Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Network Performance Monitor (NPM) > Check permissions using the Orion Permission Checker

Check permissions using the Orion Permission Checker

Updated June 8th, 2016

Overview

The Orion Permission Checker checks key locations on the Orion server to ensure all file system permissions are set correctly. It also repairs locations, providing proper access to the Orion server.

 

SolarWinds recommends using a local server administrator account. When NPM is installed using a domain account that has restricted Group Policy settings, the logs can reflect that a service cannot access or write a file.  You will also see a note inside the configurationwizard.log file advising that domain accounts are not supported with this tool. You can always disable or remove the local server administrator account after making the changes. The process takes 5 minutes to set up.

Environment

NPM version 10.4 and later

Steps

The Repair button, next to the check button, can perform a repair, but when the domain Group Policy settings are restricted, a manual repair is required. This would be a common routine for locked down / hardened environments where the domain environment and group policies can cause conflict issues with the software changes.

Test the Orion permissions using the Orion Permission Checker

  1. Go to C:\Program Files (x86)\SolarWinds\Orion\ (or whichever directory Orion was installed in).
  2. Run OrionPermissionChecker.exe.
  3. Click Check.
  4. Click Repair.

Manually repair permissions

  1. Target Directories: (Should be the same as Anti-Virus exclusions)
    Volume:\ProgramData\SolarWinds\
    Volume:\Program Files (x86)\Common Files\SolarWinds\
    Volume:\Program Files (x86)\Microsoft SQL Server\
    Volume:\Program Files (x86)\SolarWinds\
    Volume:\Windows\Temp\SolarWinds\
    Volume:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
    Volume:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
  2. Right-click on each of the target directories and select Properties.
  3. Click Security.
  4. Check the Group of the user names list. 
    If it does not exist, you must set the location and add the new principal accounts:
    1. Click Edit
    2. Click Add, and enter the Principal name.  

      The Principal listed in the Orion Permission Checker should exist in this list and must have full control. Local accounts choose a location. By replacing  the domain with your, then make sure the accounts exist: Authenticated UsersIUSRS, Network Service)

    3. Click Check Names, and click OK.
    4. Select Full control, and click OK to complete.
  5. Repeat sub-steps (a) to (d) for all rows that do not exist in the Orion Permission Checker. 
  6. Repeat but for the following local accounts: Authenticated UsersIUSRS, Network Service.
  7. Re-run the Orion Permission Checker to confirm all users have full control.

    Allow an hour before re-running the Orion Permission Checker. The Group Policy in a domain setting may affect permissions.

Last modified

Tags

Classifications

Public