Submit a ticketCall us

AnnouncementsWeb Help Desk Integrations eCourse

Looking to reduce response times? Sign up for our eCourse to learn how integrating Web Help Desk with Dameware Remote Support, Network Configuration Manager, Network Performance Monitor, and Server & Application Monitor can improve communication efficiencies.

Register here.

Home > Success Center > Network Performance Monitor (NPM) > Check permissions using the Orion Permission Checker

Check permissions using the Orion Permission Checker

Updated June 8th, 2016


The Orion Permission Checker checks key locations on the Orion server to ensure all file system permissions are set correctly. It also repairs locations, providing proper access to the Orion server.


SolarWinds recommends using a local server administrator account. When NPM is installed using a domain account that has restricted Group Policy settings, the logs can reflect that a service cannot access or write a file.  You will also see a note inside the configurationwizard.log file advising that domain accounts are not supported with this tool. You can always disable or remove the local server administrator account after making the changes. The process takes 5 minutes to set up.


NPM version 10.4 and later


The Repair button, next to the check button, can perform a repair, but when the domain Group Policy settings are restricted, a manual repair is required. This would be a common routine for locked down / hardened environments where the domain environment and group policies can cause conflict issues with the software changes.

Test the Orion permissions using the Orion Permission Checker

  1. Go to C:\Program Files (x86)\SolarWinds\Orion\ (or whichever directory Orion was installed in).
  2. Run OrionPermissionChecker.exe.
  3. Click Check.
  4. Click Repair.

Manually repair permissions

  1. Target Directories: (Should be the same as Anti-Virus exclusions)
    Volume:\Program Files (x86)\Common Files\SolarWinds\
    Volume:\Program Files (x86)\Microsoft SQL Server\
    Volume:\Program Files (x86)\SolarWinds\
    Volume:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
    Volume:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files 
    Volume:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
  2. Right-click on each of the target directories and select Properties.
  3. Click Security.
  4. Check the Group of the user names list. 
    If it does not exist, you must set the location and add the new principal accounts:
    1. Click Edit
    2. Click Add, and enter the Principal name.  

      The Principal listed in the Orion Permission Checker should exist in this list and must have full control. Local accounts choose a location. By replacing  the domain with your, then make sure the accounts exist: Authenticated UsersIUSR, Network Service)

    3. Click Check Names, and click OK.
    4. Select Full control, and click OK to complete.
  5. Repeat sub-steps (a) to (d) for all rows that do not exist in the Orion Permission Checker. 
  6. Repeat but for the following local accounts: Authenticated UsersIUSR, Network Service.
  7. Re-run the Orion Permission Checker to confirm all users have full control.

    Allow an hour before re-running the Orion Permission Checker. The Group Policy in a domain setting may affect permissions.

Last modified