I have a local PoSh script scheduled task that queries a particular computer setting and either writes a "1" or a "0" to a custom registry key. I then have a PoSh script tied to a custom EXE/XML sensor that queries the registry via WMI. Files can not be shared between these two computers, but the WMI ports are open.
Script:
$regkey = 2147483650
$regclass = Get-WmiObject -Namespace "root\default" -list "StdRegProv" -computername "servername"
$key = "SOFTWARE\option-check\check"
$value = "option"
$return = $regclass.GetStringValue($regkey,$key,$value).svalue
if ($return -match 1) {
Write-Host @"
<prtg>
<result>
<channel>Option</channel>
<value>1</value>
</result>
</prtg>
"@
} else {
Write-Host @"
<prtg>
<result>
<channel>Option</channel>
<value>0</value>
</result>
</prtg>
"@
}
When I run the script on the PRTG Prode with my Domain Admin account, my results of the query are as such:
$regclass.GetStringValue($regkey,$key,$value)
__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 2
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
ReturnValue : 0
sValue : 1
PSComputerName :
However when the script is tied to a sensor and ran with the context of the account running the probe service I get a different result:
$regclass.GetStringValue($regkey,$key,$value)
__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 2
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
ReturnValue : 2
sValue :
the account is a local admin of the probe and the machine being probed. It is also a member of the Distributed COM Users, and Performance Log Users and the machine being probed.
The PRTG WMI tester can query root\cimV2 on the remote machine just fine, so it isn't an issue of creds to WMI.
thanks for insight.
Last change on Jan 26, 2017 4:05:18 PM by
Add comment