Windows Monitoring
To collect Windows metrics (WMI), a Windows account is required, preferably an Active Directory (AD) account. If a SQL account is used for collections, WMI metrics will not be gathered. WISdom does not support using two sets of credentials to collect data from the same Instance and Host, i.e. SQL Auth for the SQL Instance and a Windows account for WMI.
Permissions Required on Windos Targets
- Local Administrator: Ideally, the account should be a member of the Local Administrators group.
- Alternative Permissions: If not a Local Administrator, explicitly grant permissions on WMI and DCOM.
- Log on as Batch Job: Necessary for executing scheduled tasks required for advanced WISdom deployments.
- Group Membership:
- Remote Management Users: Membership in this group allows for remote management tasks, facilitating efficient monitoring and troubleshooting.
- Distributed COM Users: This group membership is necessary for enabling remote activation of COM objects, which is integral to WISdom's monitoring capabilities.
When the collection/service account has not been granted Local Administrator rights, be aware that group policy updates or Windows patching may inadvertently remove explicitly granted WMI/DCOM permissions. Windows updates and patching will destroy and recreate objects, removing explicitly granted permissions, rather than updating the object(s). This can disrupt monitoring until the permissions are manually restored. Regular audits and proactive management of permissions are recommended to maintain uninterrupted monitoring.
Testing Windows Connectivity
The ability of the collection account to connect to target Windows hosts may be tested with various methods. The collection account will either need to be passed via a script like PowerShell or an application will need to be run under the collection account credentials.
Perfmon
Perfmon is available on all Windows machines, but will need to be run as the collection account.
- Find the location of the perfmon program, typically: C:\WINDOWS\system32.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
- Run Perfomance Monitor, click the green + sign, and enter the \ServerName\ to connect to the target host.
- Add a counter to test it is successfully added and displayed.
- Run Perfomance Monitor, click the green + sign, and enter the \ServerName\ to connect to the target host.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
WBEMtest
This utility is installed on all Windows machines and can be found in the "C:\Windows\System32\wbem" directory.
- Run WBEMtest as the collection account.
- [SHIFT]-right click the application for the option to "Run as Different User"'.
- Click the [Connect] button.
- Add the \ServerName\root\cimv2 in the Namespace.
- Click [Connect].
- Select the [Query] button to open a WQL query window.
- Enter the query: select * from Win32_Process
- Click [Apply].
- The list of handles running on the host will be displayed if successful.
- Select the [Query] button to open a WQL query window.
PowerShell (PoSh)
Either the powershell.exe or powersherll_ise.exe applications may be used as the collection account.
- The executables are typical found in the "C:\WINDOWS\system32\WindowsPowerShell\v1.0"* directory.
- Either run the PoSh executable as the Collection Account or pass the Windows account via the script.
- Run this command, with the host ServerName for the < ComputerName > in the script:
- Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName < ComputerName >
- Run this command, with the host ServerName for the < ComputerName > in the script: