Windows Device Monitoring and Management

When monitoring Windows-based managed devices in Netreo, there are a few things to be aware of. These are outlined below.

Windows Service Accounts

In order for Netreo to monitor/manage Microsoft Windows-based managed devices, a Windows service account is required for device access. Netreo uses this account to collect performance statistics, monitor Windows services, and collect Windows event logs for each device.

While a Domain Administrator account is the easiest to use, it is possible to use a non-administrator user account. (See Create a Non-administrator Windows Service Account For Netreo for instructions on creating such an account for use by Netreo.) Using either of these account types require local administrator privileges or DCOM permissions on the device to be managed.

Whichever account type you choose to use, it is highly recommended to use a dedicated service account just for Netreo's use. This provides more accountability for the customer on who is attempting to access/manage their devices. Having a dedicated account also provides the customer a singular avenue to manage permissions and control over their Windows-based devices.

Use of a service account shared by other applications is not recommended because it is possible for the account to become locked on the device due to another application accessing or managing the device at the same time Netreo is trying to. This could lead to loss of monitoring capability or statistical data collection.

Windows Polling Methods Available in Netreo

Netreo offers two polling method options for Windows-based managed devices:

• PowerShell via WinRM (default)
• WMI

See Configure Windows Polling Method in Netreo for instructions on changing the default Windows polling method.

If you need to use a mix of Windows polling methods in your network environment, Netreo allows you to override the default Windows polling method on individual devices with an alternative method.

See Configure Windows Polling Method in Netreo for instructions on overriding the default Windows polling method for individual devices.

WinRM

This polling method uses PowerShell commands via WinRM to poll Windows-based devices for performance data. (WMI commands are still used by PowerShell to collect polling data. See WMI Class Reference for more information.)

Polling via WinRM requires destination port TCP/5985 or TCP/5986 to be open on the device to be managed (originating from the Netreo VA). Netreo first attempts to authenticate with the device using port TCP/5985. If that port works, then Netreo will poll the device using that port. If Netreo cannot authenticate using that port, it will try again using TCP/5986. If that port works, then Netreo will poll the device using that port. So, if you wish to use port TCP/5986 for polling, be sure to close port TCP/5985 on the device.

When authenticating using port TCP/5986 Netreo ignores SSL certificates, so no certificate is required on the polled device.

WinRM and PowerShell 2.0 Compatibility

When using PowerShell version 2.0 and lower, some users may experience issues (for example, with event log polling). To take full advantage of WinRM polling on your Windows devices, please make sure that each Windows device that you wish to poll is using PowerShell version 3.0 or higher.

See Microsoft's official PowerShell documentation (linked below) for how to determine your PowerShell version and update it, if necessary.

https://docs.microsoft.com/en-us/powershell/scripting/install/installing-windows-powershell?view=powershell-3.0

WMI

This is offered as an option for polling pre-version-10 Windows Server devices that still use the deprecated WMIC tool. Using WMI requires destination port TCP/135 and all high ports (1024-65535) to be open bi-directionally on the device to be managed (originating from the Netreo VA).