Wir nutzen Cookies, um Ihnen eine optimale Nutzung dieser Webseite zu ermöglichen. Mehr Informationen finden Sie im Datenschutzhinweis. Wir nehmen an, dass Sie damit einverstanden sind, falls Sie diese Webseite weiter besuchen.

Ihre Cookie-Einstellungen
Ihre Einstellungen wurden aktualisiert.
Damit die Änderungen wirksam werden, löschen Sie bitte Ihre Browser-Cookies und den Cache und laden dann die Seite neu.

Die Checkmk-Konferenz #6 wird virtuell! Mehr Infos hier!

Werk #10677: Windows plugins and local checks can be called using non-system account

KomponenteChecks & Agents
TitelWindows plugins and local checks can be called using non-system account
Datum2020-01-09 09:50:22
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.7.0i1
LevelProminent Change
KlasseNew Feature
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

Previously the plugins and local check were always called using Windows System account. Such approach could restrict access to some resources, for example, network shares. Now this problem has been resolved.

The new ruleset in Bakery Run plugins and local checks using non-system account gives the possibility to run any Windows script using a given user account.

There are two modes of the rule:

group mode, in this case Windows Agent provides its own internal user in the requested group to run a script.

user mode, in this case the credentials for the given user account must be fully specified.

The group mode is more secure, because no credentials need to be stored anywhere, except in the agent internally. When using the user mode, the provided credentials are stored on all Checkmk servers to which the configuration is applied. Also, the credentials will be baked into the distributed to target systems agent bakery packages(MSI files).

The same functionality in Raw Edition can be achieved using Agent configuration file.

To set group mode for desired plugin pattern you should assign the name of the local group to the key group. To set user mode for desired plugin pattern you should assign string with user name and password separated with one space to the key user. Detailed example you may found in the provided configuration file.

We highly recommend using the group mode whenever possible.