Online Documentation for SQL Administrator for SQL Server
WMI Connection
Besides an SQL connection SQL Administrator uses WMI connection to servers as well.
This connection is used to:
- get a system information about an SQL server, e.g. installed operating system or CPU type;
- start and stop SQL Server services;
- view Windows event logs;
- get system performance counter values to display in the product, in some alarms and for statistics collection.
The authentication type used is Windows authentication. When a user connects through a Windows user account, SQL Server validates the account name and password using the Windows principal token in the operating system. Log on account grants are used to connect to the Statistics collector services. Indicated above functions will be inaccessible if the WMI connection cannot be set up.
Remote connections in WMI are affected by the Windows Firewall and DCOM settings. In Windows Vista and later operating systems, User Account Control (UAC) may also require changes to some settings. Users access to the ‘root\CIMV2’ WMI namespace (the program uses only this namespace) should be also allowed. By default, the permission is enabled only for administrators. It is possible to enable remote access to specific WMI namespaces for a nonadministrator user. Please see Connecting to WMI on a Remote Computer topic in the MSDN library (http://msdn.microsoft.com/en-us/library/aa389290(v=vs.85).aspx).
To set up remote WMI connection you should do the following:
- Create an exception in Windows firewall, to enable information sending via WMI:
-
- Windows XP and Windows Server 2003. In Group Policy editor (to launch it click [Start] [Run] and type 'gpedit.msc' in the data input line) in Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile or Standard Profile key enable ‘Windows Firewall: Allow remote administration exception’ parameter.
- Windows Vista and later. In the Control Panel | Security | Windows Firewall click Change Settings and on Exceptions tab in the Exceptions window, select the check box for WMI.
For nonadministrator remote user do the following as well:
- Grant DCOM remote launch and activation permissions for a user or group: in DCOMCnfg.exe right-click on Component Services\Computers\My Computer, select Properties and on COM Security tab under Launch and Activation Permissions, click Edit Limits, then add a user or group and allow Remote Launch and Remote Activation.
- Grant DCOM remote access permissions: in the same dialog on the same tab under Access Permissions, click Edit Limits, select ANONYMOUS LOGON in the Group or user names box, then allow Remote Access.
- Allow users access to the 'root\CIMV2' WMI namespace: In Control Panel | Administrative Tools | Computer Management right-click Services and Applications\WMI Control and select Properties, then in Security tab select Root\CIMV2 and click Security button, and allow Remote Enable for a user or group.
See also: |