I manage security for service accounts through access with least privilege. Monitoring with PRTG however means that most of the WMI sensors need local Administrator access, which I’m not too happy about. One such situation is if you need to access the state of running services. To get around this, use the script below.

One example:

sddlset.ps1 -Username "domain\monitoring" -Service w3svc -Rights Read -Computer webserver

This will then resolve the SID for the user, add it to the SDDL with necessary permissions and then spit out the result. To allow any access at all you will first need to give the user permissions on scmanager, so run sddlset.ps1 -Username "domain\monitoring" -Service scmanager -Rights Read -Computer webserver.

Edit 12/02/2015: Added help function to script, added ability to perform remotely.