New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Time to support (Group)Managed Service Accounts (gMSA)

Votes:

4

Your Vote:

Up

Down

While Security is getting more and more Important nowadays, it seems there is no way to use gMSA in PRTG. First problem is that Kerberos isn't supported with all delivered sensors (for example WMI seems to rely on NTLM) Second Problem and Bug BTW: Windows Credentials in PRTG are allowed to be saved without Password, but then you get an error when Adding Sensors which rely on WinCreds, all Sensors are greyed out and it says "these Sensors need valid Windows Credentials".

I think a Windows only product should support all Authentication Types which also the Windows Host Supports, because no one would lower Security on Systems only to get the Monitoring in PRTG running!

PLease think about changing the Logon/Authentication Process, so it is independent from the choosen sensor type.

Without using a domainadmin or globally available local admin which isn't security best practice it's not possible to monitor hundreds of servers right now, so again please add Support for gMSA.

And Finally please give your customers a ability to post development request which can be votet, here inside the knowledgebase is not the best place, im pretty sure you will get lots of valuable suggestions. (lol, I think there are more urgent requests then the "new alertmail design" every few releases ;-)

authetication gmsa logon powershell wmi

Created on Oct 10, 2016 2:26:47 PM by  Daniel Wessely (4) 1



7 Replies

Votes:

0

Your Vote:

Up

Down

Dear Daniel

Thank you for your feedback. While we are planning to work on some Windows sensors in the future, the current WMI authentication options work for most WMI users. We did not test gMSA logins for WMI sensors, because the demand is still too low.

I agree, entering and changing individual local administrator credentials for the server is quite some work and using a domain admin could be undesirable. For the time being though, these will be the options we officially support.

Please understand that we don't want have votable requests, as they could create the false impression that highly voted requests will actually be prioritized. We have an internal road map and work on features which we deem important.

We keep an eye on the knowledge base, organize feedback given in support tickets and talk with PRTG users online, and in person. We are happy that we get so many good ideas and useful suggestions. Many PRTG features are based on the feedback of users. Much of the polish following the initial implementation is based on feedback.

Implementing a feature can take more time than expected, delaying further developments. That is why we don't publish roadmaps or wanting to have an actual vote implemented, because we rather don't want to create any false hope.

Created on Oct 11, 2016 1:57:24 PM by  Arne Seifert [Paessler Support]



Votes:

1

Your Vote:

Up

Down

Hello PRTG Support team,

I believe this question was raised on October 2016. Now in 2020 having gMSA (at least for "PRTG active directory integration", not for WMI sensors) is a baseline practice almost everywhere, specially in this era that everything is SSO (either shibboleth or CAS) aware.

Would you please reconsider supporting gMSA in your roadmap more seriously? It gradually became very difficult to convince IT leaders and decision makers to use a tool that does not support default and baseline functionality best practices. I love PRTG and I have been promoting and convincing the management to buy it wherever I go, but you need to help us (Sys/DevOps Admins/Engineers) out on this one and couple of other baseline functionalities like supporting of proper Role Based Access Control (RBAC) to support nested group membership.

Thanks, Shahed

Created on Jun 1, 2020 11:19:19 PM by  shahed (10)



Votes:

0

Your Vote:

Up

Down

Hi Shahed,

this feature is still on our roadmap and is planned to be released for the end of the year, at the latest.

Please take a look at our public roadmap, which is updated regularly: https://www.paessler.com/prtg/roadmap


Kind regards,
Matthias Kupfer - Team Tech-Support

Created on Jun 2, 2020 7:56:18 AM by  Matthias Kupfer [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I have also been waiting for this feature for a very long time and I also urgently request support for Active Directory Group Managed Service Accounts. PRTG is our last system critical system that still does not support gMSA. For monitoring PRTG accounts have many and extensive rights. To effectively prevent pass-the-hash attacks on service accounts in an AD environment, gMSAs are mandatory due to the automated and regular password changes.

Please check again if the gMSA feature is really on your roadmap. I cannot find any reference to Group Managed Service Accounts under the given URL.

Created on Jul 7, 2020 11:08:09 AM by  J8r (0)



Votes:

0

Your Vote:

Up

Down

Hello,

I think my last answer was misleading here. It was regarding, that we plan "SSO and MFA over Azure AD" which seemingly does not mean that this will include gMSA. I am sorry for that.


Kind regards,
Matthias Kupfer - Team Tech support

Created on Jul 8, 2020 8:01:58 AM by  Matthias Kupfer [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Here in the forum, the support of Group Managed Service Accounts has already been requested several times in different posts in recent years. Microsoft has already released a first version of Managed Service Accounts (MSA) with Windows Server 2008 and extended it with Server Version 2012 as Group Managed Service Accounts (gMSA). There are really some important security reasons for using gMSA. And as Shahed wrote above, it is hard to communicate why PRTG does not support these long-standing best practices security recommendations. In my view, it is therefore urgent to discuss once again what the reasons for not supporting gMSA are.

Created on Jul 8, 2020 11:17:44 AM by  J8r (0)



Votes:

0

Your Vote:

Up

Down

Add my vote here....unacceptable PRTG doesn't support GSMAs yet.

Created on Jul 14, 2020 12:34:41 PM by  kube1984 (550) 3 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.