|
View previous topic :: View next topic |
Author |
Message |
Robert_in_MTL
Joined: 20 Jun 2006 Posts: 229 Location: Montreal, Quebec
|
Posted: Tue Jun 23, 2015 12:06 pm Post subject: Best practice for Domain Controler monitoring |
|
|
Hi,
We increased security on our network and we want to avoid using Domain Admins accounts for our services (RMA / run as...) so I want to hear what you suggest before I do anything.
I would like to know your views / best practices to monitor Domain Controlers. (CPU, Disk Space, services, etc...)
Do you recommend having a domain admin user for the service, or to access DCs or you have an alternative?
Should I simply use one RMA on each DC to monitor locally? (around 15 DCs)
Any input from other users are also welcome.
Thanks, and for the 100th time, koodos at HostMonitor ! |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Jun 23, 2015 2:14 pm Post subject: |
|
|
It depends on test methods, you need to perform and your environment.
E.g. test methods like, CPU Usage, Performance Counter and Process can be performed using regular user account that has access to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows_NT\CurrentVersion\Perflib
on target system.
Ping, TCP, http, SNMP test methods does not require domain user authentication.
Other test methods may require admin rights.
If you do not want to use domain admin account or there are firewalls installed between HostMonitor and target system, we recommend to use RMA agent. Passive RMA requires only one incoming TCP port to be opened for communication, while Active RMA does not require opened incoming ports.
For local (RMA system) monitoring RMA service can be started under local system account. |
|
Back to top |
|
|
Robert_in_MTL
Joined: 20 Jun 2006 Posts: 229 Location: Montreal, Quebec
|
Posted: Tue Jun 23, 2015 2:22 pm Post subject: |
|
|
hmmm, we use a domain account for services and access, and it has no rights on DC's
so, in other words, I would need 1 RMA per DC running as local services ? |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Jun 23, 2015 2:30 pm Post subject: |
|
|
Correct. |
|
Back to top |
|
|
Robert_in_MTL
Joined: 20 Jun 2006 Posts: 229 Location: Montreal, Quebec
|
Posted: Tue Jun 23, 2015 2:31 pm Post subject: |
|
|
ok, thanks... |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|