Active Directory User Permissions

You need to create a user and add user to the following groups:

Event Log Readers
Remote Management Users
Performance Log Users
Performance Monitor Users

For IIS monitoring User must have Administrative Privileges.

After you add the VirtualMetric user to the groups. You need to add this user to the following WMI Namespaces:

WMI Security Permissions

CIMV2
Hardware
LsiMr13 (Dell Hardware Only)
StandardCimv2

You can use the following script to add the user on computers you wish to add to VirtualMetric:

Script Name

VirtualMetric Permission Script

Download

You need to update the DOMAIN\USER with the user you configured before. These permission will give access to get hardware data from the server :

    Set-WmiNamespaceSecurity root/cimv2 add DOMAIN\USER Enable,RemoteAccess
    Set-WmiNamespaceSecurity root/hardware add DOMAIN\USER Enable,RemoteAccess
    Set-WmiNamespaceSecurity root/standardcimv2 add DOMAIN\USER Enable,RemoteAccess

These permissions will allow to read Windows Service Status. You need to change USER to the username you created before:

$sid = invoke-command -scriptblock {cmd.exe /c 'wmic useraccount where name="USER" get sid'} | where {$_ -ne "" -and $_ -notlike "SID*"}

To Read Security logs you need to give Read access to following key:

    HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Security

Inside the script update the User from the following line:

$idRef = [System.Security.Principal.NTAccount]("DOMAIN\USER")

MSSQL Service Configuration

If you want to use non-administrator user for VirtualMetric, you need to add the following changes for the user account in addition to Bare Metal permissions. You need to open CMD window to configure Security Descriptions for MSSQLSERVER Service. Type following command on CMD:

sc sdshow mssqlserver

You will see default security descriptor of the MSSQLSERVER Service. Add the following security descriptor to MSSQLSERVER security descriptions:

(A;;CCLCRPRCLO;;;AU)

Update the Security Description via following command:

sc sdset MSSQLSERVER D:(A;;CCLCRPRCLO;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

SSMS User Configurations

Using SSMS add user to Server Logins:

Choose user and click OK button:

From Securables tab select Search and choose The Server selection.

And enable the following permissions:

Login Securable Options

Connect Any Database
View any database
View any definition
View server state
PreviousMicrosoft Storage SpacesNextAudit Configuration

Last updated