- Solutions
-
- File Server: Ransomware Protection
- File Server: File Copy
- File Server: Audit File Access
- File Server: Storage growth reporting
- Licensing/Pricing
- Contact
Monitoring a server with something other than a domain admin account is possible. To be able to do this you will need to give the monitoring account certain permissions by adding the account to different groups on each server. Listed below are the changes needed to monitor a non-domain controller server across the network.
When monitoring a server that is a domain controller, and using something other than a domain administrator account is desired, you will need to use a Satellite on the domain controller and have it run as Local System. The reason for this is that local user accounts don't exist on a domain controller, but admin rights are often still needed. To be able to take advantage of the Satellite feature to monitor a domain controller you will need to use the Ultra product edition.
An approach to using non-domain admin accounts is to create local monitoring accounts on each server (similar to the LAPS approach). These accounts would all have unique credentials and would have the required access to monitor local resources.
When using a non-domain account, a local administrator account will not have administrator rights when connecting remotely because of UAC. A registry setting can change this effect.
Read more at: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction.
Listed below are the changes that need to be made to a monitored server to use a local user account or a non-admin domain account for monitoring. After the changes have been made, the monitoring service needs to be restarted as changes to user accounts do not take effect until the next time the user account logs in.
Local accounts, or non-domain admin accounts need to be added to the following local server groups based on the type of monitoring that will be done:
The changes to the user account will not take affect until the account is logged in again. Restart the monitoring service to force fresh logins.
The above changes will not affect Windows Firewall restrictions. A list of standard ports used by the monitoring service is shown on Monitoring Remote Servers Through Firewalls.
“You guys have probably the best customer support I've seen. A free ticket with a product update for something that wasn't even a bug?”
Ryan, Technical Support, IDMI.net, USA