The Site24x7 App Monitoring Agent can be configured to monitor a Microsoft SQL Server instance. During setup via the Agent Manager command-line interface, the agent's Windows service logon account must have the appropriate domain credentials to authenticate against the remote SQL Server host.

This document details every permission and privilege required when a Group Managed Service Account (gMSA) is used as the service logon identity for the Site24x7 App Monitoring Agent.

What is a gMSA and why use it?

A Group Managed Service Account (gMSA) is a managed domain account in Active Directory that provides automatic password management, eliminating the need to manually rotate service account passwords. Using a gMSA for the Site24x7 agent service offers the following security benefits:

• Passwords are managed automatically by Active Directory (rotated every 30 days by default).
• The account cannot be used for interactive logon, reducing the attack surface.
• Access can be restricted to specific hosts in Active Directory.
• Auditing and privilege assignment are centrally managed via Group Policy.

Windows service account permissions and privileges

The Site24x7 App Monitoring Agent uses multiple threads for MSSQL data collection. Keep a minimum of 40–50% buffer RAM and disk space when remotely monitoring more than five instances.

Prerequisite: Ensure the Windows service account (including a gMSA, if used) is granted the Log on as a service right on the server.

Steps to add the permission:

1. Open Run, type secpol.msc, and press Enter.
2. Go to Local Policies > User Rights Assignment.
3. Open Log on as a service.
4. Click Add User or Group.
5. Enter the Windows service account or gMSA name, then click OK.

Also ensure the account has the necessary privileges to collect metrics.

Prerequisites

Agent setup workflow

The following steps describe the setup flow as captured in the developer reference. Each step identifies where the service account credential is required.

1. Open Agent Manager: Right-click the Site24x7 Agent Tray Icon and select Open Agent Manager. This launches the command-line management interface at:
   C:\Program Files (x86)\Site24x7\WinAgent\monitoring\bin\AgentManager.exe

2. Run the add_instance command: Type sqlserver add_instance to initiate the remote SQL Server instance configuration wizard.

3. Select SQL Server type: Choose option 2: Remote SQL — SQL Server installed in another machine.

4. Select authentication type:

   • Choose option 1: Windows Authentication. The agent uses the service logon account's domain credentials to authenticate. The current log on user of the Site24x7 App Monitoring Service will be displayed.

     Change service logon user: When prompted "Do you need to change the service Log On user to a domain account with access to SQL Server instance? (Y/N)":

     • Y — If you need to change the service log on user. Enter the service user name (for example, mssql@site24x7.com) and password.
     • N — To continue with the current service log on user.

   • Choose option 2: SQL Authentication. Enter the Hostname, Instance Name (enter SQLSERVER for the default instance), Username, and password to add the instance for monitoring via SQL Authentication.

5. Confirm instance details: Provide the Host Name and Instance Name (enter SQLSERVER for the default instance). The agent validates and adds the SQL Server Database Monitor.