How WMI, DCOM, RPC and UAC effect access to remote Window Systems for Monitoring

Professor

4 years ago

I have not needed to apply custom ACLs to services personally, so I have only done it a little bit with a test setup. For common situations like Domain Controllers where you can't just create local users, I've offered to install the Collector directly on the domain controller using Local System and only have it monitor itself.

In my testing for this post I used the built-in SC.exe command via CLI but there are several ways to do, like how described at https://www.winhelponline.com/blog/view-edit-service-permissions-windows/. Reviewing my notes here are some websites that was useful for understanding the SDDL syntax but you might want to use one of the GUI tools unless you want to script/automate it:

University of Washington IT: Understanding SDDL Syntax
MSMVP: SDDL – easier to read, except when it’s not (good details on Windows Service specific SDDL)

If you do figure out a good process for customizing SACLs for monitoring, I would be interested in it! Thanks.

Forum Discussion

How WMI, DCOM, RPC and UAC effect access to remote Window Systems for Monitoring

Related Content

Effective Disk Monitoring

Process Monitoring

Meraki monitoring within Logic Monitor

Process monitoring (Linux)

Aruba Central Monitoring?

Recent Discussions

How do you monitor Running Services on Linux boxes?

Change roles without email notification?

ConfigSource for Linux Files.

Module Toolbox AppliesTo IDE

Non-Admin Collector install