Documentation Index

Fetch the complete documentation index at: https://docs.fortifiedwisdom.com/llms.txt

Use this file to discover all available pages before exploring further.

Collection Account Requirements and Options

Updated
  • Updated on Jun 9, 2026
  • Published on Mar 31, 2025
  • 1 minute(s) read
Prev Next

To ensure secure and reliable operation of the WISdom Collection Service, the service account used on the host machine must meet the following requirements.

Service Account Type

Account Type Recommendation Notes
Group Managed Service Account (gMSA) ✔ Recommended — Best Practice Automatic password management, simplified administration. Ideal for enterprise environments.
Domain Account Alternative Centralized control via Active Directory. Requires manual password management.
Local Windows Account Not Recommended Requires secondary credentials to be created and assigned to monitored targets in the WISdom UI. Additional service account permissions are required — see note below.
🔒 Best Practice

Use a gMSA account whenever possible. gMSAs provide automatic password rotation, eliminate manual credential management, and align with Microsoft's security guidance for service accounts.

Required Permissions on the WISdom Host

Permission Purpose
Log on as a Service Required to run the WISdom service as a Windows service.
Local Administrator Rights Required to start, stop, and restart the Fortified WISdom Watchdog and Collector services on the host machine.
Note

A local Windows account requires SDDL permissions set directly on both WISdom services, as Local Administrator rights alone are not sufficient for service control. If Local Administrator group membership is also not permitted, the account must have at minimum Full Control on the WISdom installation directory.

Security Best Practices

  • Use strong, regularly rotated passwords (if not using gMSA).
  • Restrict permissions to the minimum required for operation.
  • Monitor and audit service account activity.
  • Avoid using shared or personal user accounts for service operations.

WISdom Collection Account Options

The WISdom Collection Service supports multiple account types for collecting data from target systems. Choose the appropriate method based on your environment and security policies.

Account Type Use Case
Service Account (Recommended) Ideal for collecting both Windows and SQL Server metrics. Simplifies management when used consistently.
Secondary Windows or Entra Accounts Used when different credentials are needed for specific targets. Supports Active Directory accounts and Microsoft Entra ID (formerly Azure AD). The collection account must collect both SQL and Windows metrics — the collection cannot be split between accounts.
SQL Authentication Account SQL data collection only. Does not support Windows metrics (WMI, Performance Counters).