checkservice WMI status override

Home Forums Help checkservice WMI status override

Tagged: ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • 2024-08-26 at 2:07 AM #991
    63jw7PTiR8_XKJRA
    Participant

    Hi,

    I am using a standard user account with Check WMI Plus. The user has access to the WMI namespace and I’ve updated scmanager SDDL service permissions to include a group containing the user account. This gives access to most services.

    When I run checkservice with “.”, I couldn’t see the SQL Server instance in the output, so I applied updated the SDDL for the service like I had for scmanager and I can now see it in the output.

    The service shows it is running with automatic startup, but the Status property is showing “UNKNOWN”. I’ve confirmed with wbemtest that the user account is also returning UNKNOWN. Testing it with a local administrator account returns OK which means I’m likely missing some additional permissions for remote non-admin-user checks which I can’t figure out.

    This leads me to see if instead it is possible to override when a service is considered bad? I would like to still mark a service as OK if it is running with automatic startup and ignore the status.

    ./check_wmi_plus.pl -H x.x.x.x -m checkservice -A /etc/check_wmi_plus/id-token -a ‘MSSQL\$XYZ’
    OK – Found 1 Services(s), 0 OK and 1 with problems (0 excluded). ‘MSSQL$XYZ’ (MSSQL$XYZ) is Running (UNKNOWN).|’Total Service Count’=1; ‘Service Count OK State’=0; ‘Service Count Problem State’=1; ‘Excluded Service Count’=0;

    Thanks,

    Sam

    • This topic was modified 1 year, 2 months ago by 63jw7PTiR8_XKJRA. Reason: Formatting
    2024-08-26 at 5:39 AM #993
    63jw7PTiR8_XKJRA
    Participant

    I’ve managed to resolve the permissions issue, so the services now show status OK.

    In the security descriptor SDDL for the service, I had only granted:

    CC — SERVICE_QUERY_CONFIG (request service settings)
    LC — SERVICE_QUERY_STATUS (service status polling)
    RC — READ_CONTROL
    RP — SERVICE_START

    I also needed to grant:
    LO — SERVICE_INTERROGATE

    I also granted enumeration of dependent services although it was not necessary for this instance:
    SW — SERVICE_ENUMERATE_DEPENDENTS

    The complete DACL entry I appended was as follows (SID truncated):
    (A;;CCLCSWRPLORC;;;S-1-5-21-…)

    Sam

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.