Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor



Similar documents
Migrating Cirrus. Revised 7/19/2007

Configuring and Integrating JMX

SolarWinds Technical Reference

Customizing LANsurveyor Maps

SolarWinds Technical Reference

Configuring and Integrating MAPI

SolarWinds Toolset Migrating Guide

SolarWinds Technical Reference

SolarWinds Migrating SolarWinds NPM Technical Reference

Configuring and Integrating Oracle

SolarWinds Technical Reference

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

SolarWinds Technical Reference

SolarWinds Technical Reference

DameWare Server. Administrator Guide

Using SolarWinds Orion for Cisco Assessments

SolarWinds Orion Integrated Virtual Infrastructure Monitor Supplement

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide

How To Install Outlook Addin On A 32 Bit Computer

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

TechNote. Contents. Overview. System or Network Requirements. Deployment Considerations

Enabling Windows Management Instrumentation Guide

Nagios XI Monitoring Windows Using WMI

Setup non-admin user to query Domain Controller event log for Windows2003

SolarWinds. Packet Analysis Sensor Deployment Guide

BMC Performance Manager Windows Security White Paper DCOM / WMI

Universal Management Service 2015

AKIPS Network Monitor User Manual (DRAFT) Version 15.x. AKIPS Pty Ltd

Symantec AntiVirus Corporate Edition Patch Update

SolarWinds Technical Reference

SolarWinds Technical Reference

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Oracle Enterprise Manager

Table of Contents. Contents

SolarWinds Toolset Quick Start Guide

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

FTP Server Configuration

How To Install An Archive Service On An Exchange Server (For A Free) With A Free Version Of Ios (For Free) On A Windows Xp Or Windows 7 (For Windows) (For An Ubuntu) (

Troubleshooting. services

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

HP Device Manager 4.6

Using SolarWinds Log and Event Manager (LEM) Filters and Alerts

For Active Directory Installation Guide

Installing Act! for New Users

SOLARWINDS ORION. Patch Manager Administrator Guide

Symantec Managed PKI. Integration Guide for ActiveSync

Installing Sage ACT! 2013 for New Users

Enabling Remote Management of SQL Server Integration Services

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

VERITAS Backup Exec TM 10.0 for Windows Servers

Technical Notes P/N Rev 01

Dell Statistica Document Management System (SDMS) Installation Instructions

Installation Guide Supplement

Windows Server Update Services 3.0 SP2 Step By Step Guide

Sophos Enterprise Console server to server migration guide. Product version: 5.2

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Copyright 2014 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

NETWRIX WINDOWS SERVER CHANGE REPORTER

Introduction VITAL SIGNS FROM SAVISION / FAQS Savision B.V. savision.com All rights reserved.

Symantec Backup Exec Management Plug-in for VMware User's Guide

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

BIGFI X. BigFix Remote Desktop for Windows. BigFix, Inc. Emeryville, CA. Last Modified: 9/13/07 Version BigFix, Inc.

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

MySQL Installer Guide

Exclaimer Alias Manager for Exchange Deployment Guide - Exclaimer Alias Manager for Exchange Outlook Add-In

Dell MessageStats for Lync and the MessageStats Report Pack for Lync & OCS 7.3. User Guide

NETWRIX ACCOUNT LOCKOUT EXAMINER

Oracle Enterprise Manager. Description. Versions Supported

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

Oracle Enterprise Manager. Description. Versions Supported

Secure Agent Quick Start for Windows

Troubleshooting File and Printer Sharing in Microsoft Windows XP

TestElite - Troubleshooting

FireSIGHT User Agent Configuration Guide

Integrated Citrix Servers

Installation Notes for Outpost Network Security (ONS) version 3.2

Citrix Systems, Inc.

