MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 1



Similar documents
Nagios XI Monitoring Windows Using WMI

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

Configure and enable remote access for windows operating system

BMC Performance Manager Windows Security White Paper DCOM / WMI

Windows Firewall Exceptions Configuring Windows Firewall Exceptions for Docusnap

SCCM Client Checklist for Windows 7

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

FTP Server Configuration

Role Based Access Control for Industrial Automation and Control Systems

Freshservice Discovery Probe User Guide

HP Device Manager 4.6

1. Installation Overview

TestElite - Troubleshooting

Installing and Configuring Active Directory Agent

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Installation Overview

Agency Pre Migration Tasks

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

DCA Local Print Agent Push Install

Windows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies

ILTA HANDS ON Securing Windows 7

Designing and Implementing a Server Infrastructure

WhatsUp Event Analyst v10.x Quick Setup Guide

Microsoft. Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician.

70-685: Enterprise Desktop Support Technician

Administrator s Guide

Windows Firewall with Advanced Security. Design Guide and Deployment Guide. Abstract

Windows 7, Enterprise Desktop Support Technician

Advanced Event Viewer Manual

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

TechNote. Contents. Overview. System or Network Requirements. Deployment Considerations

HP Device Manager 4.6

MICROSOFT EXAM QUESTIONS & ANSWERS

WhatsUp Event Archiver v10 and v10.1 Quick Setup Guide

DriveLock Quick Start Guide

Windows XP Service Pack 2 Windows Firewall Group Policy Setup for Executive Software Products

Elevation requirements... 18

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

Administering Active Directory. Administering Active Directory. Reading. Review: Organizational Units. Review: Domains. Review: Domain Trees

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led

HP Universal Print Driver Series for Windows Active Directory Administrator Template White Paper

TrueEdit Remote Connection Brief

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

Installation Notes for Outpost Network Security (ONS) version 3.2

Designing and Implementing a Server Infrastructure

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Managing Windows Environments with Group Policy

Designing and Implementing a Server Infrastructure

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Universal Management Service 2015

Active Directory Manager Pro Quick start Guide

Admin Report Kit for Active Directory

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

How to monitor AD security with MOM

XMap 7 Administration Guide. Last updated on 12/13/2009

Hyper-V Remote Management Configuration Script Contents

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

MS MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp

Administrator s Guide

The safer, easier way to help you pass any IT exams. Exam : Installing and Configuring Windows Server 2012 R2.

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Overview - Using ADAMS With a Firewall

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing

How To - Implement Single Sign On Authentication with Active Directory

Overview - Using ADAMS With a Firewall

EXAM Installing and Configuring Windows Server Buy Full Product.

TECHNICAL SUPPORT GUIDE

Troubleshooting Guide

ICT Professional Optional Programmes

Troubleshooting. services

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

20413C: Designing and Implementing a Server Infrastructure

WhatsUp Event Alarm v10x Quick Setup Guide

Installing Kaspersky Security Center 10.0 on Microsoft Windows Server 2012 Core Mode

COURSE 20413C: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

Installing T-HUB on multiple computers

Network Detective. Network Assessment Module Using the New Network Detective User Interface Quick Start Guide

Training Guide: Configuring Windows8 8

Get Success in Passing Your Certification Exam at first attempt!

How To - Implement Clientless Single Sign On Authentication with Active Directory

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

Toolbox 3.3 Client-Server Configuration. Quick configuration guide. User manual. For the latest news. and the most up-todate.

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Deployment of Keepit for Windows

Designing and Implementing a Server Infrastructure 20413C; 5 days, Instructor-led

Configuring Firewall Settings For Configuration Manager 2012 R2

Course 20413: Designing and Implementing a Server Infrastructure

ContentWatch Auto Deployment Tool

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

Transcription:

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 1 NetCrunch 7 can monitor Microsoft Windows systems without installing additional agents. However, due to tightened security rules, remote monitoring is possible only after initial configuration which depends on your Windows environment. MONITORING SERVER NetCrunch Server can be installed on Windows Server 2003 R2, Windows Server 2008/2008 R2, or Windows Server 2012. If you manage most of servers by Active Directory, it is better to install NetCrunch on a machine within Active Directory domain. It just makes configuration easier. MONITORED SYSTEMS SERVERS Most servers systems come with the firewall being enabled, which blocks remote administration. This is the first thing you need to fix. It s easy to configure especially if managed by Active Directory Group Policies. Otherwise, you need to configure servers one by one you can do it using simple script (download it from: http://www.adremsoft.com/download/setwinfornc.zip). WORKSTATIONS If you manage your workstations by Active Directory, preparing them for monitoring will be the same as for the servers (by Active Directory Group Policies). Monitoring of workstations in Workgroups is a little harder to configure, because starting from Windows Vista, all later systems use UAC (User Account Control). It does not allow remote connections to inherit administration rights from local Administrators group. In this case you can choose to use built-in local Administrator account, or create new account and manually assign necessary rights directly to this account. CONFIGURATION STEPS OVERVIEW 1. Setting Access Rights NetCrunch needs user account for monitoring which has proper access rights to DCOM, WMI (root\cimv2) and (Read Access) to registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib. The easiest way you can do it is by adding this user to the local Administrators group. 2. Setting Firewall Rules Firewall rule must allow traffic of RPC, Performance Monitoring, Named Pipes and WMI. 3. Enabling PerfMon monitoring Remote Registry service must be running and its startup type should be set to Automatic.

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 2 4. Disable UAC remote restrictions User Account Control remote restrictions needs to be disabled on non-domain servers. This requires changing value of registry key: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAc counttokenfilterpolicy CONFIGURING ACTIVE DIRECTORY DOMAIN The procedure below requires a working knowledge of Active Directory Users and Computers and Group Policy Management Administrative Tools If you manage most of servers by Active Directory the best solution is installing NetCrunch on a server in the Active Directory domain, and creating dedicated user for monitoring. In this case, you should abort your installation now and configure your Active Directory first. You can resume your NetCrunch installation after your configuration is propagated to all servers it takes approximately 2 hours. In this way NetCrunch will be able to discover all servers in AD and automatically setup monitoring for them. Other servers in untrusted domains or workgroups can be configured separately (see Configuration of Separate Windows Server chapter). SETTING ACCESS RIGHTS STEP 1 CREATE USER FOR MONITORING Create Active Directory user account (for example nc-mon-user) that will be used by NetCrunch Server for monitoring. You will be asked later for this user credentials during the NetCrunch installation. STEP 2 SET UP RIGHTS FOR THE USER The user account needs administrative rights to all monitored Windows computers (including the server where NetCrunch Server is installed). There are two different ways to accomplish this, depending on your Active Directory architecture and your needs: IF IN SINGLE DOMAIN WHERE YOU WANT TO MONITOR ALL MACHINES Add created user account to predefined Domain Admins Active Directory group. IF MULTIPLE TRUSTED DOMAINS OR ONLY SUBSET OF COMPUTERS NEEDS MONITORING You need to use Group Policy to modify local Administrators groups (on each monitored Windows machine).

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 3 a) Create Active Directory group named Monitoring Users and add previously created user account (nc-mon-user) to this group. In multi-domain forest, default Active Directory group scope (which is Global) should be sufficient for this group, because global groups can be used to assign permissions to resources in any domain in a forest. b) Create a new Group Policy Object (GPO) and name it for example Local Administrators group membership for NetCrunch. c) Create rule for Monitoring Users group membership. Computer Configuration Policies Windows Settings Security Settings Restricted Groups and add Monitoring Users to local Administrators group using section This group is a member of d) Link Local Administrators group membership for NetCrunch GPO to appropriate Organization Unit(s) (OU) in your Active Directory domain(s). SETTING FIREWALL RULES 1. Create a new Group Policy Object and name it for example Windows Firewall rules for monitoring by NetCrunch. 2. Use two different branches in GPO to configure both built-in firewall types in Windows machines which you want to monitor: a. For XP and Server 2003 R2, Computer Configuration Administrative Templates Network Network Connections Windows Firewall Domain Profile and set these settings to Enabled : Windows Firewall: Allow inbound file and printer sharing exception Windows Firewall: Allow inbound remote administration exception b. For Vista/7/8 and Server 2008/2008 R2/2012, Computer Configuration Policies Windows Settings Security Settings Windows Firewall with Advanced Security and add these rules to Inbound Rules, choosing them from predefined list: File and Printer Sharing

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 4 Remote Administration By default, Windows built-in firewall doesn t block outgoing traffic if you have changed this behavior, add rules with the same names from predefined list to Outbound Rules. 3. Link Windows Firewall rules for monitoring by NetCrunch GPO to appropriate Organization Unit(s) (OU) in your Active Directory domain(s). For a security reasons, it is recommended to customize remote administration rules to narrow the list of allowed IP addresses to the address of your NetCrunch Server only. ENABLING PERFMON MONITORING 1. Create a new Group Policy Object and name it for example Windows services for monitoring by NetCrunch. 2. Setup Remote Registry service. Computer Configuration Policies Windows Settings Security Settings System Services and set Remote Registry Windows service startup mode to Automatic. 3. Link Windows services for monitoring by NetCrunch GPO to appropriate Organization Unit(s) (OU) in your Active Directory domain(s). Right after the policy refresh, the service should immediately start on every computer.

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 5 CONFIGURING OF SEPARATE WINDOWS SERVERS All commends below must be executed from the administrator s command line. COMPLETE SCRIPT CAN BE DOWNLOADED FROM: http://www.adremsoft.com/download/setwinfornc.zip SETTING ACCESS RIGHTS Create nc-mon-user account using shell commands and add it to local Administrators group. net user /add nc-mon-user <Password> net localgroup Administrators /add nc-mon-user SETTING FIREWALL RULES For Windows Server 2003 and Server 2003 R2: netsh firewall set service type=fileandprint scope=all profile=all netsh firewall set service type=remoteadmin scope=all profile=all For Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 you can create rule for IP address of NetCrunch server only. netsh advfirewall firewall add rule name="nc-mon" dir=in action=allow remoteip="%ip%" netsh advfirewall firewall add rule name="nc-mon" dir=out action=allow remoteip="%ip%" ENABLING PERFMON MONITORING Setup Remote Registry service startup and start the service. WMIC SERVICE where name= RemoteRegistry call ChangeStartMode StartMode=Automatic WMIC SERVICE where name= RemoteRegistry call StartService DISABLING UAC REMOTE RESTRICTIONS Modify UAC behavior for Windows Server 2008/2008 R2, and Windows Server 2012 (http://support.microsoft.com/kb/951016)

MONITORING WINDOWS WITH NETCRUNCH 7 P A G E 6 WMIC /Namespace: \\Root\Default Class StdRegProv Call SetDWORDValue hdefkey="&h80000002" ssubkeyname="software\microsoft\windows\currentversion\policies\system" svaluename="localaccounttokenfilterpolicy" uvalue=1 WINDOWS TECHNOLOGIES USED BY NETCRUNCH Windows technologies have been built layer by layer. One at top of another for example RPC is working on top of the Named Pipes, Remote Registry needs RPC, and WMI is using DCOM which is using also RPC for communication. Everything needs proper firewall and security settings. So here is short list of technologies used by NetCrunch that need proper configuration. 1. RPC & Named Pipes (Needs enabling File Sharing, firewall settings) 2. Remote Registry (Needs firewall settings, and Remote Registry service running) 3. WMI & DCOM (Needs Firewall settings, DCOM & WMI security settings) It is simple in case when the user designated for monitoring is a member of local Administrators group as described in this document. This is the simplest way to configure servers for monitoring but not most secure. In case when security is a big concern it is possible to setup exact rights for monitoring account.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information