I’m playing around with Icinga for Windows at the moment. I struggle with the Invoke-IcingaCheckUpdates command. It results a permission error. At the docs i found the hint:
I searched a while but can’t find any solution how to set this permission.
the Agend and Powershell service is running as “nt authority\network service” (default setting)
Do you have a hint how to set the permission for network service to be able to talk to the WU API?
I know. Thats why I confirmed the answer of the knowledge base (at least according to my own additional research & test). “Not possible to grant that permission”.
nt authority\system is even a bit more rights for the service…yes, that works as well if security is negligible.
My problem with this check was, that the error given to Icinga by Powershell is a bit misleading. It pretends that 6 checks are good (no missing updates) followed by an unspecified access denied. As I had no missing updates this was “correct”, not knowing at first, that it always returns “0” in case of access denied even if Updates are pending.
I prefer *nix.