Chatta subito con l'assistenza
Chat con il supporto

Foglight Agent Manager 7.3.0 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Configuring registry settings for WinShell access through DCOM

Any WindowsShell connection made to a non-local host requires DCOM access to that machine, regardless of whether the user establishing the connection is a local or third-party user.

Therefore, agents that connect to Windows® machines using the Agent Manager’s WindowsShellService need to make the following specific registry changes to allow the connection.

b
Start regedit, and from the Edit menu, use Find to search for the following key: 72C24DD5-D70A-438B-8A42-98424B88AFB8.
c
Right-click Class ID, and click Permissions.
d
In the Permissions dialog box that appears, click Advanced.
e
In the Advanced Security Settings dialog box, open the Owner tab.
f
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in.
g
The Advanced Security Settings dialog box closes.
h
In the Permissions dialog box, select the Administrators group.
i
In the Permissions for Administrators area, in the Allow column, enable the Full Control check box.
j
The Permissions dialog box closes.
k
Repeat Step a through Step j for the second key:
0D43FE01-F093-11CF-8940-00A0C9054228.

Permissions on registry keys to configure DCOM command shell connection

A Windows® operating system user needs full control permissions on the following registry keys to monitor the operating system:

76A64158-CB41-11D1-8B02-00600806D9B6 (WBEM Scripting Locator)
72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object)

According to the COM specification, the full control permission to the registry keys are required to write values to the registry keys. The values written to the registry key are as follows:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.

For 64-bit Windows operating system, there might be two directories of AppID and CLSID, then the written values are:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the

value to blank.

HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.
NOTE:
1. If the keys under
HKEY_CLASSES_ROOT\AppID do not exit, manually add the keys to the written value by default permission.
2. If the keys under HKEY_CLASSES_ROOT\CLSID and HKEY_CLASSES_ROOT\Wow6432Node\CLSID do not exit, and you do not have permission to add a new String Value or edit the Value data, change the Owner from TrustedInstaller to Administrators, then grant the Set Value permission first.

Providing the full control permissions to a Foglight Agent Manager (FglAM) user is the most convenient way to write these values, which will be generated automatically. If you don’t want to provide the full control permissions to the FglAM user, do either of the following:

Manually write the values to those keys, and then remove the full control permission. If the full control permissions cannot be deselected, select Deny Permission entry to remove all the permissions, and keep permissions for the entries Query Value, Enumerate Subkeys, Notify, and Read control to Read only. To set deny permission, right click on the registry key and select Permissions. Click Advanced on the popup dialogue box, then double click on the FglAM user, and check Deny Permission entry.

For FileLogMonitorAgent and WindowsEventLogMonitorAgent:

76A64158-CB41-11D1-8B02-00600806D9B6 (For j-interop WMIJavaConnection)

The key 76A64158-CB41-11D1-8B02-00600806D9B6 is used for the Agent Managers installed on Unix or Linux machine to establish the WMIJavaconnection, which requires the administrator privilege to monitor.

Enabling agents to connect from UNIX machines

When an agent connects to a monitored Windows® host from a UNIX® machine, you must make certain registry changes in order to allow the required COM services to run.

1
Click Start > Run.
2
Input regedit in the dialog box and click OK.
3
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\AppID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named DllSurrogate under that key and leave it blank.
4
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named AppID under that key and modify the data to: {76A64158-CB41-11D1-8B02-00600806D9B6}

Disabling UAC

When an agent connects to a monitored Windows host from a UNIX machine, user access control (UAC) must also be disabled in order for WMI connections to succeed.

This requirement affects: Windows Vista, Windows Server 2008, and Windows 7.

Navigate to Control Panel > User Accounts and Family Safety > User Accounts > Change User Account Control Settings, and change the setting to Never Notify.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione