Javascript must be enabled to download our products and perform other essential functions on the website.

ionicons-v5-m
ionicons-v5-j
Buy Now Download Free Trial
ionicons-v5-m
ionicons-v5-f

Monitoring Permissions

Depending on what you want to monitor, different rights and permissions are needed. Generally you can split all of the monitors into two categories: Windows-specific (Event Log monitor, Service monitor, etc) and non-Windows or Protocol monitors (Ping, Web Page monitor, SNMP monitor, etc).

Related Issues

Remote Account Hints: If you are trying to figure out how to give an account access to a remote server, you'll want to read the Remote Monitoring Account Hints FAQ.

Remote Ports: For details about which ports are used in monitoring, see Ports: What server ports are used? (Firewall Considerations).

ionicons-v5-h

When using a non-domain account, a local administrator account will not have administrator rights when connecting remotely because of UAC. A registry setting can change this effect.

Read more at: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction.

Windows-specific Monitor Permissions

Active Directory Change Monitor

The Active Directory Change Monitor goes through the Active Directory tree and reads objects and their attributes to store for later comparison. It just needs read-only access to the directory tree, so any member account in Active Directory should suffice.

Note that the Active Directory Login Monitor is mentioned below in Event Log-based Monitors.

Disk-based Monitors

Disk-based monitors connect to remote shares just like you do with Explorer. That means typical file/directory level permissions are what controls access. This applies to the following monitors:

  • Directory Quote Monitor
  • Disk Space Monitor
  • File Age Monitor
  • File/Directory Size Monitor
  • File & Directory Monitor
  • File System Analyzer
  • Log File Monitor
  • User Quota Monitor

Event Log-based Monitors

The Application and System event logs can be viewed by the Everyone group by default. To view the Security event log, the account has to have the "Manage auditing and security log" user right. Note that individual event log default security settings can be changed via registry settings (see Microsoft KB323076). In order for the complete event description to be created, the account has to be able to read the remote registry, and map to an admin share to pull resource strings out of DLLs. This implies the Remote Registry service needs to be running on the remote machine.

This applies to the following monitors:

  • Event Log Monitor
  • Active Directory Login Monitor (reads the Security event log)

Performance Monitor

The Windows performance counters are read by the Performance Monitor. The account that is going to read performance counters has to generally have read access to the remote registry. A Microsoft support document explains specifically what rights are needed to which registry keys. Also note that the Remote Registry service needs to be running.

Note: Occasionally when counters can't be seen (especially when just some counters are missing), this ends up being caused by corrupted registry settings on the target computer. This is not uncommon. Microsoft has an article on how to repair performance counters. Oddly, this has even been the root cause when counters look good when viewed locally, but are partially missing when viewed remotely.

Service Monitor

According to this Microsoft document, an administrator account or a locally logged in account is needed to view service status as of Windows 2003 SP1 (or newer presumably). Previous to that anyone that authenticated to the server could check the service status.

Execute Script Monitor

This monitor doesn't require any special permissions, although the resources you might try to access from within the script might. The monitor will run with the login credentials specified for the server that it is attached to.

File Sight Monitor

PA File Sight typically runs as Local System, although if running as a user account, it needs to run as an administrator account so it can start and stop its driver.

Process Monitor

This monitor relies on a number of technologies. It will attempt to use WMI if monitoring processes on a remote Windows machine. If that fails, or if the remote machine is not Windows, then SNMP will be used, with the specified SNMP credentials for the target server.

Protocol Monitor Permissions

In general, protocol monitors (Web Page monitor, Ping monitor, SNMP monitor) use the access-control that is built into the protocol.

Ping Monitor

No special permissions needed

HTTP-based monitors

No special permissions needed (other than possible authentication required by the target page for the Web Page monitor). This applies to the following monitors:

  • Web Page Monitor
  • Environment Monitor

Port-based monitors

No special permissions needed (other than possible authentication required by the target resource. This applies to the following monitors:

  • Mail Server Monitor
  • SNMP Monitor
  • TCP Port Monitor

We appreciate all your hard work and dedication to getting the problem resolved. Wish more companies had the support that you guys offer.

Todd W., Beasley Allen, USA ionicons-v5-b