7 Replies Latest reply on Jun 16, 2017 1:12 PM by bobmarley

    Executing a script from an alert - rights question


      I am trying to execute a VB script to restart a service as an action from an advanced alert. The script runs fine when I execute it from the server but it doesn't work when I execute it from the alert.

      Here is what the script looks like:


      strComputer = "mycomputernamehere"

      Set wmi = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

      Set ret = wmi.ExecMethod("Win32_Service.Name='Kiwi Syslog Server'", "StartService")


      If I try to execute the script as a specific user I get the error below, regardless of user I use. I tries to execute as WScript and Cscript also and both fail.



      The alert seems to run as SYSTEM@myorionserver so I added the Orion server as a local admin account on the remote server and it works fine then on my test system - but I don't want to have to add the Orion computer account on thousands of servers.

      Anyone know how to run to execute these from the alerting engine and have them run as a specific user?

        • Re: Executing a script from an alert - rights question
          Mark Roberts



          The VBScript action runs on the Orion server and therefore your script must be written with this in mind first of all. If you are wanting to execute this on a remote server then you will need to use something such as PSExec or use PowerShell which has more capabilities.


          Regarding the permission issues, again you need to be conscious of this executing locally and therefor the service account permissions are important.


          The following KB will assist - Tips for executing external scripts and batch files with alerts - SolarWinds Worldwide, LLC. Help and Support

          • Re: Executing a script from an alert - rights question

            I think I'm going to go with this one and then I can use the native Solarwinds method to restart services. aLTeReGo confirmed what is going on with the rights issue with the alerting service in the link below.

            Since the alerting service is running as 'local system' it can not execute remote commands against servers regardless of the method (VB, WMI, Powershell, etc...)

            I will just need to add a step to change this account step in my future upgrades and password changes.


            What I would like to end up with is a single alert for all services on all machines like mentioned in the KB Mark Roberts referred to Hopefully this will take care of it.


            Found an old post on this:

            Restart Server using Trigger Action


            Thanks for the help everyone!

            • Re: Executing a script from an alert - rights question

              Issue resolved! I added 'Administrators' to the token as shown below and now I can restart a service using the out of the box Solarwinds command below:


              C:\Program Files (x86)\SolarWinds\Orion\APM\APMServiceControl.exe ${N=SwisEntity;M=ComponentAlert.ComponentID} -c=RESTART

              ***(make sure the path at the beginning ''C:\Program Files (x86)\SolarWinds\Orion'' is correct for your installation)***

              The alert looks like this:



              *In order for the Orion server to be able to restart services it needs to have the correct permissions



              1. 1. Go to Control Panel > Administrative Tools.
              2. 2. Select Local Security Policy > Local Policies > User Rights Assignment.
              3. 3. Right-click Replace a Process Level Token and select Security or Properties.
              4. 4. Click Add to add the account Executive Viewer Server is running on.


              Add Administrators to the Local Token Properties

              • Re: Executing a script from an alert - rights question

                Another observation I made on running executables as a alert action such as using  Klog or Trapgen to forward on messages to another host. Dont put them into your windows, window system or windows system32 on Windows 2012.


                Put them somewhere like C:\scripts\.


                Apparently 2012 hides files copied from one user from others, so the system account can not run them.This is only for the windows directories.