Werk #15419: Windows agent: Run plugins/local checks using non-system account

Component Checks & agents
Title Windows agent: Run plugins/local checks using non-system account
Date Mar 17, 2023
Checkmk Version 2.3.0b1 2.2.0b1 2.1.0p25
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Affected Editions
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p25 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

This Werk addresses a regression that appeared with Werk #14871, which introduced stricter access rights for the Windows agent's ProgramData directory.

Windows agent plugins and local checks can be configured to run under a specific user or group, either by configuring the agent ruleset Run plugins and local checks using non-system account or by editing the check_mk.user.yaml file appropriately.

Starting with Checkmk 2.1.0p15/the abovementioned Werk, plugins and local checks that are configured to run under a specific user failed to execute.
The reason for this behavior was that, due to a preexisting bug, the Windows agent service then failed to set the proper access rights on the underlying files.
With the stricter default access rights, the files were not accessible any longer.

This only affected plugins/local checks that are configured with the option Run as User, while the ones configured with Run as local group did succeed.

The abovementioned bug is now fixed, and plugins/local checks will resume to work as configured.

To apply this fix, you need to update/reinstall the Windows Agent once.

To the list of all Werks