Low-Privilege Environments
Applies To: Operations Manager 2007
Low-privilege Environments and the Agent Action Account
You can use a low-privilege account for the agent action account, although a number of rules and monitors require elevated privileges.
Low-privilege Accounts and Windows XP
On computers that are running Windows XP, the low-privilege account used as the agent action account must meet special requirements, as shown in the following table.
| Operating System | Member Of | Rights |
|---|---|---|
Windows XP |
Local users group |
Log on locally |
Windows XP |
Local Performance Monitor users group |
Log on locally |
Discoveries and Monitors Configured to Use the Privileged Monitoring Account Run As Profile
The following table lists the object discoveries and monitors that are configured by default to use the Privileged Monitoring Account Run As profile, which defaults to Local System and does not require association with any Run As account or target computer. As a result, no user intervention is required for these object discoveries and monitors that must use a high-privilege account.
Note
You can change the default action account by changing the agent action account associated with the Privileged Monitoring Account Run As profile.
If your requirements stipulate that only a low-privilege account should be used in your environment, use overrides to disable the monitor and object discoveries for the appropriate operating systems listed in the table.
For more information and for instructions about how to use overrides, see How to Monitor Using Overrides (https://go.microsoft.com/fwlink/?LinkID=117777) in the Operations Manager 2007 Help.
| Operating System and Monitor Type | Discovery or Monitor |
|---|---|
Windows 2000 Professional |
Discover Windows Logical Disks |
Windows 2000 Professional |
Discover Windows Physical Disks |
Windows 2000 Professional |
Computer Browser Service Health |
Windows XP |
Discover Windows Logical Disks |
Windows XP |
Discover Windows Physical Disks |
Windows XP |
Computer Browser Service Health |
Windows Vista |
Discover Windows Physical Disks |
Windows Vista |
Discover Windows Logical Disks |
Windows Vista |
Logical Disk Availability Health |
Windows Vista |
Computer Browser Service Health |
Windows Vista Aggregate Client monitoring |
Discover Windows Physical Disks |
Windows Vista Aggregate Client monitoring |
Discover Windows Computer |
Windows Vista Aggregate Client monitoring |
Discover Operating System |
Windows Vista Aggregate Client monitoring |
Discover Windows Logical Disk System Drive |
Windows Vista Aggregate Client monitoring |
Discover Windows Logical Disks |
Windows Vista Aggregate Client monitoring |
Discover Windows Physical DIMM Disks |
Windows Vista Aggregate Client monitoring |
Discover Windows Physical Disks |
Windows Vista Aggregate Client monitoring |
Rules that access the event log |
Windows Vista Aggregate Client monitoring |
All unit monitors |
Windows 7 |
Discover Windows Physical Disks |
Windows 7 |
Discover Windows Logical Disks |
Windows 7 |
Logical Disk Availability Health |
Windows 7 |
Computer Browser Service Health |
Windows 7 Aggregate Client monitoring |
Discover Windows Physical Disk |
Windows 7 Aggregate Client monitoring |
Discover Windows Computer |
Windows 7 Aggregate Client monitoring |
Discover Operating System |
Windows 7 Aggregate Client monitoring |
Discover Windows Logical Disk System Drive |
Windows 7 Aggregate Client monitoring |
Discover Windows Logical Disk |
Windows 7 Aggregate Client monitoring |
Discover Windows Physical DIMM Disk |
Windows 7 Aggregate Client monitoring |
Discover Windows Physical Disk |
Windows 7 Aggregate Client monitoring |
Rules that access the event log |
Windows 7 Aggregate Client monitoring |
All unit monitors |
Using Roles
In order to use Aggregate Client monitoring to monitor the Windows 7 and Windows Vista clients in your environment, you must be assigned the Operator role in Operations Manager 2007. You must be assigned the Administrator role in Operations Manager in order to use Business Critical Client monitoring. For more information about the types of client monitoring available in Operations Manager, see the Understanding Management Pack Operations section of this guide.