Neophyte
MastermindThey could be using different credentials. There are two ways LM can authenticate in Windows: 1) Integrated 2) discrete.
For integrated authentication, the collector uses the credentials used to run the service. If those creds (which can be explicitly defined as a username or could be system) don't have access to the target, it'll fail.
For discrete auth, this uses wmi.user and wmi.pass properties defined on the resource in LM.
Most of the logicmodules built by LM automatically detect which auth method to use. Yours may not. So they could be using different creds.
Not running as admin on a Windows collector should be a careful decision for this very reason. In our case, unless we ran it as admin, we'd have to specify admin creds on every target server, which is just as much a security concern as running the service with the admin creds. Since they are equally as risky, but both the nature of monitoring in Windows, we choose to just run the service with domain admin creds. In actuality, we run most as system, but give that system admin access. This means there's no password to be hacked because it's not a user account but a computer object in the domain that is granted access.
