Windows Monitoring
To collect Windows metrics (WMI), a Windows account is required, preferably an Active Directory (AD) account. If a SQL account is used for collections, WMI metrics will not be gathered. WISdom does not support using two sets of credentials to collect data from the same Instance and Host, i.e. SQL Auth for the SQL Instance and a Windows account for WMI.
Permissions Required on Windows Targets
The account WISdom uses to collect WMI and Performance counter data needs specific permissions on every Windows machine you monitor.
Option 1: Local Administrator (Recommended)
Add the collection account to the Local Administrators group on each monitored Windows server.
- Where to configure: Computer Management > Local Users and Groups > Groups > Administrators
Why this is preferred: Local Administrator permissions prevent future permission-related errors and simplify troubleshooting.
Option 2: Explicit Permissions
If your security policies prohibit Local Administrator access, grant these specific permissions instead:
- Log on as Batch Job – Required for collecting Performance counters and WMI data
- Where to configure: Local Security Policy > User Rights Assignment > Log on as a batch job
- Remote Management Users group – Allows remote management tasks for monitoring
- Where to configure: Computer Management > Local Users and Groups > Groups > Remote Management Users
- Distributed COM Users group – Enables remote activation of COM objects for data collection
- Where to configure: Computer Management > Local Users and Groups > Groups > Distributed COM Users
WMI and DCOM permissions are automatically granted through the group memberships above. Windows patching may inadvertently remove the required permissions in the future, and disrupt monitoring.
Testing and Troubleshooting Windows Connectivity
The ability of the collection account to connect to target Windows hosts may be tested with various methods. The collection account will either need to be passed via a script like PowerShell or an application will need to be run under the collection account credentials.
Perfmon
Perfmon is available on all Windows machines, but will need to be run as the collection account.
- Find the location of the perfmon program, typically: C:\WINDOWS\system32.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
- Run Perfomance Monitor, click the green + sign, and enter the \ServerName\ to connect to the target host.
- Add a counter to test it is successfully added and displayed.
- Run Perfomance Monitor, click the green + sign, and enter the \ServerName\ to connect to the target host.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
WBEMtest
This utility is installed on all Windows machines and can be found in the "C:\Windows\System32\wbem" directory.
- Run WBEMtest as the collection account.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
- Click the [Connect] button.
- Add the \ServerName\root\cimv2 in the Namespace.
- Click [Connect].
- Select the [Query] button to open a WQL query window.
- Enter the query: select * from Win32_Process
- Click [Apply].
- The list of handles running on the host will be displayed if successful.
- Select the [Query] button to open a WQL query window.
PowerShell (PoSh)
Either the powershell.exe or powersherll_ise.exe applications may be used as the collection account.
- The executables are typical found in the "C:\WINDOWS\system32\WindowsPowerShell\v1.0"* directory.
- Either run the PoSh executable as the Collection Account or pass the Windows account via the script.
- Run this command, with the host ServerName for the < ComputerName > in the script:
- Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName < ComputerName >
- Run this command, with the host ServerName for the < ComputerName > in the script: