Configuring for a non-admin IIS discovery

You can configure the Microsoft IIS Web server sensor to run non-admin discovery of IIS servers. Such discovery does not require a user with administrator rights. In this mode, the User Account Control (UAC) option can be enabled.

Note: Non-admin discovery is supported only with IISServerSensor, which supports IIS 7.0, and later.
With non-admin discovery, the User Account Control (UAC) option can be enabled. Depending on whether you use WMI or PowerShell session, you can create the following types of users:
  • For WMI session, users that are not administrators but belong to the administrators group are supported.
  • For PowerShell session, users that are not administrators and do not belong to the administrators group are supported.
Procedure
To configure Agile Service Manager to run non-admin discovery of IIS servers, complete the following steps:
  1. Copy the following files to the target system:
    • From the $COLLATION_HOME/dist/support/bin directory:
      • copyFiles.ps1
      • dcomConfiguration.ps1
      • iisConfiguration.ps1
      • nonadmin.properties
      • psSessionConfiguration.ps1
      • scriptsRunner.bat
      • scriptsRunner.ps1
      • wmiConfiguration.ps1
      • wrmConfiguration.ps1
    • From the $COLLATION_HOME/dist/lib/ms/gateway directory:
      • TaddmWmi.pdb
      • TaddmWmi.exe
      • TaddmWmi.mof
      • TaddmWmi.dll
  2. Configure the nonadmin.properties file by updating the nonadmin.user, and nonadmin.files.path properties:
    nonadmin.user=user
nonadmin.wmi.namespace=root
nonadmin.files.path=path
nonadmin.permissions=Enable,MethodExecute,RemoteAccess
nonadmin.components.iis7=yes
    The user value is the user that you want to use for non-admin discovery. If you specify the local user, you need to add only the user name. Otherwise, provide also the domain name, for example, domain\user. The path value is the path to the directory where you copied files in step 1. Do not modify the values of the remaining properties.
  3. Run the scriptsRunner.bat file as administrator with one of the following options:
    • scriptsRunner.bat set -wmi - sets permissions for WMI session.
    • scriptsRunner.bat set -ps - sets permissions for PowerShell session.
    • scriptsRunner.bat set -wmi -ps - sets permissions for both WMI and PowerShell sessions.
If you decide not to run non-admin discoveries any longer, you can revert to the original configuration. Run the scriptsRunner.bat with one of the following options:
  • scriptsRunner.bat revert -wmi
  • scriptsRunner.bat revert -ps
  • scriptsRunner.bat revert -wmi -ps