Skip to content

2. Configuring a Standard Account for Performance Monitoring

Jump to bottom
Leee Jeffries edited this page Aug 15, 2019 · 1 revision

Create a user account:

  • Open Active Directory users and computers
  • Right click an OU of your choice and select New -> User
  • Create the user as a normal user and set the user email address to cimuser@domain.local (Replace domain.local with your domain)
  • Make sure Member of is set to Domain Users so that the user is in a valid group.

Create the Group Policy Object:

  • Open the Group Policy Management
  • Create a new GPO and name it "PowerScale Monitoring Access"
  • Link it to the relevant OU for your Citrix Session Servers
  • Make sure that the GPO will be applied to all machines in the Citrix Session Server OU

Settings GPO:

  • WinRM

    • Right-click "PowerScale Monitoring Access" (which is the GPO we just created), select Edit
    • Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
    • Select "Allow automatic configuration of listeners" and configure the setting to "Enabled"
    • Computer Configuration > Preferences > Control Panel Settings > Services. Right-click the Services and choose New > Service
    • Set Startup to “Automatic (Delayed Start)” and click the “…” next to Service name and search for Windows Remote Management (WS-Management) and select it. Finally, set Service action to “Start service”. Click OK to save the settings.

  • Firewall

    • WinRM uses ports 5985 (HTTP) and 5986 (HTTPS)
    • Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules. Right-click the Inbound Rules node and choose New Rule.
    • select "Windows Remote Management" from the predefined rules dropdown and click Next.
    • Make sure “Windows Remote Management (HTTP-In)” is selected
    • Choose “Allow the connection” as Action. Click Finish.

Rights for Service Account:

  • Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups policy.
  • Right click in free space and select the name of the group as "Remote Management Users"
  • Double click the group just created and add the service account you recently created.
Clone this wiki locally