Permissions to monitor servers with WMI

[espial_it]

Hi,

I've been working on setting up Nagios XI, specifically using WMI to monitor Windows servers, but I'm having some permission issues. If I put my wmiagent user in the administrator group, everything works as it would be expected since it has all the rights. I followed this document https://assets.nagios.com/downloads/nag ... ios-XI.pdf and it was still not working, I would get permission errors when trying to detect services, process ... using the wizard. I then used the sc command with the wmiagent SID to provide permission to interact with the scmanager. That fixed the issue with the wizard.

Then the services checks started to fail, it seems that wmiagent user didn't have rights to query the services. I granted permission using subinacl.exe to give the user rights to the service I was monitoring and that seems to have solved the issue.

Is there a way to simplify this and not have to go to all that to be able to monitor servers using WMI? Of course there's the administrator way, but this is not a secure way to do it.

Any help on this would be appreciated.
Thanks

[mcapra]

Is there a way to simplify this and not have to go to all that to be able to monitor servers using WMI?

Beyond the documentation that has been provided, which I played around with a lot in pursuit of producing a Python flavored version of WMI checks, I don't believe so. WMI as a spec has to be pretty explicit in it's security rules because of all the potentially awful things one could do via unsecured WMI -- as a spec and in modern implementations of Windows it's doing a lot more than just exposing metrics.

NSClient++ has the CheckWMI module. I think NSClient++ runs as the local system account by default, so it should have no trouble executing WQL queries. But at that point ... you may as well just use the native cpu/mem/file/etc checks in NSClient++ or install a supported agent like NCPA

[espial_it]

Thanks, I will give that a try.

[cdienger]

Thanks for the input, @mcapra!