The aim of this document is to describe the pre-requisites to be implemented on a Microsoft Windows device in order to allow monitoring by ServiceNav using SNMP and WMI protocols.
This procedure applies to Windows Server versions from 2003 onwards.
This article describes, step-by-step, how to configure the Simple Network Management Protocol (SNMP) service. It describes how to configure SNMP agent properties and SNMP security.
Installing SNMP functionality
On version 2003, get the Windows installation CD to install SNMP.
If you are using a computer that is not connected to the Internet, select the checkboxes next to the services your computer provides. The service options are as follows:
The configuration of the SNMP Service is done from the services console.
Open from home (on Windows 2012 server) Administration tools.
Right-click SNMP Service in the list of services, then select Properties :
Under ServiceIf you are using a computer that is not connected to the Internet, select the checkboxes next to the services your computer provides. The service options are as follows:
- Physicalindicates whether the computer manages physical devices, such as hard disk partitions.
- Applicationsindicates whether the computer is using programs that send data via the TCP/IP protocol.
- Data link and subnetworkindicates whether this computer manages a subnetwork or a TCP/IP data link, for example a bridge.
- InternetIP Gateway: Indicates whether this computer is acting as an IP gateway (router).
- End to endindicates whether this computer is acting as an IP host.
Click on the tab, Security.
In the Accepted community namesclick on Add... then enter the community name and permission . The READ ONLY right is enough. The SNMP community name is case sensitive. It is recommended to use the same community name for all servers.
Click on Add.
Specify the IP address of the monitoring box authorized to perform SNMP requests on the server.
Click Accept SNMP packets from these hostsclick on Addand then type the host name, IP address, or IPX address in the field: Host name, IP or IPX address.
- Click on Add.
- Click on OK.
Click on OK to apply the configuration.
Restart the SNMP service re-read the configuration, by right-clicking on SNMP Service in the list and then select Restart.
Creating the user in Active Directory
Create a domain user dedicated to monitoring in your Active Directory domain.
Create the user and put it in a security group dedicated to monitoring, for example, Windows Monitoring.
Add user to local group Performance Analyzer Users / Performance Monitor Users.
This operation can be performed via GPO on the whole domain or on the target machines, by editing the following object :
Right click on Add a group. Select the group Windows Monitoring.
Once added, a window opens. In the bottom section ("This group is a member of"), click on Add... . Select the group Performance Analyzer Users. Doing this has no impact on users or groups that are already members of the group. Performance Analyzer Users on each server where GPO will be applied. You must view this result in your GPMC editor:
Perform a ServiceNav Discovery: this will allow you to check whether the WMI user used to carry out the discovery has remote access rights to WMI. Discovery queries the WMI class Win32_OperatingSystem with the user provided.
Monitoring Windows services via WMI
Only a domain administrator user or a user from the Administrators group on the Windows host can query the status of Windows services via WMI. The following procedure explains how to configure a domain user to be part of the Windows servers local group, Administrators without allowing terminal connection to the host.
This section describes how to, in Active Directory :
- add the user to each hosts local Administrators group
- Prevent the user from logging on to the host in console mode and Remote Desktop mode.
This can be done by modifying the GPO previously created on the domain controller.
Right click on the group Windows Monitoringand then on Properties.
In the bottom section ("This group is a member of"), click on Add... . Select the group Administrators.
You should see this:
GPO item to be created to prevent the user from logging on to the host in console mode and Remote Desktop mode :