Configuring Windows Systems for Monitoring with WMI

Download this manual as a PDF file

Employ the following carte options to navigate the SL1 user interface:

The post-obit sections draw how to configure Windows Server 2008 and later and Windows desktop systems for monitoring by SL1 using SNMP:

Configuring WMI on Windows 2008 and Later Servers

Windows Management Instrumentation, or WMI, is the infrastructure that provides information nigh operations and direction on Windows-based operating systems. WMI can be configured to respond to remote requests from SL1.

To configure a Windows device to respond to remote requests, you must perform the post-obit steps:

  • Configure Services
  • Configure the Windows Firewall
  • Configure a user account and permissions
  • Configuring a fixed port for WMI

About remote requests can be performed by a standard (non-administrator) user account that has been granted specific privileges. Notwithstanding, some requests can be performed merely by a user with elevated permissions. For requests performed by SL1 to a Windows server, the following users have elevated permissions:

  • The default "Administrator" user account.
  • A user account in the Administrators grouping on a Windows server that has User Account Control disabled.
  • A user account in the Administrators group on a Windows server where a registry entry has been added to disable remote User Account Control filtering.

For a list of WMI classes that crave elevated permissions, see http://msdn.microsoft.com/en-united states/library/windows/desktop/aa826699%28v=vs.85%29.aspx

For a list of default WMI Dynamic Applications that require elevated permissions, see the chapter on Dynamic Applications for Windows Devices.

Step one: Configuring Services

The post-obit services must be running for a Windows device to answer to remote WMI requests:

ScienceLogic recommends you set all these services to automatically commencement.

  • COM+ Result Organization
  • DCOM Server Process Launcher
  • Remote Process Call (RPC)
  • Remote Registry
  • Server
  • Windows Management Instrumentation

To ensure a service is running, perform the post-obit steps:

  1. In the left pane of the Server Director window, expand the Configuration section, and then select Services.
  1. For each required service, the Startup Type column should display Automatic. If a service does not have a Startup Type of Automatic, double-click on that service. The Properties window for that service is displayed:
  1. In the Startup Type field, select Automatic.
  2. Click the Apply button.
  3. If the service has not already started, click the Start push button.

Step 2: Configuring the Windows Firewall

To configure Windows Firewall to have remote WMI requests:

  1. Click the magnifying glass icon in the bottom-left corner and blazon "Command Prompt" in the Search Windows field.
  2. Execute the following 2 commands in the Control Prompt window:

netsh advfirewall firewall fix dominion group="windows direction instrumentation (wmi)" new enable=yep

netsh advfirewall firewall set rule group="remote administration" new enable=yes

  1. If the effect of the second command is "No rules match the specified criteria", run the post-obit two commands:

netsh firewall set service remoteadmin enable

netsh advfirewall firewall set dominion group="remote administration" new enable=yes

Step 3: Configuring a User Account and Permissions

There are three ways to configure the user business relationship that SL1 will use to perform WMI requests:

  1. To monitor the Windows server using WMI Dynamic Applications that crave standard permissions, yous tin can configure a standard user account for use by SL1. The user account for use by SL1 must be included in the Distributed COM Users and Operation Monitor Users groups. (For more information, consult Microsoft's documentation.)
  1. To monitor the Windows server using WMI Dynamic Applications that require elevated permissions, yous can use the default "Administrator" user account. If y'all use the "Administrator" user account, you practise not demand to make changes to the User Business relationship Control settings.
  1. To monitor the Windows server using WMI Dynamic Applications that crave elevated permissions, you lot tin can as well use a user account that is included in the Administrators group. All the same, you must perform one of the following additional steps to apply this type of user account:
  • Option i: Make the user a member of the Distributed COM Users and Performance Monitor Users groups, in addition to the Administrator group. (For more information, consult Microsoft's documentation.)
  • Option ii: Configure User Admission Control to allow elevated permissions.

Configuring Namespace and DCOM Security Permissions

For each of these methods, you lot must ensure that the configured Namespace and DCOM security permissions allow that user to perform remote requests.

To configure the Namespace and DCOM security permissions:

