Icinga-for-Windows: specify username for service

InformatikKFM · April 11, 2024, 6:49am

Hello,

is it is possible to specify the username, which runs the windows service for icinga-for-windows. i’ve the problem, that i want to install ifw on multiple domain controllers and a domain controller does not have local users, so that the installation on a second domain controller overwrites the password in Active-Directory from the first installation.

My Installation-Command is:

& $ScriptFile -ModuleDirectory 'C:\Program Files\WindowsPowerShell\Modules\'
-InstallCommand ‘{“IfW-AgentVersion”:{“Values”:[“2.14.0”]},“IfW-ParentAddress”:{“Values”:{“XXX”:[“XXX”]}},“IfW-Hostname”:{“Selection”:“5”},“IfW-ParentZone”:{“Values”:[“master”]},“IfW-StableRepository”:{“Values”:[“https://XXX/IcingaForWindows/icinga_stable/ifw.repo.json"]},“IfW-InstallJEAProfile”:{“Selection”:“1”},“IfW-Connection”:{“Selection”:“0”},“IfW-ParentNodes”:{“Values”:["XXXX”]}}’ `
-IcingaRepository ‘XXX/IcingaForWindows/icinga_stable/ifw.repo.json’

Regards

rivad · April 12, 2024, 9:18am

IMHO it was the other way around and domain controllers only have local users?

If the installation works, I think you can later change the service and choose the user you like.

cstein · May 6, 2024, 3:20pm

Hello,

basically there is a native way to provide a user, but for the password it is a little more complicated. The reason behind is that in general I don’t feel well by placing a password as plain-text on the shell.

To change the user on the install command, add this to your install JSON

"IfW-AgentUser":{"Values":["NT Authority\\NetworkService"]}

and replace the user with the proper one.

For the password, it is a little more complicated. I would recommended using Read-Host for the password input. How ever, this will not work in automated workloads.

[SecureString]$Password = Read-Host -AsSecureString;
Set-IcingaInternalPowerShellServicePassword -Password $Password;

In case you want to automate it, you can run it like this:

Set-IcingaInternalPowerShellServicePassword -Password (ConvertTo-IcingaSecureString 'mysecretpassword');

I hope this helps!

If course you have to place the Set-IcingaInternalPowerShellServicePassword before running your Install-Icinga command, but after the Framework is installed.