This section addresses common questions about using the BMC PATROL Knowledge Module for Microsoft Windows to perform remote monitoring.
Which version of PATROL KM for Windows supports remote monitoring?
PATROL KM for Windows started supporting remote monitoring from version 4.3.00 onwards.
Which data collection method is used by remote monitoring?
Remote monitoring uses the PATROL Scripting Language (PSL) data collection method to discover instances and to get data through the remote External PSL Call (XPC).
What is the role of psx_server_remote.xpc in remote monitoring?
PATROL KM for Windows uses an XPC-based collection mechanism to support monitoring of the remote hosts. The psx_server_remote.xpc stand-alone executable communicates with PATROL Agent through standard input (stdin) and output (stdout) channels connected with pipes. The communication between PATROL Agent and the XPC server is handled by the SDK libraries through PSL function calls.
psx_server_remote.xpc is an XPC-based WinRM client that opens sessions with remote hosts, runs WMI queries on those hosts, and returns the output to the PSL collectors. For the PSL collectors, the command execution is transparent and the same PSL collectors work well with the local host and the remote host.
The XPC-based WinRM client has following advantages:
- A single WinRM client (process) can handle multiple remote sessions simultaneously.
- Multiple WMI queries can be executed over a single remote session simultaneously.
The XPC-based client is responsible for collecting information from the remote host for the application classes.
What hardware do I need to monitor multiple Windows computers remotely?
The following table lists the hardware requirements for a single PATROL Agent running on a dedicated computer and monitoring 125 remote hosts.
| Resource | Minimum requirement | Recommended |
|---|---|---|
| Processor | Dual processor, 32-bit | Quad processor, 64-bit |
| Server memory | 4 GB | 8 GB |
| Disk space | 600 MB | 1 GB |
Which operating systems can I monitor remotely?
The following operating systems that are supported by PATROL Agent and PATROL KM for Windows can be monitored on a remote host:
- Microsoft Windows XP Professional, SP 3, x86
- Microsoft Windows XP Professional, SP 3, x86-64
- Microsoft Windows Server 2003, SP 2, x86
- Microsoft Windows Server 2003, SP 2, x86-64
- Microsoft Windows Server 2003, SP 2, Itanium 2
- Microsoft Windows Vista, SP 1, x86 and x86-64
- Microsoft Windows Server 2008, x86 and x86-64, Itanium 2
- Microsoft Windows Server 2008 Core x86 and x86-64
- Microsoft Windows Server 2008 R2, x86-64, Itanium 2
- Microsoft Windows Server 2008 R2 Core, 64-bit
- Microsoft Windows 7 (x86, x86-64)
- Microsoft Windows Server 2012, R2 x86-64
What are the pre-requisites for enabling remote monitoring?
The PATROL Agent computer must be a dedicated server for remote monitoring. The WinRM client should be installed on the PATROL Agent computer to communicate with the remote host on which the WinRM server is installed. The WinRM server should be configured with an HTTP or HTTPS listener on the remote host before adding it into a PATROL Agent.
Requirements for host computers (PATROL Agent)
- WinRM version 1.1 or later must be installed.
- PATROL Agent and PATROL KM for Windows version 4.3.00 or later must be installed.
- Kerberos and negotiate (NTLM) authentication should be true in the WinRM configuration.
Requirements for the remote host
- WinRM version 1.1 or later must be installed and running.
- WinRM must be configured with a listener either on HTTP or HTTPS.
- Kerberos and negotiate (NTLM) authentication should be true in WinRM’s configuration.
A valid domain or local user who is a member of the Administrators group.
The following figure illustrates a configuration with multiple remote hosts:
Monitoring configuration with multiple remote hosts
(Click to expand the image)
Which authentication mechanisms are used in remote monitoring?
PATROL KM for Windows supports password based authentication for local and domain users. By default Negotiate Authentication will be done, and if specified using pconfig variable, it will authenticate depending on the flag set. The network authentication protocols supported are explained below:
Kerberos authentication
The client and server mutually authenticate each other using Kerberos tickets. Kerberos is used to authenticate a domain account. The user name must be specified in the following format for a domain user:
domain\username
Note: For using Kerberos authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 1.
