Windows Icinga2 Agent Command requires an administrator command prompt

Hi,

I’ve configured a check to monitor the Microsemi Adaptec raid controller on Windows, like it is described by Thomas Krenn here.

I’ve configured a command and service template (Icinga2Basket_AdaptecRaidWin.json.txt (10.2 KB) )

In an administrative cmd the command works:

grafik827×87 4.75 KB

But executed by the Icinga2 Windows Agent the controller isn’t found.

From standard installation via Powershell Framework the service is installed under “network service” account.

How can I configure the command to run with administrative rights?

Thanks
Ulf

Hi,

i think that is not possible without storing the username and password encrypted on the server and use these credentials to start an adminshell. You can also use this user directly for the Icinga2 service. As an admin account breaks security, thats not the best option I think.

Best way would be to find out what minimum permissions are needed to read the information you want and then give the Icinga2 service user this permissions.

If this tool simply not works without admin rights, because of Reasons™, you could execute this script with an Admin account as a scheduled task and write the output to a file regulary, then read this file with Icinga and process the result.

Thanks Rafael,

the tool needs administrative rights, because you can configure your raid controller with it. But yes, a read only access without admin rights would be nice.

I will search a solution.

Thanks.
Ulf

Have you tried installing the Icinga 2 Agent as a system service?
E.g. like this

Icinga2AgentModule -IcingaServiceUser 'NT AUTHORITY\SYSTEM' -DirectorUrl 'https://..../icingaweb2/director/' -DirectorAuthToken '1...9' -RunInstaller 

I’ve tried that now. Then the Icinga 2 Agent cant register Port 5665

System User must work. Maybe the port is still open due to reinstallation. I had this once and needed to reboot the server to fix this.

I will test it out of office time