  1. In the left pane of the Server Manager window, expand the Configuration section.
  2. Right-click on the WMI Control entry and so select Properties.
  1. In the WMI Command Properties window, click the Security tab:
  1. In the Security tab, select the Root entry from the navigation pane and and then select the Security button. The  Security for Root window appears.
  1. In the Security for Root window, select the Avant-garde button. The Advanced Security Settings for Root window is displayed:
  1. In the Advanced Security Settings for Root window, click the Add together push. The Select User, Computer, Service Account, or Grouping window appears.
  1. In the Select User, Reckoner, Service Account, or Grouping window :
  • In the Enter the object name to select field, enter the name of the user account that SL1 will use to perform WMI requests or the name of a group that includes that user account.
  • Click the Check Names button to verify the name and and so click the OK push button.
  1. The Permission Entry for Root window is displayed:
  • Select This namespace and subnamespaces in the Apply to field and select the Permit checkbox for all permissions.
  • Click the OK button.
  1. In the Advanced Security Settings for Root window, click the Apply push button.
  2. Click the OK button in each open window to get out.
  3. Go to the Start menu and select Run.
  1. In the Run window, enter "dcomcnfg" and click OK. The Component Services window is displayed:
  1. In the left pane, expand Component Services > Computers. Correct-click on My Calculator and select Properties. The My Computer Properties window is displayed.
  1. In the My Computer Properties window, select the Default Properties tab:
  • Ensure that the Enable Distributed COM on this computer checkbox is selected.
  • Select Connect in the Default Authentication Level drop-down list.
  • Select Identify in the Default Impersonation Level drop-down list.
  • If y'all made changes in the Default Properties tab, click the Apply button.
  1. Select the COM Security tab:
  1. Select the Edit Limits... button in the Access Permissions pane.
  1. In the window that appears, click the Add... push button. The Select Users, Computers, Service Accounts, or Groups window is displayed.
  • Enter the name of the user account that SL1 volition employ to perform WMI requests or the proper noun of a group that includes that user account.
  • Click the Cheque Names push button to verify the proper name then click the OK push.
  1. Select the group or user you added in the Group or user names pane and then select the Allow checkbox for all permissions.
  2. Click the OK button.
  3. Click the Edit Default... push button in the Access Permissions pane, then repeat steps 16 - nineteen.
  4. Click the Edit Limits... button in the Launch and Activation Permissions pane, so repeat steps xvi - 19.
  5. Click the Edit Default... button in the Launch and Activation Permissions pane, then repeat steps xvi - 19.
  6. Click the Utilize push.
  7. Click Yes in the confirmation window.

Configuring User Account Command to Permit Elevated Permissions

If you want to use WMI Dynamic Applications that require elevated permissions to monitor a Windows server and yous are using a user business relationship other than the default "Administrator" user account, y'all must perform one of the following 2 tasks:

  • Option 1: Disable User Account Control.
  • Selection ii: Add together a registry entry that disables remote User Business relationship Control filtering.

Option 1: Disabling User Account Command

To disable User Business relationship Control:

  1. Open the Command Console in Large Icon or Modest Icon view.
  1. Select User Accounts.
  1. Select Change User Account Control Settings. The User Account Control Settings window is displayed:
  1. Move the slider to Never Notify.
  2. Click the OK push.
  3. Restart the Windows server.

Pick 2: Adding a Registry Entry that Disables Remote User Business relationship Control Filtering

To add a registry entry that disables remote User Account Control filtering:

  1. To disable the filter, open a text editor and add the following lines to a new file:

    2. Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

    "LocalAccountTokenFilterPolicy"=dword:00000001

  1. Save the file with a ".reg" extension.
  2. In Windows Explorer, double click on the .reg file.
  3. Select Yes in the pop-up window.

Stride iv: Configuring a Fixed Port for WMI

Specific ports must be opened to permit WMI monitoring when there is a carve up firewall between the Data Collector and the device. This can occur when the default configuration of the Windows Firewall blocks incoming network traffic for the Windows Management Instrumentation (WMI) connection.

For the WMI connection to succeed, the remote machine must permit incoming network traffic on TCP ports 135, 445, and boosted dynamically-assigned ports, typically in the range of 1025 to 5000 and 49152 to 65535.

To gear up a fixed port for WMI, see the Microsoft documentation on Setting Upwards a Fixed Port for WMI.

Configuring WMI for Windows Desktop Systems

This section describes how to configure devices that are running a desktop version of the Windows operating organization for monitoring by SL1 using WMI.

Before performing the tasks described in this section, you must know the IP address of each SL1 apparatus in your network. If you have not installed a SL1 appliance, you must know the future IP accost that will exist used by each SL1 appliance.

To be monitored past SL1, a Windows device must be running the Windows vii operating system or later.

TCP/IP must be installed and configured earlier you can install SNMP on a Windows device.

Windows Direction Instrumentation (WMI) is the infrastructure that provides information most operations and direction on Windows-based operating systems. WMI can be configured to respond to remote requests from SL1. To configure a device running a desktop version of the Windows operating arrangement to respond to remote requests, y'all must perform the following steps:

  • Configure Services
  • Configure the Windows Firewall
  • Set Default Namespace Security
  • Gear up the DCOM Security Level
  • Disable User Business relationship Control
  • Configuring a fixed port for WMI

The following instructions depict how to configure WMI on devices running a desktop version of the Windows 10 operating system. For instructions on how to configure WMI on earlier Windows versions, consult Microsoft's documentation.

Step 1: Configuring Services

The following services must be running for a Windows device to answer to remote WMI requests:

ScienceLogic recommends you set all these services to kickoff automatically.

