Q: I need to grant a user the authority to monitor the performance counters on our servers without giving him more authority than necessary. The user won’t be logged on locally; instead, he'll need to perform the monitoring over our network. How can I grant him this authority?
A: It’s simply a matter of assigning the user logon rights and a couple of registry permissions. I’ve tested this procedure and verified that it works with the Microsoft Management Console (MMC) Reliability and Performance Monitoring snap-in, and it should also work with other performance-monitoring tools because they all use the same Win32 API set. Windows exposes performance counters under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib, so you’ll have to make sure that the user can remotely access this part of the registry on your servers.
First, grant the user the Access this computer from the network right, which you can find in Local Security Policy under Security Settings\Local Policy\User Rights Assignment. Without this right, the user can’t remotely access resources, such as performance counters, on a Windows server. By default, users in the Users group (in which all new users are automatically placed) have this right, so you can skip this step unless you've removed the user from the Users group. . . .
)
Register
Thanks
ray_siahaan August 23, 2007 (Article Rating: