Sometime ago, I've tried to search suchthing, and determine the minimum permissions to make WMI specific queries. I've stopped on WMI and COM+ custom permissions that couldn't be set via GPO and for a big enviroment, this is a big problem.
Have a check on google + microsoft searching for WMI query permissions... []'s LĂvio Zanol Puppim 2008/4/24, Cook, Garry <[EMAIL PROTECTED]>: > > > > > Thank you Tony, > > I see that you're the author of NC_Net, and I think you sent a message the > other day stating that there was a newly released version. > > What are your thoughts on doing things the way I described below vs. using > NC_Net (or any agent). > > Pros, cons, reason to use both? > > > > Thanks, > Garry > > > > > From: Anthony Montibello [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 24, 2008 4:04 PM > To: Cook, Garry > Cc: [email protected] > Subject: Re: [Nagios-users] Using NRPE-NT to check WMI on Windows Server > > > > > > Each WIndows element and WMI stuff require different permissions, > > > > > > When using WMI, you have access to do almost anything, > > > for example when query for users WMI contacts the primary domain controler > and waits for its results of all users in the Domamin. Naturally this > requires higher permissions than just qurying processes running in your user > space. > > > > > > To minimize your headacks, I assunme you want to test many system stats that > only System, Network Services or Administrators have access. > > > If this is true,Try to convince the domain admins to approve all your > scripts as non-destructive scripts. Then get the Domain Admins to add a > user with thesse administrator permissions, then restict that user to no > logon rights, and only rights to access the particular NRPE port. > > > > > > I hope this helps > > > > > > TOny > > > (Author of NC_NEt) > > > > > > > > > > > > On Thu, Apr 24, 2008 at 4:05 PM, Cook, Garry <[EMAIL PROTECTED]> > wrote: > > > > Question for the Window's gurus out there. I'm not really a 'windows guy' > and don't have access to the Windows servers that I've been asked to > monitor. Therefore, I'm using the NRPE VBScript setup developed by > Groundwork to monitor some Windows servers via WMI. The NRPE-NT service runs > on one box which I do have control over and this is also where the VBScript > plugins live. > > > > When running NRPE-NT as my own Windows account, I can check services on > File/Print servers, but not Domain Controllers. I tried several other > accounts that have various levels of access and receive different errors. > I've been reduced to having one of our Domain Admins run this service under > his account, which works. This was done temporarily to test that this method > is possible, but cannot be used as a permanent solution. The goal is to have > NRPE-NT run as an account with the minimum level of permissions to perform > these service checks. > > > > What level of access does the account that runs the NRPE-NT service need to > have on all of the servers in order to function properly? > > Thank you, > > Garry W. Cook, CCNA > Network Systems Specialist > ARCADIS U.S., Inc. > 630 Plaza Drive, Suite 200 > Highlands Ranch, CO 80129 > 720.344.3708 (Office) > 720.220.1862 (Mobile) > > > ________________________________ > > > NOTICE: This e-mail and any files transmitted with it are the property of > ARCADIS U.S., Inc. and its affiliates. All rights, including without > limitation copyright, are reserved. The proprietary information contained in > this e-mail message, and any files transmitted with it, is intended for the > use of the recipient(s) named above. If the reader of this e-mail is not the > intended recipient, you are hereby notified that you have received this > e-mail in error and that any review, distribution or copying of this e-mail > or any files transmitted with it is strictly prohibited. If you have > received this e-mail in error, please notify the sender immediately and > delete the original message and any files transmitted. The unauthorized use > of this e-mail or any files transmitted with it is prohibited and disclaimed > by ARCADIS U.S., Inc. and its affiliates. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
