Forum Discussion

8 years ago

Read only agent / collector

I know I've brought this up before, but I'd like to bring it up again. LM's requirement that collectors run as local admins (or system) is a GAPING security hole in your product. No amount of cer...

collector

security

Matthew_Dunham

Former Employee

7 years ago

We've done some in-house research into the right-sizing of the appropriate permissions for polling WMI/PDH from a remote system. Our own experience has been that we can indeed craft a set of non-administrative permissions carved out for this use-case for a given OS version + service-pack + patch-level. But that a subsequent patch may change these on any particular Patch Tuesday, which makes it pretty challenging for us to support -- or even recommend.

We have an initiative in-flight with Microsoft Consulting by which we're attempting to get direct guidance from the proverbial "horse's mouth" on how best to right size these permissions in a future-proof (or at least future-resistance) way. Stay tuned....

Forum Discussion

Read only agent / collector

Related Content

Collectors: Open Telemetry vs. LM Collector

Collector Debug - removed?

Bug early release Collector Update V34.500

Event Sources SNMP and Windows collectors?

Auto Balanced Collector Group vs Failover?

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards