Monitoring Services With WMI

Learn how to Monitor Services using WMI

Windows Management Instrumentation Configuration

To use Opsview Monitor's 'Agentless' Windows checks, a user account that has access to Windows Management Instrumentation data counters is required. There are two methods to accomplish this.

  1. Create a standard Administrator account.
  2. Configure a restricted user that is only allowed access to standard user functions and WMI performance counters.

Creating an Administrator account solely for the purpose of monitoring may lead to security concerns, hence the outlined instructions on how to create an appropriate privileged user below.

Configuration

Our guide will implement three core tasks.

  • The account will need access to 'DCOM'. This is the facility used to execute WMI queries.
  • The account will need access to the WMI tree. At a minimum, the 'root/CIMv2' branch permission must be granted.
  • To allow for performance monitoring, the user needs to be a member of the Performance Monitor Users group.

Our supported configuration is to create a user that is added to the following Windows Groups:

  • Distributed COM Users - this group has default remote access rights to DCOM
  • Performance Monitor Users - This group has default read only rights to WMI performance counters

Creating a read-only Monitoring Account

  1. Create a normal user with 'standard' privileges
  2. Add this user to the following groups:
    2a. Distributed COM Users
    2b. Performance Monitor Users
  3. Open the Windows Management Instrumentation control panel: Start > Run > wmimgmt.msc
  4. Right click on WMI Control (local) and select Properties
  5. Navigate to the Security tab
  6. Select the Root namespace and click Security
  7. Add the group Performance Monitor Users to this account
  8. Select the following permissions for Performance Monitor Users
    8a. Execute Methods: Allow
    8b. Enable Account: Allow
    8c. Remote Enable: Allow
    8d. Read Security: Allow
  9. Once this is completed, select 'Performance Monitor Users' in the list
  10. Click Advanced within the 'Security for Root' dialog box
  11. Under Permissions, click on name 'Performance Monitor Users'
  12. Select Edit
  13. Ensure This namespace and subnamespaces is selected under the apply to object.
  14. Click 'OK'

Windows Firewall

If the Windows Firewall is running on your monitored host, there are some configuration changes that need to be implemented to allow WMI requests to be authorized.

  1. Ensure that the Windows Firewall is started and operating correctly
  2. Navigate to Control Panel and start the Windows Firewall control panel
  3. On the left hand side, select Allow a program or feature through Windows Firewall
  4. Scroll down to the entry, Windows Management Instrumentation (WMI)
  5. Enable Home/Work (Private) and / or Public access as required
  6. Click OK

Configure DCOM Permissions

  1. Open the Component Services Control Panel: Start > Run > dcomcnfg.exe
  2. Expand Component Services, Computers, My Computer
  3. Right click on My Computer and select Properties
  4. Select the tab COM Security
  5. Under Launch and Access Permissions, select Edit Limits
  6. Ensure that the group Distributed COM Users has the following permissions applied:
    6a. Local Launch
    6b. Remote Launch
    6c. Local Activation
    6d. Remote Activation
  7. Once everything is confirmed, select OK then OK again to close the remaining control panel dialog.

You should now be ready to utilize this account for monitoring within your Opsview Monitor system.

Opsview Monitor Configuration

In Opsview Monitor, users have the ability to quickly add and begin monitoring Windows servers via WMI, Microsoft's agentless monitoring tool. To do this:

  1. Log in to the Opsview Monitor User Interface, open the Menu and navigate to Settings > Host Settings, and then clicking Add New.
    Note that you can get to the Menu by either clicking on the Menu Icon in the top right or by pressing Ctrl + Alt + m.
  2. Next, enter the details of the host, such as hostname/IP, description, Host Group, etc. (If you have more than one Monitoring Cluster, the option to choose which one is monitoring the host will be present as well).
896
  1. Once done, select which Opsview Host Templates you wish to use when monitoring Windows servers via WMI. Out of the box, there are five to choose from:
  • 'OS - Windows Server 2008 WMI - Base': These monitor basics such as CPU, memory, disk, etc. There is a Variable named WMIPROCESS that must be added if you wish to monitor per process CPU/memory usage. Multiple attributes can be added to spawn multiple checks, e.g. 4 WMIPROCESS Variables will add 8 service checks, 2 for each.
  • 'OS - Windows Server 2008 WMI - DNS': DNS service checks for A and CNAME records.
  • 'OS - Windows Server 2008 WMI - Exchange': Microsoft Exchange service checks, for transport queues, DB instances, etc.
  • 'OS - Windows Server 2008 WMI - IIS Server': IIS Server service checks, such as transfer stats, user stats, web server connections, etc.
  • 'OS - Windows Server 2008 WMI - Terminal Services': Terminal services checks, such as number of sessions active.
  1. Choose from these Host Templates at the bottom of the current page. Simply find the correct templates, and click the 'Right arrow' to add them to your host, as shown in the above screenshot.
  2. Once done, you may select additional steps during the Host addition stage, such as SNMP or Notifications (when you are notified, what you are notified for, etc on this Host). The stage that is of most importance in this guide is the VARIABLES tab.
  3. After clicking the Variables tab add a new variable via the "+ Add New" button in the top left section. Then, start typing WINCREDENTIALS or select it from the dropdown menu, give a name/description for the Value field (this won't affect the functionality of the Variable) and click Save, and then you will see a series of checkboxes for the 4 arguments associated with the Variable as shown below:
880
  1. Check the boxes next to the overrides for username and password, and then enter their respective values to allow Opsview Monitor to connect to your host:
  • 'Override Username:' ' enter your username, e.g. Administrator
  • 'Override Password:' ' enter your password. You can click the Eye icon to make it visible as you type
  1. Finally, click 'Submit' and your new Host is added. To reload your Opsview Monitor configuration after adding your Host, go to the Menu and then navigate to Settings > Reload and click Apply Changes to reload the Opsview Monitor configuration and begin monitoring the host.
  2. After the reload, open the Menu and navigate to Monitoring > Host Groups, Hosts and Services, expand the Host Group for the Host you just created and check the checkbox. You can see all the monitored items in the screenshot below.
1262

You can now begin adding more and more Windows hosts via WMI, adding dashboards to illustrate this data collected, schedule reports to see how the systems have fared against SLAs, etc.