When making users the administrators of their local machines is not possible, you can grant required permissions to individual remote users using the following procedures.
a On the monitored host machine, at the Windows® Run prompt, type DCOMCNFG and press Enter.
b In the Component Services window that appears, navigate to Component Services > Computers > My Computer.
c Right-click My Computer and click Properties.
d In the My Computer Properties dialog box that appears, open the COM Security tab.
e In the Access Permissions area, click Edit Defaults.
f In the Access Permission dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions.
g Click OK to save your changes and close the Access Permission dialog box.
h In the Launch and Activation Permissions area, click Edit Defaults.
i In the Launch and Activation Permissions dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions
j Click OK to save your changes and close the Launch and Activation Permissions dialog box.
k In the My Computer Properties dialog box, click OK to close it.
l Close the Component Services window.
1 On the monitored host machine, right-click My Computer, and navigate to Manage > Services and Applications > WMI Control.
2 Right-click WMI Control and click Properties.
3 In the WMI Control Properties dialog box, open the Security tab.
4 Expand the Root node and select CIMV2, then click Security.
5 In the Security for ROOT\CIMV2 dialog box, add the Distributed COM Users group
7 Click Apply and then click OK.To add subsequent users, they only need to be added to the two groups, Distributed COM Users and Performance Monitor Users, since these groups are already granted the required permissions.Even though the local user is now granted access to WMI with the above configuration, not all performance monitoring classes allow non-administrative users to access their instances. Some performance classes need special permission to enable non-administrative users to perform queries or execute methods on their object instances. Some of these queries can fail clearly with an error code (for example, by the Agent Manager service throwing a Java exception), but some of them can fail without returning any data or error codes. Therefore, this setup must be used carefully, as query results can be unpredictable. From the system security perspective, there is still only so much a non-administrative user can do.
Access to WMI is required for both OS verification while creating an agent, and for collecting OS metrics from the monitored host. In some cases, an access violation on the WMI namespace (error 0x00000005) may occur when the agent connectivity verification fails. The access violation error can occur when the permissions or credentials used to access WMI, and specifically the root\cimv2 namespace and Root\MSCluster (if the machine is included in a cluster), are changed or invalid.In order to view and change namespace security, the user must have Read Security and Edit Security permissions. Administrator accounts have these permissions by default, and can assign them to other users if necessary.
2 Right-click My Computer and click Manage.
3 In the Computer Management dialog box that appears, expand the Services and Applications node.
4 Right-click WMI Control, and click Properties.
5 In the WMI Control Properties dialog box that appears, open the Security tab.
6 Expand the Root node and select CIMV2, then click Security.
7 In the Security for ROOT\CIMV2 dialog box that appears, modify or assign permissions as necessary.
8 Click OK on each of the dialog boxes to close them.
9 If the machine is part of a cluster, repeat the procedure for the ROOT\MSCluster namespace.
In some cases, when the agent queries WMI to collect metrics on the monitored host, the host’s performance may be affected. When this occurs, the agent log includes the message: Quota violation [SWbemServicesEx]. This error stems from WMI rather than the agent, and has been identified by Microsoft® as a known issue in Windows® Server 2003.
Microsoft® has identified a number of known issues with WMI services in Windows® Server 2008. The following issues may occur:
• In SQL Server 2008, the perfmon counters do not appear under WMI because they do not exist.
1 Using the same OS credentials as the agent uses, run perfmon /wmi on the monitored host.
3 In SQL Server 2008 on Windows Server 2008, if the perfmon counters are missing from WMI, install the following hotfix: .