checkservice WMI status override
- This topic has 1 reply, 1 voice, and was last updated 10 months ago by
.
- Posts
Hi,
I am using a standard user account with Check WMI Plus. The user has access to the WMI namespace and I’ve updated scmanager SDDL service permissions to include a group containing the user account. This gives access to most services.
When I run checkservice with “.”, I couldn’t see the SQL Server instance in the output, so I applied updated the SDDL for the service like I had for scmanager and I can now see it in the output.
The service shows it is running with automatic startup, but the Status property is showing “UNKNOWN”. I’ve confirmed with wbemtest that the user account is also returning UNKNOWN. Testing it with a local administrator account returns OK which means I’m likely missing some additional permissions for remote non-admin-user checks which I can’t figure out.
This leads me to see if instead it is possible to override when a service is considered bad? I would like to still mark a service as OK if it is running with automatic startup and ignore the status.
./check_wmi_plus.pl -H x.x.x.x -m checkservice -A /etc/check_wmi_plus/id-token -a ‘MSSQL\$XYZ’
OK – Found 1 Services(s), 0 OK and 1 with problems (0 excluded). ‘MSSQL$XYZ’ (MSSQL$XYZ) is Running (UNKNOWN).|’Total Service Count’=1; ‘Service Count OK State’=0; ‘Service Count Problem State’=1; ‘Excluded Service Count’=0;Thanks,
Sam
I’ve managed to resolve the permissions issue, so the services now show status OK.
In the security descriptor SDDL for the service, I had only granted:
CC — SERVICE_QUERY_CONFIG (request service settings)
LC — SERVICE_QUERY_STATUS (service status polling)
RC — READ_CONTROL
RP — SERVICE_STARTI also needed to grant:
LO — SERVICE_INTERROGATEI also granted enumeration of dependent services although it was not necessary for this instance:
SW — SERVICE_ENUMERATE_DEPENDENTSThe complete DACL entry I appended was as follows (SID truncated):
(A;;CCLCSWRPLORC;;;S-1-5-21-…)Sam
- You must be logged in to reply to this topic.