  • COM+ Effect Arrangement
  • Remote Admission Automobile Connectedness Managing director
  • Remote Access Connection Manager
  • Remote Procedure Call (RPC)
  • Remote Process Call (RPC) Locator
  • Remote Registry
  • Server
  • Windows Management Instrumentation
  • WMI Performance Adapter
  • Workstation

To ensure a service is running, perform the following steps:

  1. Click the magnifying glass icon in the bottom-left corner and blazon "Services" in the Search Windows field.
  1. Click the Services Desktop app.
  1. From the list of services in the right pane, perform the remaining steps for each of the services you desire to check. This example uses Workstation. Yet, yous should bank check each of the following services:
  • COM+ Event System
  • Remote Admission Auto Connection Manager
  • Remote Access Connexion Manager
  • Remote Procedure Call (RPC)
  • Remote Procedure Call (RPC) Locator
  • Remote Registry
  • Server
  • Windows Management Instrumentation
  • WMI Operation Adapter
  • Workstation
  1. Double-click the name of the service. In this example, we double-clicked Workstation.
  2. In the Workstation Properties dialog box, click the General tab and consummate the following field:
  • Startup Blazon. Select Automatic.
  1. Click the Apply push button.
  2. If the service has non already started, click the Showtime button.
  3. Repeat steps 4-seven for each service.

Step 2: Configuring Windows Firewall

To configure Windows Firewall to accept remote WMI requests:

  1. Click the magnifying glass icon in the lesser-left corner and blazon "Command Prompt" in the Search Windows field.
  2. Execute the following ii commands in the Command Prompt window:

netsh advfirewall firewall set rule group="windows direction instrumentation (wmi)" new enable=yes

netsh advfirewall firewall gear up rule group="remote administration" new enable=yes

  1. If the result of the second control is "No rules lucifer the specified criteria", run the following ii commands:

netsh firewall set service remoteadmin enable

netsh advfirewall firewall set dominion group="remote administration" new enable=yep

Step 3: Setting the Default Namespace Security

To set the default namespace security, perform the post-obit steps:

  1. Click the magnifying drinking glass icon in the lesser-left corner and type "Services" in the Search Windows field.
  1. Click the wmimgmt.msc Microsoft Common Panel Certificate.
  1. In the WmiMgmt window, right click WMI Control (Local) and select Properties.
  1. In the WMI Command (Local) Properties window, click the Security tab, click Root, and and then click the Security button.
  1. In the Security for Root window, click Administrators, and and so click the Advanced push button.
  1. In the Avant-garde Security Settings for Root window, click Administrators, then click the Edit... push.
  1. In the Permission Entry for Root window, enter the following:
  • Type. Select Allow.
  • Applies to. Select This namespace and subnamespaces.
  • Permissions. Select the Execute Methods, Full Write, Partial Write, Provider Write, Enable Account, Remote Enable, Read Security, and Edit Security checkboxes.
  1. Click OK in this window and the following windows, and and then close the WmiMgmt window.

Step 4: Setting the DCOM Security Level

To set the DCOM Security Level, perform the following steps:

  1. Click the magnifying glass icon in the bottom-left corner and type "dcomcnfg.exe" in the Search Windows field.
  1. Click the dcomcnfg.exe command.
  1. In the Component Services window, expand Component Services > Computers, correct-click My Computer, and then select Properties.
  1. In the My Computer Properties window, click the Default Properties tab and and so consummate the following fields:
  • Enable Distributed COM on this calculator. Select this checkbox.
  • Default Authentication Level. Select Connect.
  • Default Impersonation Level. Select Identify.
  1. In the My Computer Properties window, click the COM Security tab. Nether Launch and Activation Permissions, click the Edit: Default... push.
  1. In the Launch and Activation Permission window, select the post-obit:
  • Group or user names. Select Administrators.
  • Permissions for Administrators. Set up Local Launch, Remote Launch, Local Activation, and Remote Activationto Permit.
  1. Click OK .
  1. In the My Calculator Backdrop window, in the Launch and Activation Permissions pane, click the Edit Limits... button.
  1. In the Launch Permission window, select the following:
  • Grouping or user names. Select Administrators.
  • Permissions for Administrators. Set Local Launch, Remote Launch, Local Activation, and Remote Activationto Allow.
  1. Click OK in this window and the following windows, and then close the Component Services window.
  2. Restart the computer to relieve the settings.

Step 5: Disabling User Account Control

To monitor a device running Windows 7, 8, or x, you lot must perform the post-obit additional steps to disable the User Account Control (UAC) filter for remote logins:

  1. Use a text editor such as Notepad to create a new file.
  1. Include the following in the file.:

    2. Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Organisation]

    "LocalAccountTokenFilterPolicy"=dword:00000001

  1. Relieve the file with a name of your option, like disableUAC.reg, to the directory of your selection. Make sure to save the new file with the .reg suffix.
  2. In Windows Explorer, double click on the .reg file to execute information technology.

Footstep 6: Configuring a stock-still port for WMI

Specific ports must be opened to permit WMI monitoring when in that location is a divide firewall betwixt the Data Collector and the device. This can occur when the default configuration of the Windows Firewall blocks incoming network traffic for the Windows Direction Instrumentation (WMI) connection.

For the WMI connectedness to succeed, the remote machine must allow incoming network traffic on TCP ports 135, 445, and additional dynamically-assigned ports, typically in the range of 1025 to 5000 and 49152 to 65535.

To set up a stock-still port for WMI, see the Microsoft documentation on Setting Up a Fixed Port for WMI.