What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

WMI access without Administrative Rights.

Votes:

1

Hello! In most cases we use Domain Admin account for any WMI sensor, is there a way to set individual account only for PRTG WMI access WITHOUT Domain or Local Administrative Rights? I found several articles but all of them are old. Or just no news here?

domain prtg wmi

Created on Oct 8, 2018 2:21:04 PM



7 Replies

Votes:

1

Just no news here - the permissions required for WMI haven't changed that much :)

PRTG Scheduler | PRTGapi | Feature Requests | WMI Issues | SNMP Issues

Kind regards,
Stephan Linke, Tech Support Team

Created on Oct 8, 2018 7:24:33 PM by Stephan Linke [Paessler Support]



Votes:

0

So if conclude: we can FULLY monitor WMI only with Administrators, because it can't be separated from other OS components? And if we want to do it it will be hard work with almost no result at the end?

Created on Oct 9, 2018 8:18:37 AM



Votes:

0

Well you could use a non-administrative user, WMI should work properly - apart from WMI Service Sensors, which do require either administrative permissions or ACLs configured accordingly. Carbon is very nice for this:

Grant-ServicePermission -Name <service name> -Identity "<domain>\<user>" -QueryStatus -Interrogate -Start -Stop

Note that this has to be configured on a per-service base and may require some tinkering. Eventually, this will just allow you to use non-administrative user accounts, which might be a necessity for some.

PRTG Scheduler | PRTGapi | Feature Requests | WMI Issues | SNMP Issues

Kind regards,
Stephan Linke, Tech Support Team

Created on Oct 9, 2018 9:08:08 AM by Stephan Linke [Paessler Support]



Votes:

0

Thank you Stephan, can you give a link to actual article with WMI permission settings?

Created on Oct 9, 2018 9:29:11 AM



Votes:

1

There you go :)

PRTG Scheduler | PRTGapi | Feature Requests | WMI Issues | SNMP Issues

Kind regards,
Stephan Linke, Tech Support Team

Created on Oct 9, 2018 10:15:03 AM by Stephan Linke [Paessler Support]



Votes:

0

Hellow, could you explane to me more deployed what shall i do to get this permitions for non-administrative accout. I need to monitor AD replication, i downloaded the Carbon tool, цhats next? Where i should install it - on my personal computer or on DC? Grant-ServicePermission -Name <service name> what it shuold be for AD replication?

Created on Oct 15, 2021 8:00:51 AM



Votes:

1

Hello Alexandr,

Thanks for getting back to us! The Carbon tool mentioned by my colleague is for rolling out permissions to the users to allow the monitoring of the service status. If you run the command in a PowerShell on the target host, which you want to monitor, the ACL to allow access to the service will be changed there, via this command.

If a client, like the PRTG Probe Software then tries to authenticate against the DC, the DC will first allow the access to the host by confirming the credentials and the target device will lookup if the local ACL exists to grant the access to the particular service status metric.

Testing the changes via the WMI Tester from the host on which the PRTG Probe got installed is recommended though.

Kind regards,
Felix Saure, Tech Support Team

Created on Oct 18, 2021 8:09:51 AM by Felix Saure [Paessler Support]

Last change on Oct 18, 2021 8:36:38 AM by Felix Saure [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.