Negotiate authentication (NTLM)
The client sends a request to the server to authenticate. NTLM is used to authenticate local computer accounts. The user name must be specified in the following format for a local user on a server computer:
username
Note: For using Negotiate authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 4.
Introduced in Windows Vista and later versions of Windows, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.
To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.
What are “user profiles” in remote monitoring?
User profiles provide a way to share credentials among multiple hosts. The hosts that have the same credentials can be grouped into a user profile. You can then assign that profile to all hosts.
Example:
Host A, Host B, and Host C have the same credentials (patqa1/patAdm1n). You can create a profile named Test with credentials, patqa1/patAdm1n.
All hosts that are added to the Test profile automatically refer to these profile credentials for authentication; you do not have to enter credentials every time, but you must specific the port and protocol depending on the remote host.
Which application classes are supported for remote monitoring?
The remote monitoring functionality in version 4.3.00 and later of PATROL KM for Windows, supports the following application classes:
- NT_CACHE
- NT_CPU
- NT_CPU_CONTAINER
- NT_HEALTH (version 4.5.00 onwards)
- NT_LOGICAL_DISKS
- NT_LOGICAL_DISKS_CONTAINER
- NT_MEMORY
- NT_NETWORK
- NT_OS
- NT_PAGEFILE
- NT_PAGEFILE_CONTAINER
- NT_SERVICES
- NT_SERVICES_CONTAINER
- NT_SYSTEM (version 4.4.00 onwards)
- NT_PHYSICAL_DISKS_CONTAINER (version 4.4.00 onwards)
- NT_PHYSICAL_DISKS (version 4.4.00 onwards)
- NT_PROCESS (version 4.5.00 onwards)
- NT_PROCESS_CONTAINER (version 4.5.00 onwards)
- NT_PROCESS_GROUP (version 4.5.00 onwards)
- NT_EVENTLOG
- NT_EVINSTS
Limitations
The following application class limitations apply for remote monitoring on Windows computers:
Discovering an application class depends on the WMI query. Discovery might not work if the WMI counters are not available, the output is invalid, or the user account that you provided while adding the remote host does not have permission to execute the WMI query.
- In the NT_SERVICES_CONTAINER application class, the Disable Automatic Restart and Configure Service menu commands do not work for remote hosts.
- In the NT_SERVICES application class, the Start, Stop, Pause, and Reset menu commands do not work for remote hosts and recovery action to auto restart is not supported for remote hosts.
- In the NT_OS application class, the values of the Up Time and Last Reboot At InfoBox fields are not displayed.
- In the NT_PROCESS_CONTAINER application class, the View Process Status KM command does not work for remote hosts.
- In the NT_PROCESS application class, the View Process Details KM command does not work for remote hosts.
- The options Restart the process using the specified command when the process is terminated and Terminate the process when the process' CPU% usage exceeds the defined PATROL threshold for n minutes, from the Process Settings window (KM commands > Configure Manual Process Monitoring > Process Settings) do not work for remote hosts.
- In case of the NT_HEALTH application class, only MemoryUsage and SystemPaging parameters are displayed.
Which WMI queries do application classes refer to?
The following table lists the application classes and the WMI queries that they use.
| Application class | WMI Queries | ||
|---|---|---|---|
| For Discovery | For Collection | For InfoBox | |
| CACHE | NA | SELECT Name, | NA |
LOGICAL DISKS |
| SELECT Name, | NA |
| MEMORY | NA | SELECT | SELECT TotalPhysicalMemory from Win32_ ComputerSystem |
| PAGEFILE | SELECT Name from Win32_PerfRawData_ | SELECT Name, PercentUsage, | SELECT Name, where Name= SELECT |
PHYSICAL DISKS | SELECT Name from Win32 | SELECT Name, | NA |
| PROCESS | SELECT * from | SELECT PercentPrivilegedTime, | NA |
| PROCESSOR | SELECT Name from Win32_PerfRawData | SELECT Name, | NA |
| SERVICES | SELECT AcceptPause, | SELECT DisplayName, | NA |
| SYSTEM | NA | SELECT SELECT | NA |
Windows operating | NA | NA | SELECT Caption, |
| Health At A Glance | NA | SELECT TotalPhysicalMemory from Win32_ComputerSystem | NA |
What is the collection mechanism for monitoring event logs?
