The Credentials Manager is an integral part of ipMonitor's overall security strategy.

Credentials are used to:

• Permit the ipMonitor Service (ipmonitorsrv) to run under a Windows account with minimum privileges.
• Impersonate accounts with elevated permissions when necessary.
• Set usage restrictions to control how the Credential is used.

In order for ipMonitor to be fully functional, various Monitors, Alerts and management features require access to Windows file system objects or Services via the network. Instead of running the ipMonitor Service under an Administrator account at all times, Credentials are used to apply elevated permissions only when required.

Top of page

When ipMonitor attempts to communicate with a resource that requires authentication, it can provide a Credential with the necessary permissions and/or login information to authenticate. Once validated, ipMonitor will continue performing its monitoring or management task.

Various Usage Restrictions may be applied to each Credential. A Credential can be enabled to be:

• Used over SSL
• Used with Digest Authentication Schemes
• Used with Integrated Windows Authentication Schemes
• Used with Windows Impersonation for use with RPC
• Used with Windows Impersonation to start an external process
• Used with ADO (ActiveX Data Objects)
• Transmitted in clear text

Account-level access is applied to each Credential, authorizing usage by:

1. Only the owner who created the Credential.
2. Any account with sufficient permissions.

The following diagram illustrates the authentication process when ipMonitor connects to a web server, using Basic (clear text) Authentication. The web server authorizes ipMonitor's request only when it can validate the Credentials supplied.

The following diagram illustrates the authentication process when ipMonitor executes an external application using a Domain Account. Specifying a Credential for the External Process Monitor permits ipMonitor to run under a low privilege account and still be able to execute applications that require elevated account privileges.

Top of page

Not all Monitors, Alerts and Features included in ipMonitor use Credentials.

Credentials are used with any Monitor that requires access to Windows® file system objects or Services:

• ADO QA
• Service
• Drive Space
• Event Logs
• ADO
• External Process
• File Watching
• File Property
• Directory

Login Credentials are required for the following Monitors:

• POP3 QA
• IMAP4 QA
• RADIUS
• IPMONITOR

The following Monitors may require a Credential if the resource that is being monitored requires authentication prior to granting access:

• HTTP QA
• HTML / ASP
• HTTPS
• LINK QA
• FTP QA

The following Alerts may require a Credential if the Notification method is access restricted:

• External Process
• NET SEND (Broadcast)
• Reboot Server
• Restart Service
• Text Log

Top of page