What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

OPEN: Feature Request: Support Kerberos authentication for WMI sensors

Votes:

62

Want this feature implemented, too? Please upvote by clicking Thumbs up!

(Posts as a reply won't be published in this feature request thread. Read Me!)

User story

For security reasons, Microsoft recommends to disable NTLM and to use kerberos instead. If NTLM (v1 and v2) is disabled, WMI-sensors will fail because kerberos authentication is not supported.

Details of user story

NTLM is used as vector in recent malware attacks. Microsoft recomends to disable it. If NTLM is disabled via GPO it is possible to restrict NTLM for distinct servers. But as every PRTG-monitored device acts as server when WMI is used, this will not help. It makes no sense do disable NTLM domain wide and make an excaption for all domain computers. At the end, a proper use of PRTG in a Windows domain environment is incompatible with disabled NTLM.

Acceptance criteria

WMI Sensors will work in a kerberos/active directory environment if NTLM v1 and NTLM v2 is disabled.

Status

Open

add-feature kerberos ntlm prtg-kbtracker wmi

Created on Jul 28, 2021 7:00:36 AM

Last change on Jul 30, 2021 4:48:55 AM by Sven Roggenhofer [Paessler Technical Support]



Replies

Nobody has replied yet


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.