Credentials for WMI and PowerShell Devices

Download this manual as a PDF file

This section describes how to configure credentials for WMI and PowerShell Dynamic Applications. It includes the following topics:

Configuring a WMI Credential

NOTE: Although SL1 supports WMI Dynamic Applications, ScienceLogic recommends that you use PowerShell Dynamic Applications where possible. PowerShell is the preferred management platform for Microsoft products.

If you configure your Windows system to respond to WMI requests from SL1, you can use WMI Dynamic Applications to collect information from your Windows system.

All of the WMI Dynamic Applications include a discovery object. If you include a credential for WMI Dynamic Applications in the discovery session that includes your Windows system, SL1 will automatically align the appropriate WMI Dynamic Applications to the Windows system. For more information about creating a discovery session, see the Running a Discovery Session section.

You can create a credential for WMI Dynamic Applications from the Credential Management page. To create a credential for a WMI Dynamic Application:

  1. Go to the Credential Management page (System > Manage > Credentials).
  2. Select the Create button in the upper right of the page. Select Basic/Snippet Credential.
  3. The Credential Editor page appears, where you can define the following fields:
  • Credential Name. Name of the credential. Can be any combination of alphanumeric characters.
  • Hostname/IP. Hostname or IP address of the device from which you want to retrieve data. To use the same WMI default credential for multiple devices, enter %D in this field.
  • Port. Port number associated with the data you want to retrieve. For WMI Dynamic Applications that perform WBEM requests, supply the port used by the WBEM service on the device. For WMI Dynamic Applications that perform WMI requests, which includes all default WMI Dynamic Applications in SL1, enter any valid port number in this field; the platform does not specify a port number when performing WMI requests.
  • Timeout (ms). Time, in milliseconds, after which the platform will stop trying to communicate with the authenticating server.
  • Username. Username for a user account on the device. To specify a domain user, enter the username in the format DOMAIN\username. In most cases, you should use a domain user in the credential and use the format DOMAIN\username.
  • Password. Password for a user account on the device.
  1. To save the credential, select the Save button. To clear the values you set, select the Reset button.

Configuring a PowerShell Credential

To define a PowerShell credential in SL1:

  1. Collect the information you need to create the credential:
  • The username and password for a user on the Windows device.
  • If the user is an Active Directory account, the hostname or IP address of the Active Directory server and the domain.
  • Determine if an encrypted connection should be used.
  • If you are using a Windows Management Proxy, the hostname or IP address of the proxy server.
  1. Go to the Credential Management page (System > Manage > Credentials).
  2. In the Credential Management page, click the Actions menu. Select Create PowerShell Credential.
  3. The Credential Editor page appears, where you can define the following fields:
  • Profile Name. Name of the credential. Can be any combination of alphanumeric characters. This field is required.
  • Hostname/IP. Hostname or IP address of the device from which you want to retrieve data. This field is required.
  • You can include the variable %D in this field. SL1 will replace the variable with the IP address of the device that is currently using the credential.
  • You can include the variable %N in this field. SL1 will replace the variable with the hostname of the device that is currently using the credential. If SL1 cannot determine the hostname, SL1 will replace the variable with the primary, management IP address for the current device.
  • You can include the prefix HOST or WSMAN before the variable %D in this field if the device you want to monitor uses a service principal name (for example, "HOST://%D" or "WSMAN://%D"). SL1 will use the WinRM service HOST or WSMan instead of HTTP and replace the variable with the IP address of the device that is currently using the credential.
  • Username. Type the username for an account on the Windows device to be monitored or on the proxy server. This field is required.

NOTE: The user should not include the domain name prefix in the username for Active Directory accounts. For example, use "em7admin" instead of "MSDOMAIN\em7admin".

  • Encrypted. Select whether SL1 will communicate with the device using an encrypted connection. Choices are:
  • yes. When communicating with the Windows server, SL1 will use a local user account with authentication of type "Basic Auth". You must then use HTTPS and can use a Microsoft Certificate or a self-signed certificate.
  • no. When communicating with the Windows server, SL1 will not encrypt the connection.
  • Port. Type the port number used by the WinRM service on the Windows device. This field is automatically populated with the default port based on the value you selected in the Encrypted field. This field is required.

  • Account Type. Type of authentication for the username and password in this credential. Choices are:
  • Active Directory. On the Windows device, Active Directory will authenticate the username and password in this credential.
  • Local. Local security on the Windows device will authenticate the username and password in this credential.

  • Timeout (ms). Type the time, in milliseconds, after which SL1 will stop trying to collect data from the authenticating server. For collection to be successful, SL1 must connect to the authenticating server, execute the PowerShell command, and receive a response within the amount of time specified in this field.
  • Password. Type the password for the account on the Windows device to be monitored or on the proxy server. This field is required.
  • PowerShell Proxy Hostname/IP. If you use a proxy server in front of the Windows devices you want to communicate with, type the fully-qualified domain name or the IP address of the proxy server in this field.
  • Active Directory Hostname/IP. If you selected Active Directory in the Account Type field, type the hostname or IP address of the Active Directory server that will authenticate the credential.
  • Domain. If you selected Active Directory in the Account Type field, type the domain where the monitored Windows device resides.
  1. To save the credential, click the Save button. To clear the values you set, click the Reset button.