Read only agent / collector

8 years ago

On 2/16/2017 at 9:32 PM, Matthew Dunham said:

Hey @Eric Singer -

My apologies -- I didn't realize the state of our documentation for this use-case. I'm working on rewriting, and making sure our Support Engineers are in a position to support this use-case.

Matthew (or other LM'er): looking at the docs as they stand now, it would seem that to use WMI without administrator-level priveledges the guidance is that each monitored windows node must have local security policy changes. Is that correct? Is there any AD-only solution where the service account in use for WMI polling has the minimally required rights to accomplish the basic goals? Is it further complicated when domain controllers are used as the systems running the collector (understand that using domain controllers for collectors is not the best choice, but as an MSP I can only recommend against this and in some cases our hand has been forced). Specifically, we need an account that can poll WMI but cannot execute powershell or other scripts that can modify the environment.

Forum Discussion

Related Content

Collectors: Open Telemetry vs. LM Collector

Collector Debug - removed?

Bug early release Collector Update V34.500

Event Sources SNMP and Windows collectors?

Auto Balanced Collector Group vs Failover?

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards