Introduction
OpsRamp provides support for running the MSI agent with a non-admin user account, and there are two options available to achieve this.
- Default User
- Custom User
Default User
To install the agent using default user option, follow the below steps:
- Select the default user option during agent installation.
- Include the following flag as part of the agent installation configuration parameters.
Example/isnonadmin=YESmsiexec.exe /i {.msi file path in quotes} /quiet WRAPPED_ARGUMENTS=“/silent /apiserver=uatsp.api.uat-app.opsramp.net /key=xxxxxxxxx /secret=xxxxxxxxxxxx /clientid=xxxxxxxxxxxx /logmonitorable=true /isnonadmin=YES”
Note
In this scenario, the agent creates a user account named ‘opsrampuser’ during the agent installation process. Upon uninstalling the agent, the ‘opsrampuser’ account will be removed from the device.Permissions
With default ‘opsrampuser’ account we are providing only the following two local group permissions.
- Performance Monitor Users
- Event Log Readers
Custom User
To install the agent using custom user option, follow the below steps:
- Select the custom user option during agent installation.
- Include the existing user account credentials with the following flags as part of the agent installation configuration parameters.
Example/isnonadmin=YES /domain=<Domain Name> /username=<user name> /password=<user password>msiexec.exe /i {.msi file path in quotes} /quiet WRAPPED_ARGUMENTS=“/silent /apiserver=uatsp.api.uat-app.opsramp.net /key=xxxxxxxxx /secret=xxxxxxxxxxxx /clientid=xxxxxxxxxxx /logmonitorable=true /isnonadmin=YES /domain=<Domain Name> /username=<user name> /password=<user password>” - If the device is not in a domain, use the hostname as the domain name.
Note
The custom user needs the following minimum local group permissions for basic functionalities:
- Performance Monitor Users
- Event Log Readers
Functionalities not supported for default user (opsrampuser)
We provide only two local group permissions to the default user as mentioned above. Therefore, the following functionalities will not work with the default user.
Administrative Permissions
Below functionalities require administrative privileges, if users desire access to them, ‘opsrampuser’ needs to be added to the administrative group.
- Windows OS Patching
- Antivirus scan and update
- Application Dashboard (few attributes may not appear which requires admin privilege)
- Below Remote Commands
- Restart Remote Agent
- Remote System Info
- Execute a Command (remote device)
File Read Permissions
Below types of monitors require ‘opsrampuser’ to have read permissions to the configured folder/files.
- LogFile Monitoring
- File Check monitor
- File Size monitor
Scripts
Scripts (RBA, Task Execution, G2 monitoring RSE Scripts).
Depends on the command used inside the script and it requires right user permission to execute it.
Remote Consoles – RDP
RDP required “Remote desktop user” local group policy to make it work.
Log Management
Log Management requires ‘osprampuser’ to have read permissions to the configured folder/files.