Introduction

OpsRamp provides support for running the MSI agent with a non-admin user account, and there are two options available to achieve this.

  • Default User
  • Custom User

Default User

To install the agent using default user option, follow the below steps:

  1. Select the default user option during agent installation.
  2. Include the following flag as part of the agent installation configuration parameters.
    /isnonadmin=YES
    Example
    msiexec.exe /i {.msi file path in quotes} /quiet WRAPPED_ARGUMENTS=“/silent /apiserver=uatsp.api.uat-app.opsramp.net /key=xxxxxxxxx /secret=xxxxxxxxxxxx /clientid=xxxxxxxxxxxx /logmonitorable=true /isnonadmin=YES”

Permissions

With default ‘opsrampuser’ account we are providing only the following two local group permissions.

  • Performance Monitor Users
  • Event Log Readers

Custom User

To install the agent using custom user option, follow the below steps:

  1. Select the custom user option during agent installation.
  2. Include the existing user account credentials with the following flags as part of the agent installation configuration parameters.
    /isnonadmin=YES /domain=<Domain Name> /username=<user name> /password=<user password>
    Example
    msiexec.exe /i {.msi file path in quotes} /quiet WRAPPED_ARGUMENTS=“/silent /apiserver=uatsp.api.uat-app.opsramp.net /key=xxxxxxxxx /secret=xxxxxxxxxxxx /clientid=xxxxxxxxxxx /logmonitorable=true /isnonadmin=YES /domain=<Domain Name> /username=<user name> /password=<user password>”
  3. If the device is not in a domain, use the hostname as the domain name.

Functionalities not supported for default user (opsrampuser)

We provide only two local group permissions to the default user as mentioned above. Therefore, the following functionalities will not work with the default user.

Administrative Permissions

Below functionalities require administrative privileges, if users desire access to them, ‘opsrampuser’ needs to be added to the administrative group.

  • Windows OS Patching
  • Antivirus scan and update
  • Application Dashboard (few attributes may not appear which requires admin privilege)
  • Below Remote Commands
    • Restart Remote Agent
    • Remote System Info
    • Execute a Command (remote device)

File Read Permissions

Below types of monitors require ‘opsrampuser’ to have read permissions to the configured folder/files.

  • LogFile Monitoring
  • File Check monitor
  • File Size monitor

Scripts

Scripts (RBA, Task Execution, G2 monitoring RSE Scripts).
Depends on the command used inside the script and it requires right user permission to execute it.

Remote Consoles – RDP

RDP required “Remote desktop user” local group policy to make it work.

Log Management

Log Management requires ‘osprampuser’ to have read permissions to the configured folder/files.