Here we will look at configuring GSX Monitor to run a pop up alert on a remote machine using an Alert Profile with a Program Alert. GSX Monitor will invoke Windows Remote Management to execute a command on the target machine's Operating System. We will also look at the necessary permissions, and how to configure it so that the winrs command is issued without needing a password typed in the alert profile.
Instructions
We are going to use Windows Remote Management (WinRM) to execute a command on the target operating system.
You will need to create a new service account and add it as Administrator of the target machine. The Local System account is not able to run this command.
You will need:
- User credentials that can both run GSX Monitor on the Monitoring Station and is an Administrator on the target machine.
- All servers and workstations must be running WinRM 2.0.
- Basic PowerShell requirements (WinRM) and a listener enabled on the target machine.
- The Fully Qualified Domain Name (FQDN) of the target machine.
- The target machine must be a trusted host on the GSX Monitor station:
In this article, the remote workstation that is to receive the pop up message is the target machine.
Before you add the command line to the alert profile, it is best to execute this in a PowerShell session to observe any errors.
- Log on to the GSX workstation as the user you created above. This user must be an Administrator of the target machine.
- Launch a PowerShell x86 session as an Administrator.
- Test the connectivity and validate WinRM is running:
- Test-WSMan FQDN. We are using the FQDN and not the IP address to check that it can register with a Domain.
- Test-WSMan should return a version of WinRM that is running and confirm connectivity:
- Now you can try to connect to this machine using the following command:
winrs -r:FQDN msg.exe * Message Details.
Once you can successfully send a test remote message box as shown above, you are ready to try the command in GSX Monitor.
- Stop GSX Monitor.
- Log in to the Monitoring Station as the user created at the beginning of this article for the tests we ran previously.
- Run GSX Monitor as an application. It will now be running with the permissions of the logged in user.
- Navigate to the Alert Profiles in GSX Monitor.
- Select New Program Alert.
- Give the Alert a name and enter the following command line: winrs -r:FQDN msg.exe * $AlertMsg
- Test the Alert:
- Apply the Program Alert to the desired profile.
If GSX Monitor is running as a service, we will need to change the account used to run this.
With no username or -u -pw arguments used in the winrs syntax, the credentials used will be the identity that GSX Monitor is using. This is why it is important to also change the identity of the Windows Service account GSX Monitor is using.
The default Local System account cannot run this command unless the password is entered in clear text.
To change the account used to run GSX Monitor as a service, do the following:
- Go to Services.msc.
- Right-click the GSX Monitor service.
- Select the Log On Tab.
- Select This account and enter the user name and password of an account with permission to run GSX Monitor.
- Start the GSX Monitor Service.
- GSX Monitor will now be running with permissions that can execute WinRM command lines on the target station.