Here are the mandatory configurations of supervised machines in an Active Directory forest in order to enable the Monitorpack application to function correctly.
Connect to one of your controller domains with a domain administrator account, launch the gpm.msc console and follow the recommendations from the video below.
Create two accounts in the active directory forest, one of which will be used to create alerts and another that will be used by the Windows Monitorpack Engine service. We offer you a naming standard but you can modify it as you wish. These two accounts must be members of the Active Directory domain administrator group.
For the service account you can also use a gMSA account, for this refer to Microsoft TechNet to create it or contact us.
Objet | Description | MMC | information | Details |
GPO | Allow Inbound Remote Administration Exception | gpmc.msc | Allow Monitorpack Guard machine IP | None |
Firewall | TCP 445 | wf.msc | LISTENING | None |
Windows service | Service Remote registry | services.msc | Running | None |
Windows service | Service Workstation | services.msc | Running | None |
Windows service | svc_Monitorpack | services.msc | Local administrator of supervised machines | None |
Windows user | adm_Monitorpack | lusrmgr.msc | Local administrator of supervised machines | None |
Here are the mandatory configurations of the supervised machines in a Worggroup or a DMZ in order to allow the Monitorpack application to function correctly.
When you are in a workgroup it is imperative to use the identical administrator account created on each machine "adm_Monitorpack" when creating alerts in order to have access rights to values on remote machines.
Objet | Description | MMC | information | Details |
LocalAccountTokenFilterPolicy | Registry key | Script Monitorpack | LocalAccountTokenFilterPolicy.vbs | None |
GPO / on each machine | Windows Defender Firewall: Allow inbound remote administration exception Enabled | gpedit.msc | Allow Monitorpack Guard machine IP | None |
Windows service | Service Remote registry | services.msc | Running | None |
Firewall | TCP 445 | wf.msc | LISTENING | None |
Windows Account | adm_Monitorpack | lusrmgr.msc | Same username and password on all machines with local administrator role | None |
Windows Account | adm_Monitorpack | services.msc | Member of the “Performance Analyzer User” Group | None |
Windows service | svc_Monitorpack | services.msc | Same username and password on all machines with local administrator role | None |
Inter VLANsPort 445 is used by the Server Message Block (SMB) protocol for sharing files and printers over a network Windows. Its availability between VLANs on the same switch depends on the specific configuration of the switch and the policy network security implemented. TCP port 135 is used by a specific service in Windows environments called Remote Procedure Call (RPC), TCP port 135 is crucial for communication and interoperability between services and Windows applications on remote computers, using the RPC protocol. 1. Switch configuration: The switch must be configured to allow routing between the different VLANs if the traffic
between them is allowed. More informationDefine the monitoring policy and select the account to use for monitoring - This account must have local administrator rights on the machines to be monitored. The current session for creating alerts must also have administrative rights on the Monitor machine and direct access to performance counters of the remote machine. If the current session does not have these rights, use the "User authentication" option to use an administrator account on the remote machine. 1. LocalAccountTokenFilterPolicy - is a security feature that helps prevent damage caused by viruses and other security threats by monitoring your programs to make sure they are using system memory safely. It also blocks all non-Microsoft software depending on your configuration. This registry key is necessary when you operate in a workgroup but is not obligatory in an active directory forest context. 2. Allow Inbound Remote Administration Exception - Create a secure domain GPO with gpmc.msc by limiting authorization to the IP address of a single machine in this case the Monitorpack Guard machine. As part of a workgroup you will need to use gpedit.msc and create a local GPO on each machine to authorize the address unique to the Monitorpack Guard machine. 3. Local administrator of machines to be monitored - The service account must be local administrator of all servers and Windows machines. To simplify, add the svc_Monitorpack account to the "Domain Admins" group to ensure these rights on all machines deployed in the Active Directory forest. We remind you that this account will be the one used as the identity of the service account from the Monitorpack machine which will control your entire environment, it is this account which will therefore make all the requests on all the machines and which must have these administrator rights. 4. TCP Port 445 - The port defaults to "LISTENING" on all Windows machines, whether workstations or servers. Monitorpack uses this port to check machine availability, requiring an active port 445. By blocking or removing this port, machines will be considered inaccessible and will not be monitored. To check available ports, use the "netstat -no" command and look for "0.0.0.0:445" in the local address column. 5. Fixed IP address - Since you determine in your GPO which Monitorpack machine will be authorized to monitor, it is therefore relevant to define a fixed IP address for this machine even if it is a Windows workstation so that the policy can be maintained. Understanding that during an update or renewal of a lease your address may change and this new address will no longer be authorized. Platform requirements |