Configure & Install WMIC for Observium-CFANZ编程社区

WMI Poller

Configuring Windows Firewall and User Access for WMI

This guide assumes you know what Group Policy is.

Allowing WMI Connections in Windows Firewall

Enabling Firewall Settings via GPO

1. Open Group Policy Management

2. Create and/or edit the Group Policy Object you wish put these settings into

3. Expand Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules

4. Create a New Rule under Inbound Rules

5. Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, click Next

6. Select the "WMI-In" option and click Next

7. Allow the connection > Finish

Enabling Firewall Settings for Individual Server

1. Open up Windows Firewall with Advanced Security, either through Control Panel or Server Manager, Run -> wf.mfc

2. Create a New Rule under Inbound Rules

3. Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, click Next

4. Select the "WMI-In" option and click Next

5. Allow the connection > Finish

Configuring WMI Security to Allow a User to Poll WMI

There are a few ways to go about this:

1. Create a domain user and put them in the Administrator group for all of the servers you wish to poll with WMI

2. Use a Domain Admin account

3. Create a dedicated domain user with Read permissions for WMI

Choice #1 or #2 is preferred for testing WMI since it's the fastest. By default, WMI security allows control by any Administrator of the system. If you're a Domain Admin you can test to make sure WMIC is working properly immediately after you install (instructions below). Choice #3, on the other hand, is the more secure but more complex option. It's recommended you take this route to reduce security risks.

Dedicated Domain User for WMI Polls

Unfortunately, there are not any official GPOs available for WMI Security. You will have to perform a bit of a manual process once to generate the data you need to input a string into a script that you will deploy via GPO. Note: Changes to WMI security is rarely done but you need to understand that this process will overwrite WMI Security settings for all servers the GPO applies to. If there have not been any changes to WMI Security for any of your servers, then you need not worry. Suffice it to say, Observium is not responsible for any damages done.

The original guide for this can be found here.

Set WMI Security

1. Create a new domain user for the purpose of WMI remote reads and add them to the Distributed COM Users group for all servers

2. On any server you wish to monitor with WMI, open Computer Management (Run -> compmgmt.msc)

3. Navigate to Services and Applications -> WMI Control

4. Right click on WMI Control and go to Properties

5. Navigate to the Security Tab

6. Select one of the following Namespaces to add a user:

a. \Root - This will grant the user read access to all WMI Namespaces. Good for future proofing as WMI Providers can be placed anywhere within the system.

b. \Root\CIMV2 - The bare minimum currently required by current WMI pollers in Observium.

7. Click the Security button

8. Click the Advanced buton

9. Click Add

10. Enter the desired user and click OK

11. Under the "Apply To" drop down select "This namespace and subnamespaces"

12. Check Allow for:

a. Enable Account

b.Remote Enable

13. Ensure that "Apply these permissions to objects and/or containers within this container only" is UNCHECKED

14. Click Apply/OK until you're out of OK buttons to click

Installing WMIC