-
Notifications
You must be signed in to change notification settings - Fork 11
2. Configuring a Standard Account for Performance Monitoring
Leee Jeffries edited this page Aug 15, 2019
·
1 revision
- Open Active Directory users and computers
- Right click an OU of your choice and select New -> User
- Create the user as a normal user and set the user email address to cimuser@domain.local (Replace domain.local with your domain)
- Make sure Member of is set to Domain Users so that the user is in a valid group.
- Open the Group Policy Management
- Create a new GPO and name it "PowerScale Monitoring Access"
- Link it to the relevant OU for your Citrix Session Servers
- Make sure that the GPO will be applied to all machines in the Citrix Session Server OU
-
WinRM
-
- Right-click "PowerScale Monitoring Access" (which is the GPO we just created), select Edit
-
- Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
-
- Select "Allow automatic configuration of listeners" and configure the setting to "Enabled"
-
- Computer Configuration > Preferences > Control Panel Settings > Services. Right-click the Services and choose New > Service
-
- Set Startup to “Automatic (Delayed Start)” and click the “…” next to Service name and search for Windows Remote Management (WS-Management) and select it. Finally, set Service action to “Start service”. Click OK to save the settings.
-
Firewall
-
- WinRM uses ports 5985 (HTTP) and 5986 (HTTPS)
-
- Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules. Right-click the Inbound Rules node and choose New Rule.
-
- select "Windows Remote Management" from the predefined rules dropdown and click Next.
-
- Make sure “Windows Remote Management (HTTP-In)” is selected
-
- Choose “Allow the connection” as Action. Click Finish.
- Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups policy.
- Right click in free space and select the name of the group as "Remote Management Users"
- Double click the group just created and add the service account you recently created.