Configure & Install WMIC for Observium


WMI Poller



Configuring Windows Firewall and User Access for WMI

This guide assumes you know what Group Policy is.


Allowing WMI Connections in Windows Firewall

Enabling Firewall Settings via GPO


1.  Open Group Policy Management

2.  Create and/or edit the Group Policy Object you wish put these settings into 
3.  Expand Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
4.  Create a New Rule under Inbound Rules

5.  Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, click Next

6.  Select the "WMI-In" option and click Next

7.  Allow the connection > Finish


Enabling Firewall Settings for Individual Server

1.  Open up Windows Firewall with Advanced Security, either through Control Panel or Server Manager, Run -> wf.mfc

2.  Create a New Rule under Inbound Rules

3.  Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, click Next

4.  Select the "WMI-In" option and click Next

5.  Allow the connection > Finish


Configuring WMI Security to Allow a User to Poll WMI

There are a few ways to go about this:



1.  Create a domain user and put them in the Administrator group for all of the servers you wish to poll with WMI

2.  Use a Domain Admin account

3.  Create a dedicated domain user with Read permissions for WMI



Choice #1 or #2 is preferred for testing WMI since it's the fastest. By default, WMI security allows control by any Administrator of the system. If you're a Domain Admin you can test to make sure WMIC is working properly immediately after you install (instructions below). Choice #3, on the other hand, is the more secure but more complex option. It's recommended you take this route to reduce security risks.



Dedicated Domain User for WMI Polls


Unfortunately, there are not any official GPOs available for WMI Security. You will have to perform a bit of a manual process once to generate the data you need to input a string into a script that you will deploy via GPO. Note: Changes to WMI security is rarely done but you need to understand that this process will overwrite WMI Security settings for all servers the GPO applies to. If there have not been any changes to WMI Security for any of your servers, then you need not worry. Suffice it to say, Observium is not responsible for any damages done.



The original guide for this can be found here.


Set WMI Security

1.  Create a new domain user for the purpose of WMI remote reads and add them to the Distributed COM Users group for all servers

2.  On any server you wish to monitor with WMI, open Computer Management (Run -> compmgmt.msc)

3.  Navigate to Services and Applications -> WMI Control

4.  Right click on WMI Control and go to Properties

5. Navigate to the Security Tab

6. Select one of the following Namespaces to add a user:

a. \Root - This will grant the user read access to all WMI Namespaces. Good for future proofing as WMI Providers can be placed anywhere within the system.

b. \Root\CIMV2 - The bare minimum currently required by current WMI pollers in Observium.

7. Click the Security button

8. Click the Advanced buton

9. Click Add

10.  Enter the desired user and click OK

11.  Under the "Apply To" drop down select "This namespace and subnamespaces"

12.  Check Allow for:

                  a. Enable Account
                  b.Remote Enable
13.  Ensure that "Apply these permissions to objects and/or containers within this container only" is UNCHECKED

14.  Click Apply/OK until you're out of OK buttons to click

Installing WMIC 

Install Repository

CentOS 6 x32
rpm -Uvh http://www6.atomicorp.com/channels/atomic/centos/6/i386/RPMS/atomic-release-1.0-19.el6.art.noarch.rpm

CentOS 6 x64
 
rpm -Uvh http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/atomic-release-1.0-19.el6.art.noarch.rpm 
  
Install WMIC from Repositary
  
yum -y install wmi

Set Configuration Variables in config.php

Open up /opt/observium/config.php, add the following lines and then edit them to match your settings:



/opt/observium/config.php

$config['wmi']['domain']    = "";  // Shorthand Domain/Workgroup (ie. not domain.local.com)  $config['wmi']['user'] = ""; // Username
$config['wmi']['pass'] = ""; // Password

Configure Hosts in Observium to Use WMI Poller

Automatically Poll by Enabling WMI Module

Enabling the WMI module will cause the Observium poller to include the module in its scheduled poll.



1.  Navigate to the overview page for the device you want to monitor

2.  On the right-most side of the secondary navigation bar click on the gear:
3.  Click on the Modules tab

4.  Search for "wmi" and click the Enable button


5. You're done! 

Manually Poll / Test  

 /opt/observium/discovery.php -h "HostName_or_DeviceID" -m wmi-common



Comments

Jobrain said…
Thank your for your article. It turned out to be useful for me. Enabled WMI Polling on my domain network.
I am wondering if it is possible to force observium to using a static wmi port (24158 to be precise) for standalone wmi management without high port range behind firewall

Cheers
February 18, 2021 at 8:28 PM
alikhan said…
Such a Nice post.#Thanks For sharing this kind of information windows-firewall-control-crack/ You can also visit my Website crackinges.com
October 22, 2021 at 11:28 PM
azharpc said…
I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost the past 2 years, but I had no idea of solving some basic issues. I do not know how to saqibtech.net But thankfully, saqibtech.net

virtual safe professional crack
doc converter pro business with crack
windows firewall control crack
movavi photo manager crack
roxio mydvd crack
January 29, 2022 at 1:06 AM
Post a Comment

Popular posts from this blog

Zabbix Proxies on CentOS 7

Image
Overview A Zabbix proxy can collect performance and availability data on behalf of the Zabbix server. This way, a proxy can take on itself some of the load of collecting data and offload the Zabbix server. Also, using a proxy is the easiest way of implementing centralized and distributed monitoring, when all agents and proxies report to one Zabbix server and all data is collected centrally. A Zabbix proxy can be used to: Monitor remote locations Monitor locations having unreliable communications Offload the Zabbix server when monitoring thousands of devices Simplify the maintenance of distributed monitoring Setting up Proxy Server We will be using a separate Linux server with CentOS 7 as the base operating system with MariaDB database server installed on it that will be used as a local database for Proxy server. So in this article we assume that you already had set up your Zabbix Server. [root@localhost ~]# rpm --import http://repo.zabbix.com/RPM-GPG
Read more

Join CentOS 7 into Active Directory using realm and sssd

Image
Introduction to SSSD and Realmd   Staring from Red Hat 7 and CentOS 7, SSSD or 'System Security Services Daemon' and realm have been introduced. SSSD's main function is to access a remote identity and authentication resource through a common framework that provides caching and offline support to the system. SSSD provides PAM ans NSS integration and a database to store local users, as well as core and extended user data retrieved from a center server. The main reason to transition from winbind to sssd is that sssd can be used for both direct and indirect integration and allows to switch from one integration approach to another without significant migration costs. The most convenient way to configure SSSD or winbind in order to directly integrate a Linux system with AD is use the realm service. Because it allows callers to configure network authentication and domain membership in a standard way. The realm service automatically discovers information about accessib
Read more