Invoke-IcingaCheckUpdates how to setup correct permissions


I’m playing around with Icinga for Windows at the moment. I struggle with the Invoke-IcingaCheckUpdates command. It results a permission error. At the docs i found the hint:

I searched a while but can’t find any solution how to set this permission.
the Agend and Powershell service is running as “nt authority\network service” (default setting)

Do you have a hint how to set the permission for network service to be able to talk to the WU API?

Thanks and best

Probably not of interest anymore, but in case someone comes here with similar questions (like me):

The answer is here:

At the moment not possible.
At least unless you don’t want to run Icinga Powershell Service with administrative Rights. Works, but not the best idea.

The check is pointless for current Windows Server it seems, as there is no way to grant that right to a Non-Administrative User.

Well, you can try run the icinga2 service as “nt authority\system” but that wasn’t the question.

I know. Thats why I confirmed the answer of the knowledge base (at least according to my own additional research & test). “Not possible to grant that permission”.

nt authority\system is even a bit more rights for the service…yes, that works as well if security is negligible.

My problem with this check was, that the error given to Icinga by Powershell is a bit misleading. It pretends that 6 checks are good (no missing updates) followed by an unspecified access denied. As I had no missing updates this was “correct”, not knowing at first, that it always returns “0” in case of access denied even if Updates are pending.
I prefer *nix.

1 Like