Is there a way to use a single account to monitor all of your servers without making it a domain admin? We have many apps created on many different servers and we are looking for a way to make it more secure.
wouldn't making it a local account on all servers work? (not to over simplify it but I believe that method works)
Yea but I have 1000+ servers. That is a lot of keyboard time.
Hi Donald--
I've marked this for the PM to look at and chime in on if applicable.
M
Couldn't you do this with a VB script? and make it part of the startup or login script of all the machines? using the "net" command in a batch or "Dim" in a VBScript
Hi Donald,
not sure if I understood you correctly but if by domain admin you mean an account which has rights to the domain and on domain controllers...
We have created an account with "Server Administrator Level 1" rights, which basically allows everything except changes on the domain (on read-only domain controllers it has full local rights but it cannot login to read-write domain controllers).
works fine for monitoring everything but read-write domain controllers
A script would not work for me either. Have "pools" of servers under different admin control. I could do that but it would be a pain in the butt.
I am really after here is to find out the lowest level of security needed to perform APM monitoring. IE, can I make a normal user account call SolarWinds on the domain and just use that.
We used a normal user account in the very beginning but we were told by support that everything but full administrative rights is not supported.
It should work fine for most things though.
Maybe you can try it by creating the user in the credentials library and just test some of your most critical and complicated APM-templates on a test-node to see if it succeeds.
Hello Donald,if you need to set some account as a member of local user group on domain computers, you can do this by Group Policy. Go to Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups. There you can for example add group "Administrators" and add your monitoring account to it. Then on all domain computers that use this policy this account will be local administrator.
