Syskit Monitor
Try it for FreeContact UsProduct Site
  • Syskit Monitor
  • Product Updates
    • Syskit Monitor 9.1.0 - Release Note
    • Syskit Monitor 9 – The monster has awoken!
    • Syskit Monitor 8.4.0 - Release Note
    • Syskit 2012 R2 8.3.0 - Release Note
    • Syskit 2012 R2 8.2.0 Release Note
    • Syskit 2016 R2 8.0.1 - Release Note
    • Syskit 2016 R2 – Monitor and script all the things!
  • Requirements
    • System Requirements
    • User Permission Requirements
    • Pre Installation Requirements
  • Installation and Configuration
    • Install Wizard
      • Install Syskit Monitor
      • Install Syskit Monitor Data Collector
    • Configuration Wizard
      • Configure Syskit Monitor
      • SQL Permissions
        • Create a SQL Server Login
        • Create a SQL Server Database
        • Create a Service User Login Permission
        • Connect an Existing Database
    • Upgrade to the Latest Version
    • Uninstall Wizard
  • Editions
    • Editions
  • Activation
    • Activation Privacy Statement
    • Online and Offline Activation
    • Activation FAQ
  • Get to Know Syskit Monitor
    • Quick Start Guide
    • Administration
      • Servers and Groups
      • Monitoring Templates
      • PowerShell Scripts
    • Backstage Screen
      • Manage Data Gathering
      • Help Screen
      • Configuration
        • Configure
        • Options
      • Syskit Monitor Web App
    • Dashboards
      • Sessions Dashboard
      • Performance Dashboard
    • Reports
      • User Reports
      • Application Reports
      • Performance Reports
        • System Overview
        • Computer Performance
        • Application Performance
        • User Performance
      • Gateway Reports
      • License Reports
      • Event Log Reports
      • Inventory Reports
        • Hardware and Software
        • Powershell Reports
        • Compare Wizard
      • Custom Reports
  • Common Tasks with Syskit Monitor
    • Monitoring Windows Server and Application Performance
    • Monitoring and Restarting Stopped Windows Services
    • Real Time Alerting
    • Monitoring User Activities and Application Usage
    • Monitoring RD Gateway Connections
    • File System Auditing
    • Malicious IP Blocking
    • Computer Inventory
  • How To
    • Custom Reports
      • Create Custom Report
      • Create SQL Custom Report
      • Create an Alert
    • Users
      • Add Users Manually
      • Add Users From Active Directory
      • Manage Security Permissions
    • Dashboards
      • Create a Custom Dashboard
      • Edit Dashboards
      • Add Formatting Condition to Metrics
    • Reports
      • Export Report to Excel
      • Configure Cost Overview Report
      • Configure Report Subscriptions
      • Create Customized Report Views
    • Computers
      • Add/Remove or Delete Computer from Monitoring
      • Add Citrix Servers to Monitoring
    • Monitoring Templates
      • Predefined Monitoring Templates
      • Template Wizard
      • Import / Export Monitoring Template
      • Download Templates
    • Powershell Scripts
      • PowerShell Wizard
      • Manage Scripts
      • Import / Export PowerShell Script
      • Import and Use PowerShell Script Modules
      • Download Scripts
    • Service Accounts
      • Add Service User to Local Administrators Group via Group Policy
      • Add Service User to Local Administrators Group Manually
    • Audit Events
      • Enable Folder Auditing
      • Configure Audit Logon Events
      • Configure Syskit Monitor server to support the Block Malicious IP Addresses feature
    • Citrix Xenapp
      • Allow Remote RPC on Xenapp
      • Monitor Citrix Published Applications
      • Configure Syskit Monitor for Citrix XenApp 5 Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 6.x Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 7.x Published Application monitoring
    • Performance Counters Management
    • Manage Syskit Monitor Data Collector
    • Move database to new server
    • Exclude installation folder from antivirus scanning
  • FAQ
    • FAQ
  • Troubleshooting
    • SQL Server Connection
    • SQL Server Express 2012 LocalDB
    • How to resolve the Offline and Unauthorized computer states
    • Network Ports
    • Fixing WMI to work with Syskit Monitor
    • Enable-PSRemoting for untrusted domains to work with Syskit Monitor
    • Configuring CredSSP for use with PowerShell in Syskit Monitor
    • Installation Issues
    • User States
    • User Connections
    • Miscellaneous
Powered by GitBook
On this page
  • Add Service User to Local Administrators security group through restricted groups
  • Create a security group in Active Directory
  • Set “Logon as a service user” for the Syskit Monitor service user

Was this helpful?

  1. How To
  2. Service Accounts

Add Service User to Local Administrators Group via Group Policy

This article provides guidelines on how to add the Syskit Monitor service user to the Local Administrators security group via Group Policy on each server you plan to monitor.

Add Service User to Local Administrators security group through restricted groups

If you plan to monitor a lot of servers, it is much easier to configure the service user permissions via a group policy. By adding our service user to the restricted groups, you will define his privileges across your domain. You can fine-tune administrative privileges via Organizational Units.

Create a security group in Active Directory

  1. Open Active Directory Users and Computers, expand ‘Domain’, right-click Users, click New, and then click Group.

  2. In the New Object – Group dialog box, type in Group Name, e.g. Local Administrators, set the Group scope to Global, and the Group type to Security. Click OK to proceed.

  3. Right-click the newly created Group, select Properties, navigate to the Members tab, click Add… and enter designated users to the group, e.g. domain\administrator, domain\domain admins, domain\syskitmonitorservice. Add other users that also need administrative privileges, if necessary. Click OK to proceed.

  4. Open Group policy management in the Administrative tools on your domain controller.

  5. If you do not have your SysKitMonitor/Administrators custom domain policy right-click on the Default Domain Policy and choose Edit.

  6. Find the policy setting Computer Configuration > Policies > Windows settings > Security settings > Restricted groups.

  7. Right click on the Restricted groups and select Add group.

  8. In the Add group dialog box, click Browse or type in the previously created group, e.g. domain\Local Administrators. Click OK to proceed.

  9. Afterwards, the domain\Local Administrators Properties dialog will open. If you added users or groups into the “Members of this group” box, you would advise the Restricted Groups feature to put the users and groups you selected into the ‘Local Administrators’ group. Restricted Groups would then replace the current members of the ‘Local Administrators’ group with the users and groups you filled into the box.

    As you do want to configure membership of your ‘Local Administrators’ group and assign it to the Administrators group on your client machines, the lower box “This group is member of” is the correct one.

  10. Click Add and type in the name of the group, you want ‘Local Administrators’ to be member of. In this case, “Administrators”. Then click Apply and OK and close all windows.

Set “Logon as a service user” for the Syskit Monitor service user

It is important to define a Domain group policy that is going to allow the service user to “Logon as a service user.” Here is what you need to do:

  1. Open Group policy management under Administrative tools on your domain controller.

  2. If you do not have the Syskit Monitor custom domain policy, right-click on Default Domain Policy and choose Edit.

  3. Find the policy setting Computer Configuration > Policies > Windows settings > Security settings > Local Policies > User rights assignments > Logon as a service and open it with a double-click.

  4. In the Log on as a service Properties dialog, under the Security Policy Setting tab, add the service user that you created earlier, using the Add User or Group dialog.

    The service user will have “Logon as a service” right on each server. This step is required for Syskit Monitor to run properly.

PreviousService AccountsNextAdd Service User to Local Administrators Group Manually

Last updated 1 year ago

Was this helpful?