When we discover through NDG, what access privilege is required for Windows servers.

Document ID : KB000012913
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

NDG can use WMI connection to collect information from target Server. The Windows User should be able to run WMI queries remotely from the CCA Server\Grid Node, mostly any account Administrator privileges should be able to run WMI queries remotely. 

Question:

What user permission must be set for a NDG user that will access the WMI on target server?

Environment:
CA Configuration Automation 12.8.x
Answer:

The Windows User should be able to run WMI queries remotely from the CCA Server\Grid Node, mostly any account Administrator privileges should be able to run WMI queries remotely.

In case you are restricted to use an account that does not have administrator privileges, you may want to work with your team to identify the permissions required for the user and that can run WMI queries remotely. 

Below are few check that you can do from CCA Server/Grid Nodes(s) to ensure that the service account that you are provided with has enough privileges to execute WMI queries remotely:

1. Test WMI Connection via WBEM 
     a. Run c:\windows\system32\wbem\wbemtest.exeOn top right click Connect, to connect to a remote host, change the name space to \\YourTargetHost\root\cimv2 
     b. Provide the user and password and Click Connect 
     c. If connection is valid, then select the first button within the Wbem, Services "Enum Classes..." and click ok, This should populate a list of classes (just verify if Win32_* are there) If you need something specific ensure that class exists there 

2. Run WMIPing 
    a. Enable CCA Debugging 
    b. Run the wmiping.vbs script (attached file,) in the commandline with the following paramters 
    c. cscript wmiping.vbs /S YourTargetServer /U <ip>\<user> /P <userPass> /O c:\wmi_ca.out 
    d. Obtain the on screen results (if any) as well as the C:\wmi_ca.out" file 
    e. View the CCA log (or Grid Node log) to see if there are any errors such as •com.ca.acm.server.discovery.wmi.WmiSession (WmiSession.java:139) - ****** Execute Ping command Failed******java.lang.Exception: Error connecting to remote server xxx.xxx.xxx.xxx for user aabbccdd 
    f. The wmi_ca.out file should have: C$,C:\ 

Additional Information:

Click here to get the wmiping.vbs: WMIPing.zip

File Attachments:
TEC1790418.zip