Running the Monitoring Agent for Windows OS as a non-root user
You can run the Windows OS agent as a non-root user. However, some functions are unavailable.
- Registry
- File Trend
- File Change
Remote deployment of other agents is not available because administrator rights are required to install the new agents.
For Agent Management Services, the watchdog cannot stop or start any agent that it does not have privileges to stop or start.
- Full access to
HKEY_LOCAL_MACHINE\SOFTWARE\Candle
- Read access to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
The user that starts the Monitoring Agent for Windows OS – Primary service must have rights to manage the Monitoring Agent for Windows OS - Watchdog service. The user that starts the Monitoring Agent for Windows OS - Watchdog service must also have rights to manage any services that are managed by the Agent Management Services, including the Monitoring Agent for Windows OS – Primary service. To grant users the authority to manage system services in Windows, use security templates, group policy, or edit the Subinacl.exe file. For more information, see the following Microsoft documentation: http://support.microsoft.com/kb/325349.
- Click
mmc
in the Open box, and then click OK.
, enter - On the File menu, click Add/Remove Snap-in.
- Click Add again. , and then click
- Click Close and then click OK.
- In the console tree, right-click Security Configuration and Analysis, and then click Open Database.
- Specify a name and location for the database, and then click Open.
- In the Import Template dialog box that is displayed, click the security template that you want to import, and then click Open.
- In the console tree, right-click Security Configuration and Analysis, and then click Analyze Computer Now.
- In the Perform Analysis dialog box that is displayed, accept the default path for the log file that is displayed in the Error log file path box. Otherwise, specify the location that you want. Click OK.
- After the analysis is complete, configure the service permissions as follows:
- In the console tree, click System Services.
- In the right pane, double-click the Monitoring Agent for Windows OS - Primary service.
- Select the Define this policy in the database check box, and then click Edit Security.
- To configure permissions for a new user or group, click Add.
- In the Select Users, Computers, or Groups dialog box, type the name of the user or group that you want to set permissions for, and then click OK. In the Permissions for User or Group list, select the Allow check box (next to Start). Stop and pause permission is selected by default, so that the user or group can start, stop, or pause the service.
- Click OK twice.
- Repeat step 10 to configure the service permissions for the Monitoring Agent for Windows OS - Watchdog service.
- To apply the new security settings to the local computer, right-click Security Configuration and Analysis, and then click Configure Computer Now.
cmd
, and then click OK. At the command
prompt, type secedit /?
, and then press ENTER. When you use
this method to apply settings, all the settings in the template are reapplied. This method might
override other previously configured file, registry, or service permissions.- Click
services.msc
, and then click OK.
, enter - Select Monitoring Agent for Windows OS - Primary.
- Right-click Properties.
- Verify the startup type as being Automatic.
- Select the Log On tab, and then select Log on as "This account" and supply the ID and password. Click OK.
- Select Monitoring Agent for Windows OS - Watchdog.
- Right-click Properties.
- Verify the startup type as being Manual.
- Select the Log On tab, and then select Log on as "This account" and supply the ID and password. Click OK.