) Ideal for collecting both Windows and SQL Server metrics. Simplifies management when used consistently.
Secondary Windows Accounts Used when different credentials are needed for specific targets. Supports:
  • Active Directory accounts
  • Microsoft Entra ID (formerly Azure AD)
  • Must collect both the SQL and Windows metrics with this account, the collection may not be split
Impersonated Windows Account Use only when necessary. May have limited success depending on environment configuration.
SQL Authentication Account Use only for SQL data collection. ⚠️ Does not support Windows metrics (e.g., WMI, performance counters).