Important Notes for WinConnect Server VS Software Installation:

RSA Security Analytics

CA Unified Infrastructure Management Server

Enterprise Self Service Quick start Guide

XStream Remote Control: Configuring DCOM Connectivity

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Dell Statistica Statistica Enterprise Installation Instructions

DCA Local Print Agent Push Install

Nexio Connectus with Nexio G-Scribe

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Configure and enable remote access for windows operating system

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

SolarWinds Technical Reference

Windows Clients and GoPrint Print Queues

Password Manager Windows Desktop Client

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Oracle Enterprise Manager

File and Printer Sharing with Microsoft Windows

Transcription:

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor Revised 1/22/2008 Requirements...1 Checking Application Performance Monitor Credentials Group Memberships...1 Ensuring the Correct Application Performance Monitor Credentials Syntax...2 Enabling DCOM...2 Enabling Account Privileges in WMI...3 Allowing WMI through the Windows Firewall...4 Disabling Remote User Account Control for Workgroups...4 By default, WMI is not enabled on Windows Vista and Windows Server 2008. The following document provides the required steps to ensure WMI is enabled on these operating systems.

Legal Copyright 1995-2008 SolarWinds.net, Inc., all rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds All right, title and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its licensors. SolarWinds Orion, SolarWinds Cirrus, and SolarWinds Toolset are trademarks of SolarWinds and SolarWinds.net and the SolarWinds logo are registered trademarks of SolarWinds All other trademarks contained in this document and in the Software are the property of their respective owners. SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Microsoft and Windows 2000 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Graph Layout Toolkit and Graph Editor Toolkit 1992-2001 Tom Sawyer Software, Oakland, California. All Rights Reserved. Portions Copyright ComponentOne, LLC 1991-2002. All Rights Reserved.

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor 1 Requirements The following items must be secured before attempting to monitor a target application server with Application Performance Monitor WMI monitors. Item User Account Need Depending on your implementation, supply one of the following as credentials for the APM credentials database: For domain-based authentication, a domain account with membership in the Administrators group on the monitored application server For workgroup authentication, a local user account with membership in the Administrators group on the monitored application server For more information, see Checking Application Performance Monitor Credentials Group Memberships on page 1. DCOM Default and Limits permissions edited to allow the following actions: Local launch (default permission) Remote launch (default permission) Local activation (limits permission) Remote activation (limits permission) For more information, see Enabling DCOM on page 2. WMI Namespaces Windows Firewall User Account Control Modify the SIMV2 security to enable and remote enable the account used to access the server or workstation through WMI. You must ensure the security change applies to the current namespace and subnamepaces. For more information, see Enabling Account Privileges in WMI on page 3. Ensure Windows Management Instrumentation (WMI) traffic can traverse the firewall. For more information, see Allowing WMI through the Windows Firewall on page 4. Remote UAC access token filtering must be disabled when monitoring within a workgroup environment. For more information, see Disabling Remote User Account Control for Workgroups on page 4. Checking Application Performance Monitor Credentials Group Memberships Whether you are monitoring a Microsoft Vista Workstation or a server running Windows Server 2008, complete the following procedure to ensure the account specified in the Credentials Library has the appropriate permissions. To add your monitor account to the local administrator group of a Vista or Server 2008 computer: 2. Navigate to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Groups. You need to switch to the Classic View of the Control Panel to use this navigation path.