PATROL for Microsoft Windows Event Log Remote monitoring KM uses the WS-Management protocol to support subscribing to events. The system enables Event KM remote monitoring to allow administrators to get events from remote computers and store them in a local event log on the collector computer. The destination log path for the events is a property of the subscription. All data in the forwarded event is saved in the collector computer event log (none of the information is lost). Additional information related to the event forwarding is also added to the event.
Event forwarding
PATROL Event Log KM reads forwarded event log and notifies the user if it matches the defined filtering criteria. PATROL Windows Event Log KM monitoring creates Collector Initiated subscription. The Collector Initiated subscription type allows collector computer to pull events from source computers. Subscriptions are defined on the collector computer. To work the subscription properly, the collector service named Windows Event Collector must be installed and be running. PATROL for Microsoft Windows KM supports Microsoft Windows 2008 and above operating systems as collector computer.
Can I use a Local account for monitoring event logs?
No. You can only use a Domain account for monitoring event logs.
How many remote hosts can one PATROL Agent monitor?
There is no maximum limit on the number of remote hosts that one PATROL Agent can monitor. However, in the PATROL Performance, Scalability and Reliability (PSR) lab, the largest configuration tested consisted of 75 hosts with the Event Log KM, and 125 hosts without the Event Log KM.
Can I use an earlier version of PATROL Agent?
Yes. You can use any of the earlier PATROL Agent versions supported. BMC recommends you to use the latest version of the PATROL Agent for better performance. BMC recommends you to use the latest version of PATROL Agent available.
Can I monitor Windows computers from PATROL Agent for UNIX?
No, you cannot monitor Windows computers from a UNIX computer.
How do I configure PATROL KM for Windows for remote monitoring?
The NT_REMOTE_HOST and NT_REMOTE_CONTAINER application classes have been introduced to monitor remote hosts.
To add a remote host for monitoring
- Install PATROL Agent and PATROL KM for Windows on a computer.
- Add the computer in step 1 in the PATROL console as a Managed Node.
- Load NT_REMOTE.kml.
- After full discovery is complete, right-click the Remote Monitoring container and choose KM Commands > Configure Remote Hosts.
- In the Configure Remote Host Monitoring dialog box, provide the host name, user name, password, port number and protocol of the remote host to be monitored, and then click Apply.
Note: You can also add a host by using a profile.
To modify a remote host
- Right-click the Remote Monitoring container and choose KM Commands > Configure Remote Hosts.
- In the Configure Remote Host Monitoring dialog box, highlight the remote host that you want to modify, select the Modify option, and then click Apply.
- In the Modify Remote Host dialog box, edit the remote host information as required, and then click Apply.
To delete a remote host
- Right-click the Remote Monitoring container and choose KM Commands > Configure Remote Hosts.
- In the Configure Remote Host Monitoring dialog box, highlight the remote host that you want to remove.
- Select the Remove option, and click Apply.
How do I create user profiles for a remote host?
You can create user profiles from the Configure Profiles dialog box.
To create a user profile for a remote host
- Right-click the Remote Monitoring container and choose KM Commands > Configure Profiles.
- In the Configure Profiles dialog box, provide the profile name, user name, and password, and then click Apply.
To modify a user profile
- Right-click the Remote Monitoring container and choose KM Commands > Configure Profiles.
- In the Configure Profiles dialog box, select the profile that you want to modify, and then select the Modify option.
- Click Apply.
- Edit the profile details as required, and then click Apply.
To delete a user profile
- Right-click the Remote Monitoring container and choose KM Commands > Configure Profiles.
- In the Configure Profiles dialog box, select the profile that you want to modify, and then select the Remove option.
- Click Apply.
What are the Performance and Scalability metrics for remote monitoring?
The following table lists the metrics based on 4 processors and 4GB of RAM for 125 remote hosts monitored without the Event Log KM for 120 hours on the Windows 2008 R2 operating system.
| Process | Average CPU (in %) | Average memory (in MB) | Network | |||
|---|---|---|---|---|---|---|
| Average | Maximum | Average | Maximum | In (Kilo Bytes per second) | Out (Kilo Bytes per second) | |
| PATROL Agent | 15.5 | 24 | 350 | 600 | 75 | 42 |
| psx_server_remote.xpc | 2.6 | 18 | 120 | 150 | ||
The following table lists the metrics based on 4 processors and 4GB of RAM for 75 remote hosts monitored with the Event Log KM for 120 hours on the Windows 2008 R2 operating system.
| Process | Average CPU (in %) | Average memory (in MB) | Network | |||
|---|---|---|---|---|---|---|
| Average | Maximum | Average | Maximum | In (Kilo Bytes per second) | Out (Kilo Bytes per second) | |
| PATROL Agent | 9 | 24 | 650 | 800 | 300 | 90 |
| psx_server_remote.xpc | 2.6 | 18 | 225 | 260 | ||
How do I configure remote hosts via the PATROL Configuration Manager (PCM)?
You can add remote hosts in the PATROL Agent by creating the following rulesets in PCM:
To add a remote host in the PATROL Agent, create the following rulesets:
- "/REMOTE/HOSTS/hosts" = { APPEND = "HostName:PortNo" }
- "/REMOTE/HOSTS/remoteHost/userAccount" = { REPLACE = "UserName" }
- "/REMOTE/HOSTS/remoteHost/connectionProtocol" = { REPLACE = "1 or 2" }
- "/SecureStore/NT_REMOTE_HOST/remoteHost/connectPassword" = { REPLACE = "NT_OS;NT_SERVICES_CONTAINER;NT_REMOTE_HOST/EncryptedPassword" }
To add a remote host in the PATROL Agent using profiles, create the following rulesets:
- "/REMOTE/HOSTS/hosts" = { APPEND = "HostName:PortNo" }
- "/REMOTE/HOSTS/remoteHost/accountProfile" = { REPLACE = "ProfileName" }
- "/REMOTE/HOSTS/remoteHost/connectionProtocol" = { REPLACE = "1 or 2" }
- "/REMOTE/PROFILE/profileList" = { APPEND = "ProfileName" }
- "/REMOTE/PROFILE/ProfileName/hostList" = { APPEND = "HostName:PortNo" }
- "/SecureStore/NT_REMOTE_HOST/ProfileName/connectPassword" = { REPLACE = "NT_OS;NT_SERVICES_CONTAINER;NT_REMOTE_HOST/EncryptedPassword" }
The following table gives a description of the items to be entered in the preceding rulesets:
| Item | Description |
|---|---|
| remoteHost | Name of the remote host |
| HostName:PortNo |
|
| UserName | User name that you will use to configure remote hosts |
| 1 or 2 | Used to identify the protocol for WinRM connection:
|
| ProfileName | Profile name that you will use to share credentials |
| EncryptedPassword | Encrypted password that you will enter in a secure key store. You can encrypt the password in the following ways:
|
For information on configuring remote hosts in the PATROL console, see Configuring remote hosts.
How do I perform remote monitoring in a High Availability environment?
You can perform remote monitoring on a virtual PATROL Agent in a High Availability environment.
For more information, see BMC PATROL Agent Reference Manual.
Can I monitor more than 125 remote hosts on a single computer?
Yes, you can monitor more than 125 remote hosts on a single computer. To do this, you have to run another PATROL Agent on a port different from the one you are already using, and add upto 125 remote hosts. In the PATROL PSR lab, a maximum of two PATROL Agents have been tested to function simultaneously. To monitor more than 125 hosts at the same time, ensure that you have enough hardware resources to support this configuration in your environment.
How do I debug PATROL KM for Windows for remote monitoring?
You can enable and disable the application trace at the XPC level for the remote XPC for a particular remote host.
To enable debugging for an application class of a remote host
- Right-click the remote host instance and choose KM Commands > Configure Application Trace.
The Configure Application Trace dialog box appears, as displayed in the following figure:
- Select the application class that you want to debug, and then click Apply.
The Configure Application Trace dialog box displays the application class details.
Click Done.
Note
The debug information for the XPC trace is stored in the %patrol_home%/log/psx_server_remote.log file.
To disable debugging for an application class of a remote host
- Right-click the remote host instance and choose KM Commands > Configure Application Trace.
- In the Configure Application Trace dialog box, select the application class that you want to stop debugging, and then click Apply.
- Clear all check boxes in the Configure Application Trace dialog box.
- Click Apply.
- Click Done.
How do I configure WinRM?
You can use one of the following commands to configure the WinRM:
- winrm quickconfig -transport:http
- winrm quickconfig -transport:https
Note
If you are logged in on a non-Administrator account, you must either right-click the Command Prompt icon in the Start Menu and select Run as Administrator, or use the Runas command at the command prompt.
The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, you must run the winrm quickconfig command again to enable the firewall exception for the new profile.
WinRM automatically configures the ports that it uses. The port number might be different, depending on the version of WinRM that you install.
For WinRM 1.1:
- The default HTTP port used is 80.
- The default HTTPS port used is 443.
For WinRM 2.0 or later:
- The default HTTP port used is 5985.
- The default HTTPS port used is 5986.
The winrm quickconfig command also performs following tasks:
- Starts the WinRM service.
- Sets the WinRM service type to auto start.
- Creates a listener to accept requests on any IP address.
- Enables a firewall exception for WS-Management traffic (HTTP only).
Tip
- If WinRM reports that it is unable to verify the status of the firewall, start the firewall service and run the winrm quickconfig command again. You can stop the firewall service after configuring WinRM, if desired.
- If WinRM reports that it is unable to create a WinRM listener on HTTPS because the WinRM Server does not have a valid SSL certificate, check whether the SSL certificate is valid and ensure that it meets all requirements.
For an SSL certificate to be valid, its CN value must match the host name, it must not be expired, revoked, or self-signed, and it should be valid for server authentication.
How do I view the WinRM configuration?
You can use the following commands to display WinRM configuration details:
- For the WinRM configuration:
winrm get winrm/config - For the WinRM Client configuration:
winrm get winrm/config/client - For the WinRM Server configuration:
winrm get winrm/config/service - For Winrs configuration:
winrm get winrm/config/winrs - For listener information:
winrm enumerate winrm/config/listener - For the WinRM version details:
winrm id
Can I change the WinRM configuration as a standard user?
By default, an Administrator user has permissions to change the WinRM configuration. In addition, a standard user who is a member of administrator group can also change the WinRM configuration.
How do I start and stop the WinRM service?
You can use the following command to start and stop the WinRM service:
sc <start|stop> winrm
You can use SCM to start and stop the Windows Remote Management service (WSManagement).
How do I verify the WinRM connection for a specific remote host?
You can use the following commands to verify the WinRM connection with a remote host.
- To verify a remote host connection via HTTP or HTTPS using a domain account:
- winrm id -r:http://<hostname>:<port> -u:<domain\username> -p:<password>
- winrm id -r:https://<hostname>:<port> -u:<domain\username> -p:<password>
OR winrs -r:http://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>
winrs -r:https://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>
To verify a remote host connection via HTTP or HTTPS using a local account:
Note
In Microsoft Windows Vista and later versions of Windows, the User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.
To allow all accounts in the Administrators group to access the service using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.
- winrm id -r:http://<hostname>:<port> -u:<username> -p:<password>
- winrm id -r:https://<hostname>:<port> -u:<username> -p:<password>
OR - winrs -r:http://<hostname>:<port> -u:<username> -p:<password> <sys_command>
- winrs -r:https://<hostname>:<port> -u:<username> -p:<password> <sys_command>
Note
<sys_command> refers to any Microsoft Windows operating system command, such as DIR or SYSTEMINFO.
How do I resolve connectivity issues for the WinRM command?
You might encounter one of the following scenarios while verifying the remote host connection with the winrm command.
Scenario 1
WinRM displays the following error message:
The client cannot connect to the remote host specified in the request. Verify that the service on the remote host is running and is accepting requests. You may use the following command to analyze the state of the WinRM service and to configure the service, if necessary: "winrm quickconfig".
