Using Microsoft PowerPacks

Download this manual as a PDF file

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

The following sections describe how to configure Microsoft servers or monitor Windows Services using specific PowerPacks:

Microsoft: DHCP Server PowerPack

The following section describes how to monitor Windows DHCP services using the Microsoft: DHCP Server PowerPack.

Add User to DHCP Users Group

To monitor DHCP services, the monitoring user must be placed into the DHCP Users group in Active Directory. If that group does not already exist, run the following command as a Domain Administrator to create it:

netsh dhcp add securitygroups

Microsoft: Windows Server PowerPack

The following sections describe how to monitor Windows Services using the Microsoft: Windows Server PowerPack.

Prerequisites

To use the Microsoft: Windows Server PowerPack to monitor Windows services, you must first uninstall the deprecated Microsoft: Windows Server Services PowerPack if it is still installed on your SL1 system.

Monitoring Windows Services and Processes with PowerShell

Windows services can be monitored with internal collections and/or Dynamic Applications.

Monitoring services with internal collection (IC) processes integrate Windows services data into SL1, and Windows service monitoring policies can be created to alert on a selected service.

Monitoring services with a Dynamic Application will automatically alert when services set to Automatic without a triggered start aren't running. If a corresponding Run Book automation policy is enabled it will attempt to restart the service automatically.

Process monitoring is available using Internal Collection Dynamic Applications for processes.

Both types of service monitoring (IC and Dynamic Application) and process monitoring require the following:

  • The "Microsoft: Windows Server IC Process Service Cache" Dynamic Application must be enabled and aligned to your device.
  • In version 114 or later of the Microsoft: Windows Server PowerPack the "Microsoft: Windows Server IC Cache Trigger" Dynamic Application must be enabled and aligned to your device only if you are using concurrent PowerShell for collections. This Dynamic Application will keep the cache full to be read by cache consumers.
  • Versions 112 and 113 of the Microsoft: Windows Server PowerPack require the :"Microsoft: Windows Server IC Cache Trigger" Dynamic Application to be enabled and aligned for both concurrent and legacy PowerShell collections.

Monitoring Windows Processes

To monitor Windows processes: 

  • The "Microsoft: Windows Server IC Process Inventory" Dynamic Application must be enabled and aligned to your device.
  • The "Microsoft: Windows Server IC Process Performance" Dynamic Application must be enabled and aligned to your device.
  • Once enabled, it can take up to two hours for the Processes tab to be enabled and display listed processes.

Monitoring Individual Windows Services via Internal Collections

To monitor individual services with internal collections:

  • The "Microsoft: Windows Server IC Service Inventory" Dynamic Application must be enabled and aligned to the device.
  • The "Microsoft: Windows Server IC Service Performance" Dynamic Application must be enabled and aligned to the device.

Monitoring Automatic Services with the Microsoft: Windows Server Service Configuration Dynamic Application

 You can monitor Windows services with the "Microsoft: Windows Server Service Configuration" Dynamic Application using both legacy and concurrent PowerShell collection.

You can monitor Windows services with the "Microsoft: Windows Server Service Configuration" Dynamic Application. This Dynamic Application requires that the "Microsoft: Windows Server IC Cache Trigger" Dynamic Application be enabled for concurrent PowerShell collection. Legacy PowerShell collection collects data without this Dynamic Application enabled. See the Concurrent PowerShell Collection section for more information.

The "Microsoft Windows Server Service Configuration" Dynamic Application will automatically create an event on any Windows device to which it is aligned when a Windows service set to "Automatic" is not in a running state and not excluded.

Restarting Automatic Windows Services Using the Run Book Automation Policy

If you want to restart Windows server services automatically when the service is not in a running state, you must enable the "Microsoft: Windows Server Start Automatic Service" Run Book automation policy as it is disabled by default. This will restart only services set to "Automatic". You must also align the "Microsoft: Windows Server Service Configuration" Dynamic Application to your device.

