OK, you asked for it. If you do not need to gather Module identification information, you can run the Performance Sentry collection service under a User Account. You can only set the Collection Service to run under a User Account manually using the Services Administrative Tool, which is illustrated below:
To function correctly, the User Account that the Performance Sentry Collection Service runs under requires the following User Rights:
 |
Logon as a service |
 |
Increase scheduling priority |
with the following Registry Key Permissions (in Windows 2000 and above):
 |
Read access to the Registry key HKLMSOFTWAREMicrosoftWindows NTCurrentVersionPerflib |
 |
Read access to the Registry key HKLM\SYSTEMCurrentControlSetServices |
 |
Control access to the Registry key HKLM\SYSTEMCurrentControlSetServicesDmperfss. Note that this Registry key is created by the system’s Service Control Manager when the Performance Sentry collection service (dmperfss.exe) is installed. |
A sample installation script that installs the the Performance Sentry collection service under a User Account and grants these local Registry Key Permissions to the Account is shown below. The subinacl utility used here to grant Registry Key permissions is available in the Windows Server Resource Kit.
net stop “Performance Sentry”
dmperfss -remove
dmperfss -install -fdevncci.dcs -accountdomainusername -passwordpassword
subinacl /verbose /keyreg “SOFTWAREMicrosoftWindows NTCurrentVersionPerflib” /grant=domainusername
subinacl /verbose /keyreg “SOFTWAREMicrosoftWindows NTCurrentVersionPerflib�09” /grant=domainusername
subinacl /verbose /keyreg “SYSTEMCurrentControlSetServicesDMPerfss” /grant=domainusername
subinacl /verbose /keyreg “SYSTEMCurrentControlSetServicesDMPerfssControl” /grant=domainusername
subinacl /verbose /keyreg “SYSTEMCurrentControlSetServicesDMPerfssSecurity” /grant=domainusername
net start “Performance Sentry”
and with the following Folder Permissions:
 |
Control access to the NTSMF data Folder and subFolders where the .smf data file is written. |
 |
Control access to any shared Network folders that the Cycle End Command or command script requires access to. |
In addition, some Performance Library DLLs that the Performance SeNTry collection service will attempt to load and run may reside in secure folders. You will need to grant the User Account the collection service runs under Read access to the folders. During the Discovery phase of each collection cycle, when the collection service attempts to load the Perflib DLL modules, the Load will fail. You will see a Warning message similar to the following in the Application Event log or the local <computername>.ntsmf.log message file:
In this example, in order for the Performance Sentry collection service to load the SQLCTR80.dll Performance Library DLL that is responsible for gathering SQL Server 2000 performance Objects and Counters successfully, you must first grant Read Access to the C:Program FilesMicrosoft SQL ServerMSSQLBinn Folder where SQLCTR80.dll resides to the Performance Sentry agent User Account.
[…] collection service under a User Account by following the guidelines discussed in Questions 2.12 and 2.13 in this chapter (See Related Pages Below). All collection service functions will execute normally, […]