How do I configure a non-administrative user for windows management instrumentation (WMI) access?
If you're a user with administrator privileges on the server to be monitored, then you'll be able to connect to windows management instrumentation (WMI) by default. However, if you're a user with standard privileges, you must configure the user for WMI access.
For this, complete the following steps -
- Create and add the user to the Performance Monitor user group
- Allow Windows firewall
- Add the user to the DCOM user group
Adding a user to the Performance Monitor user group
- Create a non-administrative user on the server to be monitored.
- Next, add the user to the Performance Monitor group in Windows. For this, open the Control Panel and click Administrative Tools.
- After this, open the Computer Management console.
- Here, from the left pane, select Local Users and Groups.
Figure 1. Local Users and Groups. - Then double-click Groups in the center pane.
- Here, select the Performance Monitor Users group.
Figure 2. Performance Monitor Users group. - Click More Actions on the right pane and then select Properties.
- Click Add, then select the users you wish to add to the group or enter their details in the bottom field.
Figure 3. Enter user details in 'Select Users, Computers, Service Accounts, or Groups' pop-up. - Once you've added all the users that you want to add, click OK.
- Next, open the wmimgmt.msc window.
- In the left pane, select WMI Control (Local).
Figure 4. WMI Control(Local). - Click More Actions on the right pane, and select Properties.
- Then, select the Security tab in the WMI Control (Local) Properties window.
- Select Root, then click Security.
Figure 5. Selecting 'Security' in WMI Control(Local) Properties. - Select the group or username and then click Add.
Figure 6. Clicking 'Add' after selecting the group or username. - In the Enter the Object Names section, enter Performance Monitor Users and then, click Check Names. This will auto populate the group name according to the value that you've entered.
Figure 7. Enter 'Performance Monitor Users' and click Check Names. - Click OK. This will take you back to the Security for Root window.
- Select the Execute Methods, Remote Enable, and Enable Account checkboxes here.
- After this, click the Advanced button.
- Select the Performance Monitor Users group, and then click Edit.Figure 8. Click Edit after selecting Performance Monitor Users Group.
- In the Applies to field, select This namespace and subnamespaces to provide read-only access to the WMI tree.
Figure 9. Select 'This namespace and subnamespace' in the 'Applies to' field. - Then, click OK till you go back to the WmiMgmt Console.
Allowing Windows Firewall
If you find that the firewall is blocking the WMI access, you can execute commands through a command prompt to allow access or perform the following actions -
- Open Control Panel on Windows.
- Click Windows Defender Firewall.
- Then, on the left pane, select Allow an app or feature through Windows Defender Firewall. Figure 10. Allow an app or feature through Windows Defender Firewall.
- Click Change Settings and then scroll down to Windows Management Instrumentation (WMI).
- Here, click the Domain and Private checkboxes.
Figure 11. Selecting 'Domain' and 'Private' checkboxes for WMI. - Click OK.
Configuring DCOM Access
If any predefined DCOM user group is not being used, perform the following steps for DCOM access:
- Open Component Services from Administrative Tools in the Control Panel, or enter dcomcnfg in the Run command.
- Click Component Services in the left pane and navigate to Computers> My Computer.
- Click More Actions on the right pane and open Properties.
Figure 12. Component Services Properties. - Select the COM Security tab.
- Here, in the Launch and Activate Permissions section, click Edit Limits.
Figure 13. 'Edit Limits' on My Computer Properties. - Next, in the Launch and Activate Permission window, scroll in the Group or user names section, and click Distributed COM users.
- Following this, in the Permissions for Distributed COM Users section, ensure all the Allow checkboxes are ticked.Figure 14. Launch and Activation Permission Window.
- Click OK and close all the windows.
Following all these steps ensures you have the appropriate permissions to access WMI from the On-Premise Poller installed machine.
If you've any more queries regarding this, please get in touch with support@site24x7.com.
Related Articles
Troubleshoot the Unauthorized user (Error 401) when installing Tomcat plugins
When installing Tomcat plugins, you may encounter the following error: Unauthorized user. Does not have permissions. HTTP Error 401: This error usually occurs when the user accessing the Tomcat Manager application does not have the necessary ...Executables and scripts to allow for Windows server monitoring
One of the reasons you could not enable Site24x7 server monitoring could be your organization's group policy denying access to the executables, scripts, and batch files associated with Site24x7 server monitoring. Mark the following executables, ...No data for service and process in Windows server monitor
If you see "No Data" for process and service metrics (such as CPU or memory usage of monitored services) in the Site24x7 Windows server monitor user interface, follow the troubleshooting steps below. Run PowerShell Commands Open PowerShell as ...Troubleshooting false positive alerts in monitoring
Problem False positive alerts are being generated. Possible cause The monitoring system is down in some locations. The Website monitor might be configured for one location, such as Seattle, but may appear down when accessed from another location, ...Site24x7 Real User Monitoring (RUM) - Data Collection
When you include Site24x7 RUM beacon script in your web pages, the following data is collected. All data that's being collected is in accordance with GDPR compliance. Performance details of web page load time - Metrics like response time of web page ...