Excluding Automatic Services

The master.definitions_service_autostart_exclude database table specifies service with a type of "Automatic" that should not be monitored by the "Microsoft: Windows Server Service Configuration" Dynamic Application, either for a single device or all devices. The following services are defined as excluded for all devices by default:

  • Distributed Transaction Coordinator
  • Forefront Identity Manager Synchronization Service
  • Google Update Service (gupdate)
  • Microsoft .NET Framework NGEN v4.0.30319_X64
  • Microsoft .NET Framework NGEN v4.0.30319_X86
  • Performance Logs & Alerts
  • Remote Registry
  • Removable Storage
  • Shell Hardware Detection
  • Software Protection
  • TPM Base Services
  • Volume Shadow Copy
  • Windows Service Pack Installer Update service
  • Windows Modules Installer

Viewing the List of Excluded Services

You can view the list of excluded services by performing the following steps:

  1. Go to the Database Tool page (System > Tools > DB Tool).
  2. In the SQL Query field, type the following query:

    3. SELECT * FROM master.definitions_service_autostart_exclude;

  3. Click Go.
  4. The output includes the following fields:
    • service_name. The name of the excluded service.
    • did. The ID for the device for which the service is excluded. If this value is 0, the exclusion applies to all devices.

Adding an Excluded Service for All Devices

You can exclude a service for all devices by performing the following steps:

  1. Go to the Database Tool page (System > Tools > DB Tool).
  2. In the SQL Query field, type the following query, supplying the service name where indicated:

    3. INSERT INTO master.definitions_service_autostart_exclude VALUES ("<service name>",0);

  3. Click Go.

Adding an Excluded Service for a Single Device

You can exclude a service for a single device by performing the following steps:

  1. Go to the Database Tool page (System > Tools > DB Tool).
  2. In the SQL Query field, type the following query:
    • Replace "X" with the device ID for which you want to exclude the service.
    • Supply the service name where indicated.

    INSERT INTO master.definitions_service_autostart_exclude VALUES ("<service name>",X);

  3. Click Go.

Removing an Excluded Service

You can remove an entry from the list of exclusions by performing the following steps:

  1. Go to the Database Tool page (System > Tools > DB Tool).
  1. In the SQL Query field, type the following query:
    • Replace "X" with the device ID associated with the entry that you want to delete.
    • Supply the service name where indicated.

    DELETE FROM master.definitions_service_autostart_exclude WHERE service_name="<service name>" AND did=X;

  2. Click Go.

For more information, see the Restarting Automatic Windows Services Using the Run Book Automation Policy section.

In version 115 of the PowerPack, functionality was added to allow the use of RegEx in the service name field to provide more functionality when selecting services to exclude. The RegEx will be applied to both the service name and the display name.

RegEx String Excludes
.*Devices.* Excludes any service with "Devices" in the service or display name.
^Clip Excludes any service that has a service or display name staring with "Clip".
Service$ Excludes any service that has a service or display name starting or ending with "Service".

Monitoring Windows Server Services with Monitoring Policies

You can also monitor your Windows services using monitoring policies. For information on how to create monitoring policies, see the Monitoring Windows Services section .

 You can monitor Windows services with monitoring policies using both legacy and concurrent PowerShell collection.

The Services tab for a device will display Yes in the Monitored column once a policy is created for a Windows service. The Performance tab will also display data for the monitored policies.

The following Dynamic Applications will need to be manually enabled to monitor Windows services using monitoring policies:

  • Microsoft: Windows Server IC Cache Trigger. Needed for concurrent PowerShell collection.
  • Microsoft: Windows Server IC Process Service Cache. Runs PowerShell requests and collects results.
  • Microsoft: Windows Server IC Service Inventory. Cache Consumer.
  • Microsoft: Windows Server IC Service Performance. Cache Consumer.

Granting Access To Services

In certain environments, you may not have access to read the service list or to certain services in the list. If you do not have access to the full list of services, an "Access Denied" error will appear in the logs when running the "Microsoft: Windows Server IC Process Service Cache" Dynamic Application in debug mode. If you do not have access to a particular service, that service will not appear in the list. This situation most commonly occurs on Microsoft SQL Servers where the service is run on a custom account.

In this situation it may be necessary to grant the user explicit access on the service manager and services themselves. There is no default UI for granting this access in a Windows Server. A PowerShell onboarding script is included in the Microsoft: Windows Server PowerPack that can be run with the -services_only argument, which will configure service monitoring. An example of that command is:

.\winrm_configuration_wizard_v3.3.ps1 -user <DOMAIN>\<USER> -silent -services_only

If a system was onboarded with the script using the default configuration, service monitoring will be automatically configured. If a service is added later, it may be necessary to re-run the script with the -services_only argument to enable permissions for the new service.