Introduction

This article should help you to configure a Windows Services Sensor and should guide you through different possibilities this sensor has.

Configure

Before you start the configuration, please make sure that you cover the following requirements:

Activate remote Powershell settings on the target host (issue the following commands in the powershell console of a target)

Enable-PSRemoting –force

set-item -force WSMan:\localhost\Service\Auth\Basic $true

set-item -force WSMan:\localhost\Client\AllowUnencrypted $true

set-item -force WSMan:\localhost\Service\AllowUnencrypted $true

Make sure that you have an Account which is member of the local Administrator Group of the Target-Host (no need to be a Domain Admin!)
TCP Port 5985 (and 5986) needs to be opened between GreenLight and Target-Host

Authentication Profile

We recommend to create an authentication profile in the Communication Section which you then assign later on to a single or multiple Nodes.

This account needs to have local Admin privileges on the target host (as mentioned above)

Server Settings

Now, let' start with the configuration of Windows Services on the Node Level

Open a Server and select Windows. In addition to that please select OS Services and Statistics

Next, assign the profile which you have created before

On the next Page, Open the Services Tab

Click the Load Services button in order to retrieve all Windows Services from the host

Whenever the items are loaded successfully, just drag&drop those which you want to monitor to the right side of the window

Save / Close the Server settings

Sensor Settings

Let's create a Windows Services Sensor from the Sensor Template list.

On the Settings Tab, leave Use node settings

So all services which you have marked as monitored services will be covered by the server. This allows you to use a single sensor for monitoring different hosts with different windows services