Werk #15419: Windows agent: Run plugins/local checks using non-system account
| Component | Checks & agents |
| Title | Windows agent: Run plugins/local checks using non-system account |
| Date | Mar 17, 2023 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk Version | 2.1.0p25 2.2.0b1 2.3.0b1 |
| Level | Trivial Change |
| Class | Bug Fix |
| Compatibility | Compatible - no manual interaction needed |
This Werk addresses a regression that appeared with Werk #14871, which introduced stricter access rights for the Windows agent's ProgramData directory.
Windows agent plugins and local checks can be configured to run under a specific user or group, either by configuring the agent ruleset Run plugins and local checks using non-system account or by editing the check_mk.user.yaml file appropriately.
Starting with Checkmk 2.1.0p15/the abovementioned Werk, plugins and local checks that are configured to run under a specific user failed to execute.
The reason for this behavior was that, due to a preexisting bug, the Windows agent service then failed to set the proper access rights on the underlying files.
With the stricter default access rights, the files were not accessible any longer.
This only affected plugins/local checks that are configured with the option Run as User, while the ones configured with Run as local group did succeed.
The abovementioned bug is now fixed, and plugins/local checks will resume to work as configured.
To apply this fix, you need to update/reinstall the Windows Agent once.
