hostProps.set() workaround
Hey all,
So it looks like I'm not the only one trying to find a way to update device properties on the fly using the collector.
I'm not sure why a hostProps.set() i...
Forum Discussion
QuoteLM collector installation instructions still include "If this Collector is monitoring other Windows systems in the same domain, run the service as a domain account with local administrator permissions."
Ah - a tale as old as time. ?
I think everyone would agree that admin permissions - local or otherwise - isn't ideal. Unfortunately, as you've discovered, so many seemingly innocuous read-only actions are locked to administrators only in Windows. WMI, CIM methods, remote script execution, etc - none of that works predictably without granting uncomfortable levels of permissions. The alternative to the all or nothing approach is to use agent-based monitoring solutions that run locally on the targets themselves. Of course, this has its own nightmarish drawbacks. Who knows - Microsoft might surprise us with a new OS that overhauls user permissions in such a way that - out of the box - remote monitoring can be safely accomplished with some reasonable assurances that there are minimal security implications. A man can dream...
That being said - if I'm understanding you correctly, it sounds like the solution I posted above might negate the need for the API accounts you mentioned. So if you migrate your primary API functions to use the native java library, you can shut off the API keys entirely and just let the collector do its thing. I'm no security expert so please correct me if my assertion is incorrect.
In any case - please reply to this post if you start playing around with the library. I'm really curious if it works well for others. So far it's been a lifesaver for me.
Cheers!
