New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Rights for Svc account and Services

Votes:

0

Your Vote:

Up

Down

Hi. We have recently rebuilt our PRTG monitoring setup and are now looking at the Services running and the Service account privileges. Least privilege is an important part of any security plan. With that in mind is it required for our PRTG service account and the 2 PRTG services that are running to have admin rights? If so, is there documentation outlining this with an explanation of why?

Thanks

Jeremy

access-rights prtg services

Created on Jun 11, 2019 6:45:18 PM by  jhallam (140) 1 2



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Hi there,

No special permissions are required, as mentioned above:
PRTG needs access to all files related to the tool (Program Files, Program Data) and should be able to run EXE based sensors. Beside that there is not much rights needed.

Best regards.

Created on Jul 1, 2019 3:53:02 PM by  Dariusz Gorka [Paessler Support]



7 Replies

Votes:

0

Your Vote:

Up

Down

Hi there,

Just to clarify this, do you mean PRTG's service account used for WMI requests? If not, what service account do you mean?

Best regards.

Created on Jun 12, 2019 8:22:03 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I am talking about the 2 PRTG Services. The PRTG Core Server Service and the PRTG Probe Service. They are running as Local System, so they have local admin rights. We were looking at changing them to use a less privileged account if they don't need the local admin rights to function correctly.

Also, we used a Domain Service account we created to to install PRTG. For the install to run correctly we had to make the account a local admin on the PRTG Server. Now that the installation is done we would like to reduce the service account privileges if we can.

Created on Jun 12, 2019 5:59:57 PM by  jhallam (140) 1 2



Votes:

0

Your Vote:

Up

Down

Hi there,

PRTG needs access to all files related to the tool (Program Files, Program Data) and should be able to run EXE based sensors. Beside that there is not much rights needed.

Within the "services.msc" you can configure your service user for both services.

Best regards.

Created on Jun 13, 2019 8:21:04 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Thank you. As far as the domain service account we used for install. Should we be able to reduce it's rights now. I am thinking that after the install it is not used for other actions on the network, so we should be able to but I wanted to make sure I didn't miss anything.

Created on Jun 13, 2019 11:49:27 AM by  jhallam (140) 1 2



Votes:

0

Your Vote:

Up

Down

Hi there,

You can install PRTG under any user you want - the services still run under "SYSTEM". Only if you change the logon user for the "PRTG Core" and "PRTG Probe" service via the "services.msc", then that user is used to run PRTG.

Best regards.

Created on Jun 13, 2019 6:32:45 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Correct. The services run under the local system account by default. I am trying to see what permissions are needed for these services so I can switch them to use a service account that is not the "local system" built in account. Security is the reasoning behind the questions since the :Local System" built in account is basically a local administrator on the box.

Thanks

Created on Jul 1, 2019 3:17:00 PM by  jhallam (140) 1 2



Accepted Answer

Votes:

0

Your Vote:

Up

Down

Hi there,

No special permissions are required, as mentioned above:
PRTG needs access to all files related to the tool (Program Files, Program Data) and should be able to run EXE based sensors. Beside that there is not much rights needed.

Best regards.

Created on Jul 1, 2019 3:53:02 PM by  Dariusz Gorka [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.