Windows probe required privilege levels
The amount of functionality a probe has is defined by the type and level of login credentials the probe has during installation. The credentials you provide during the probe installation are stored in the Windows Credentials (OS level), and by the probe locally in an encrypted config file.
Probe remote tasks and required privileges / user groups
The Windows Probe service runs using the domain or local account, or using the Local System account. If you do not provide the domain or local credentials, the probe runs using the Local System account.
The table below summarizes what groups the probe account needs to perform remote tasks.
For example, when a domain user that belongs to the Distributed COM users, the Performance Monitoring user groups can discover Windows devicees and monitor them using WMI.
To install the agent, the domain user requires local administrator privileges.
|Remote Task||Remote Objects||User Group Required|
|Discovery of Windows device (WMI)||
|Push install of Windows agent||
|Monitoring Windows devices using WMI||
|Running scheduled tasks on Windows device||
|Local caching (Agent installer, patch)||N/A||
Probe credentials validation during installation
|Error Message Text||Install Step|
|The supplied network credentials are invalid. Verify the information and try again.||Log on with domain/username password to the local computer.|
|For the software to function properly, the specified account must have local administrator rights.||Check if credentials for local administrator account.|
|Failed to read the SeServiceLogonRight privilege from the domain name.||Check if the credentials allow log on as service.|
|The probe will not be able to successfully discover Windows devices.||WMI call to the domain controller with the provided credentials.|
|The specified account does not have the "Logon as Service" privilege. The installer will automatically grant it.||Grants log on as service privilege.|
During Probe setup WMI call to domain controller fails, however Probe can perform WMI monitoring with domain user account.