2 Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor 3. Right-click Administrators, and then click Add to group. 4. If the account you want to use is not currently a member of this group, complete the following procedure: a. Click Add on the Administrators Properties window. b. Type the name of the account you want to use to gather WMI statistics, and then click OK. This is the account you specify in the Credentials Library of Application Performance Monitor. Note: If you are adding an account to a workgroup computer, you cannot add a domain account. You must use a local account. 5. Click OK on the Administrators Properties window, and then close the Computer Management window. Ensuring the Correct Application Performance Monitor Credentials Syntax When you specify an account for Application Performance Monitor to use for a WMI monitor, you add that account to the Application Performance Monitor Credentials Library. If the target to monitor is a member of a domain, specify the username of the credentials set as domainname\username. If the target to monitor is a member of a workgroup, specify the username of the credentials set as username. To add an account to the Credentials Library: 1. Log on to the Orion Server with an administrator account. 2. Launch the Web Console. 3. Specify an Admin account and log on to the Orion Web Console. 4. Click Application Performance Monitor in the Modules toolbar. 5. Click APM Settings. 6. Click Credentials Library. 7. Click Add New Credential. 8. Provide a friendly name for the credential set. Application Performance Monitor displays this name in the Credential for Monitoring field of monitors that accept credentials. 9. Provide the user name and password, and then confirm the password and click Submit. Note: If you are providing windows credentials for accessing and harvesting information through WMI, ensure you provide the credentials in the following syntax: domainname\username for domain credentials or username for workgroup credentials. Enabling DCOM Windows Management Instrumentation (WMI) uses DCOM to communicate with monitored target computers. Therefore, for Application Performance Monitor to use WMI, DCOM must be enabled and properly configured. To enable DCOM permissions for your Application Performance Monitor credentials: 2. Navigate to Start > Control Panel > Administrative Tools > Component Services. You need to switch to the Classic View of the Control Panel to use this navigation path. You can also launch this console by double-clicking comexp.msc in the /windows/system32 directory.

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor 3 3. Expand Component Services > Computers. 4. Right-click My Computer, and then select Properties. 5. Select the COM Security tab, and then click Edit Limits in the Access Permissions grouping. 6. Ensure the user account you want to use to collect WMI statistics has Local Access and Remote Access, and then click OK. 7. Click Edit Default, and then ensure the user account you want to use to collect WMI statistics has Local Access and Remote Access, 8. Click OK. 9. Click Edit Limits in the Launch and Activation Permissions grouping. 10. Ensure the user account you want to use to collect WMI statistics has Local Launch, Remote Launch, Local Activation, and Remote Activation, and then click OK. 11. Click Edit Default, and then ensure the user account you want to use to collect WMI statistics Local Launch, Remote Launch, Local Activation, and Remote Activation. 12. Click OK. Enabling Account Privileges in WMI The account you specify in the Credentials Library must possess security access to the namespace and subnamespaces of the monitored target computer. To enable these privileges, complete the following procedure. To enable namespace and subnamespaces privileges: 2. Navigate to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications. You need to switch to the Classic View of the Control Panel to use this navigation path. 3. Click WMI Control, and then right-click and select Properties. 4. Select the Security tab, and then expand Root and click CIMV2. 5. Click Security and then select the user account used to access this computer and ensure you grant the following permissions: Enable Account Remote Enable 6. Click Advanced, and then select the user account used to access this computer. 7. Click Edit, select This namespace and subnamespaces in the Apply to field, and then click OK. 8. Click OK on the Advanced Security Settings for CIMV2 window. 9. Click OK on the Security for Root\CIMV2 window. 10. Click Services in the left navigation pane of Computer Management. 11. Select Windows Management Instrumentation in the Services result pane, and then click Restart.

4 Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor Allowing WMI through the Windows Firewall You must allow WMI traffic through the firewall of the monitored application server. The following procedure walks you through allowing WMI through the Windows Firewall. To allow WMI traffic through the Windows Firewall: 2. Navigate to Start > Control Panel > Security Center. You need to switch to the Classic View of the Control Panel to use this navigation path. 3. Click Windows Firewall in the left navigation pane. 4. Click Allow a program through Windows Firewall in the left navigation pane. 5. Check Windows Management Instumentation (WMI), and then click OK. Disabling Remote User Account Control for Workgroups If you are monitoring a target in a workgroup, you need to disable remote User Account Control (UAC). This is not recommended, but it is necessary when monitoring a workgroup computer. Disabling remote user account control does not disable local user account control functionality. Warning: The following procedure requires the modification or creation of a registry key. Changing the registry can have adverse effects on your computer and may result in an unbootable system. Consider backing up your registry before making these changes. To disable remote UAC for a workgroup computer: 2. Click Start > Accessories > Command Prompt. 3. Enter regedit. 4. Expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. 5. Locate or create a DWORD entry named LocalAccountTokenFilterPolicy and provide a DWORD value of 1. Note: To re-enable remote UAC, change this value to 0.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information