Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Network Performance Monitor (NPM) > Check permissions using the Orion Permission Checker

Check permissions using the Orion Permission Checker

Updated June 8th, 2016

Overview

This article provides brief information and steps on how to use the Orion Permission Checker which checks key locations on the Orion server to ensure all file system permissions are set correctly. It also repairs locations, providing proper access to the Orion server.

 

SolarWinds recommends using a local server administrator account. When NPM is installed using a domain account that has restricted Group Policy settings, the logs can reflect that a service cannot access or write a file.  You will also see a note inside the configurationwizard.log file advising that domain accounts are not supported with this tool. You can always disable or even remove the local server administrator account after making such changes since the process take 5 minutes to set up.

Environment

NPM version 10.4 and later

Steps

The Repair button, next to the check button can perform a repair, but as mentioned in the description when the domain Group Policy settings are restricted, a manual repair is required. This would be a common routine for locked down / hardened environments where the domain environment and group policies can cause a conflict issues with the software changes.

 

To test the Orion permissions using the Orion Permission Checker:

  1. Go to C:\Program Files (x86)\SolarWinds\Orion\ (or whichever directory Orion was installed in).
  2. Run OrionPermissionChecker.exe.
  3. Click Check.
  4. Click Repair.

 

To manually repair permissions:

  1. Target Directories: (Should be the same as Anti-Virus exclusions)
    Volume:\ProgramData\SolarWinds\
    Volume:\Program Files (x86)\Common Files\SolarWinds\
    Volume:\Program Files (x86)\Microsoft SQL Server\
    Volume:\Program Files (x86)\SolarWinds\
    Volume:\Windows\Temp\SolarWinds\
    Volume:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
    Volume:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
  2. Right-click on each of the target directories and Select Properties
  3. Click Security.
  4. Check the Group of the user names list. 
    If it does not exist: (*You must set the location and add the new principle accounts )
    1. Click Edit
    2. Click Add, and enter the Principal name.  
      Note: The Principal listed in the Orion Permission Checker should exist in this list, and must have full control. 
      (ie; local accounts choose location: by replacing  the domain with your then make sure the accounts exist Authenticated Users,IUSRS, Network Service)
    3. Click Check Names, and then click OK.
    4. Select Full control, and then click OK to complete.
  5. Repeat sub-steps 5(a) to 5(d) for all rows that do not exist in the Orion Permission Checker. 
  6. Please repeat but for the following local accounts: Authenticated Users,IUSRS, Network Service.
  7. Re-run the Orion Permission Checker to confirm all users have full control.
    Note:  Allow an hour before re-running the Orion Permission Checker. The Group Policy in a domain setting may affect permissions.
Last modified
08:37, 31 Jul 2017

Tags

Classifications

Public