To resolve the issue
- Verify that WinRM is configured properly.
- Configure WinRM again, using the winrm qc command.
- Check the status of the WinRM service on the remote host.
- Verify that the port number is valid.
Scenario 2
WinRM displays the following error message:
Logon failure: unknown user name or bad password.
To resolve the issue
- Verify that the user name and password are valid.
- Verify that user name is associated with a valid domain name if a domain account is provided.
- Verify that the host name has been added to the Trusted Host list if local credentials are provided.
- Check the Event Viewer for events related to authentication.
Scenario 3
WinRM displays the following error message:
Access is denied
To resolve the issue
- Verify that the user name and password are valid.
- Verify that the user exists on the remote host.
- Verify the status of the WinRM service on the remote host.
- Verify that Kerberos and Negotiate authentications are enabled on the remote host.
Scenario 4
WinRM displays the following error message:
A security error occurred.
To resolve the issue
- Verify that the SSL certificate is valid on the remote host.
- Verify that the port number is valid.
Scenario 5
WinRM displays the following error message:
The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.
To resolve the issue
- Verify that the port number is valid.
- Configure the WinRM listener again.
Scenario 6
WinRM displays the following error message:
An internal error occurred.
To resolve the issue
- Verify the status of the WMI client on the remote host.
- Verify the status of the WinRM service on the remote host.
Scenario 7
WinRM displays the following error message:
The WinRM client cannot process the request because the server name cannot be resolved.
To resolve the issue
- Verify that the remote host is alive.
- Verify that the remote host is on the network, and added listed the DNS correctly.
Scenario 8
WinRM displays the following error message:
The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled.
To resolve the issue
- Verify that the firewall exception for the Windows Remote Management service is enabled.
- Verify that the machine name is valid and is can be reached over the network.
How do I resolve the collection error for Logical Disks or Physical Disks?
The following collection errors are seen if PercentDiskTime_Base and PercentIdleTime_Base are missing from the WMI class.
NT_LOGICAL_DISKS:Discovery failed:BMC-KM000008E:The data source could not process the filter. The filter might be missing or it might be invalid. Change the filter and try the request again. NT_PHYSICAL_DISKS:Discovery failed:BMC-KM000008E:The data source could not process the filter. The filter might be missing or it might be invalid. Change the filter and try the request again.
This error is seen in the _Status parameter for Windows Vista or Windows 2008. A Microsoft Windows patch needs to installed to resolve the same. For more information, see http://support.microsoft.com/kb/961435/en-us.
Note
You may require to restart the remote host after installing the Microsoft Windows patch.
Does installing WinRM 2.0 on Windows Server 2003 require a restart of the remote hosts?
The Microsoft .NET Framework 2.0 needs to be installed to successfully install WinRM 2.0 on Windows Server 2003. You will need to restart the remote hosts after installing the Microsoft .NET Framework 2.0.
Tip
If you do not want to restart the remote hosts, install WinRM 1.1, since it does not require installation of .NET Framework 2.0.
Event Management integration considerations
The origin of an event that is related to a remote host contains the host name. The instance is separated from the host name by an @ symbol.
The origin slot in the event can have one of the following formats:
- appclass.instance.parameter
- appclass.instance
The instance variable has the following format: hostName@instance_sid.
The correct event host name can be extracted by event consumers as follows:
Extract the instance from the origin, look for the first @ symbol while parsing from right to left, and then get the host name.
The limitation of this process is that if there is a local instance with @ in it, the token extracted from the local instance is treated as a host, which is incorrect.
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks
3 Comments
Hal Devore
The pconfig variables listed in the question "How do I configure remote hosts via the PATROL Configuration Manager (PCM)?" are incorrect or out of date.
For the section of the question showing adding via profiles, the variables for a profile should be separated from those for adding a host.
Ali Khoshkar
"To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1."
This registry key does not exist. Please advise
Ashwini Shirsath
Hello Ali,
To allow all accounts in the Administrators group to access the service using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1 if the LocalAccountTokenFilterPolicy registry entry exists. If the registry does not exist, create a registry key and set its value to 1.
For more details, see Remote monitoring.
Thank you,
Ashwini