If Solarwinds NPM (or any other product for that matter) is going to MONITOR our infrastructure, I'd like to assure that it is ONLY able to monitor resources and not make changes. I can't do that if Solarwinds "requires admin access" in the background for something as basic and fundamental as polling via WMI. I found a few pieces of information that allowed me to tweak WMI permissions specific to a domain user account and I can now successfully poll my windows servers without being an admin. That being said, we added SAM this week and it turns out that I had to add in another tweak to our WMI permissions in order to see extra SAM information - all without official documentation from Solarwinds.
"requires admin access" is far too broad a requirement in today's world of information/cyber security and internal and external auditors. Solarwinds should be able to tell everyone precisely what specific access is needed for, at the very least, major application functions (like polling via wmi) and, ideally, even minor application functions specific to each module (NPM, NCM, SAM, etc.).
I fully understand that there are parts of the Solarwinds suite that would require admin (write/execute/etc.) rights and permissions, however, if we have no intention of using Solarwinds for active management (making changes), it would be great to know that we've configured everything in a away that prevents that possibility. Or, if someone should learn the credentials we have configured within our Solarwinds suite, it would be great to know that it would be impossible to make changes to our infrastructure with just those credentials (instead of being able to make "admin" level changes across the entire network).
