This document provides reference information on the data provider Windows Inventory.
Windows Inventory data provider is able to collect hardware and software information using the remote scanning by Remote WMI.
Following Windows Server versions are supported by the Windows Inventory data provider:
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Required access rights
If the account specified in the data provider configuration is included into the local Administrators group on all remote computers, it has full permissions and no additional setup is needed.
Otherwise you need to:
- grant permissions on the Root\CIMV2 and Root\DEFAULT namespaces for the data provider configuration account.
- add the data provider configuration account to the Distributed COM Users and Performance Monitor Users groups.
Currently the system does not support collecting Windows logon information for scanned computers unless the account set in the provider configuration is an administrator on those computers.
Adjusting permissions for WMI namespaces
- Run the wmimgmt.msc command from the Command Prompt to open the WMI console.
- In the left pane, right-click WMI Control (Local) and select Properties.
- In the WMI Control (Local) Properties dialog that opens go to Security tab.
- Expand the Root node and select the CIMV2 namespace.
- Click the Security button to open the Security dialog.
- Under Group or user names add a user or group that is used by the data provider configuration account.
- Click the Advanced button.
- In the dialog that opens select the newly added user or group and click the Edit button.
- In the Apply to drop-down field, select This namespace and subnamespaces.
- In the Permissions list, select the Allow column checkbox for Execute Methods, Enable Account, and Remote Enable.
- Subsequently click OK in all dialogs except the WMI Control (Local) Properties dialog.
- Repeat steps 4-11 for the DEFAULT namespace.
- Click OK in the WMI Control (Local) Properties dialog to save the changes.
Adding data provider configuration account to Groups
- Run the lusrmgr.msc command from the Command Prompt to open Local Users and Groups (Local).
- In the left pane, double-click Groups to display the list of groups.
- Right-click Distributed COM Users and select Add to Group...
- In the Distributed COM Users Properties dialog, click Add.
- In the dialog that opens, in the Enter the object names to select field, type the user or group that is used by the data provider configuration account.
- Click Check Names and then OK.
- In the Distributed COM Users Properties dialog, click Apply.
- Repeat the 3-7 steps for the Performance Monitor Users group.
If you also want to scan the computer where the data gateway service is installed, you need to perform the above mentioned steps for the data gateway service account as well.
For Windows Server 2008, an additional setting should be adjusted:
- Run the UAC command from the Command Prompt to open User Account Control Settings.
- In the dialog that opens, set the slider to Never notify and click OK.
Windows Server 2008 is officially not supported, but may work with above settings. However, issues may occur. In this case Matrix42 will not provide any support.