Closed dvaguirre closed 2 years ago
mattdurham
commented
2 years ago I looked at this some time ago in 621, I did not get too far down in figuring out what services can run. We run administrator so that all the collectors would work, there are likely some that would break under a non-admin user. I didn't see where the windows_exporter has instructions/doc on running under a different user.
dvaguirre
commented
2 years ago I looked at this some time ago in 621, I did not get too far down in figuring out what services can run. We run administrator so that all the collectors would work, there are likely some that would break under a non-admin user. I didn't see where the windows_exporter has instructions/doc on running under a different user.
regardless of windows_exporter instructions and documentation, following the principle of least privilege, there is no reason to Grafana Agent write outside its "home directory" and/or "spool directory" , and should work without administrator or system privileges.
edit: I want use Grafana Agent for security reasons, to dont need to expose scrap port on all servers (remote write), running windows_exporter with default SYSTEM account (where a vulnerability on exporter, can compromise all servers)
mattdurham
commented
2 years ago You are free to run the Agent under different account privileges and to lock it down to your own specifications. We run it under admin so that all the collectors and exporters will function.
dvaguirre
commented
2 years ago You are free to run the Agent under different account privileges and to lock it down to your own specifications. We run it under admin so that all the collectors and exporters will function.
Hi @mattdurham , I believe that development collaboration is about improve the code - and security is a important part of. If I spend my time to open a issue with detailed descriptions its because I care. Let me help you to help me?
mattdurham
commented
2 years ago Would welcome a pr that creates the necessary user to meet the minimum requirements of the default config for the windows agent install.
dvaguirre
commented
2 years ago I dont dev since colege, 20y ago... can you help-me, where I start with GO? The problem isnt the user, is somewhere in the code, when agent-windows-amd64.exe try to write or check permissions on those registry keys and files. When you start from Task Scheduler, with "Local Service" account (about the same privilege as virtual account), runs fine. The problem of running from the Task Scheduler, is that you dont have the logs when the task started/stoped or react (restart the service, run a script, restart the server etc) when crash... its kinda start something through cron instead systemctl on linux.
(just rename to xml and import on Task Scheduler) Grafana Agent.xml.txt
dvaguirre
commented
2 years ago access denied list, procmon file attached GrafanaAgent.zip
3:05:38.3618920 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access
3:05:38.5148538 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET CLR Data\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5150530 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET CLR Networking\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5151893 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET CLR Networking 4.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5153335 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET Data Provider for Oracle\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5155090 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET Data Provider for SqlServer\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5156592 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NET Memory Cache 4.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5157951 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\.NETFramework\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5168449 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\BITS\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5188362 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\ESENT\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5211970 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\Lsa\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5213912 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\LSM\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5219641 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\MSDTC\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5221179 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5222463 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5225663 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\MSSCNTRS\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5240286 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\PerfDisk\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5241488 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\PerfNet\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5242530 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\PerfOS\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5244028 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\PerfProc\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5252791 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\rdyboost\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5254672 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\RemoteAccess\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5263183 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5265239 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5266925 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\ServiceModelService 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5271751 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\SMSvcHost 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5273150 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5275264 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\Spooler\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5280931 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\TapiSrv\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5282325 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\Tcpip\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5284546 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\TermService\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5291456 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\UGatherer\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5292584 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\UGTHRSVC\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5296227 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\usbhub\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5303839 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\VMware\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5312993 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5314447 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\Windows Workflow Foundation 4.0.0.0\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5319079 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\WmiApRpl\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5323187 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\WSearchIdxPi\Performance ACCESS DENIED Desired Access: Read/Write
3:05:38.5332420 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{16fa106f-26c3-42a5-982b-400779ea8970} ACCESS DENIED Desired Access: Read/Write
3:05:38.5333112 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{16fa106f-26c3-42a5-982b-400779ea8970}\{a4b0515f-2c2f-4fc4-87f5-b3a3a8747225} ACCESS DENIED Desired Access: Read/Write
3:05:38.5334294 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{1ffc4a37-aabd-49e0-8b3d-fce8b099febb} ACCESS DENIED Desired Access: Read/Write
3:05:38.5335022 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{1ffc4a37-aabd-49e0-8b3d-fce8b099febb}\{d049a97f-9f42-4c11-ad73-5d8c68b30258} ACCESS DENIED Desired Access: Read/Write
3:05:38.5336852 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{20fe1a3a-af21-413c-8a7b-b7fbf6c9a059} ACCESS DENIED Desired Access: Read/Write
3:05:38.5337470 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{20fe1a3a-af21-413c-8a7b-b7fbf6c9a059}\{8a922684-7993-4b38-9929-b7366f01ec4a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5338665 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2538387c-08b7-44b8-86d3-47f59cf6d056} ACCESS DENIED Desired Access: Read/Write
3:05:38.5339108 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2538387c-08b7-44b8-86d3-47f59cf6d056}\{2538387c-08b7-44b8-86d3-47f59cf6d057} ACCESS DENIED Desired Access: Read/Write
3:05:38.5339987 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2ccb0d8d-ea94-4235-986b-c97f61f63969} ACCESS DENIED Desired Access: Read/Write
3:05:38.5340398 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2ccb0d8d-ea94-4235-986b-c97f61f63969}\{ef82017e-50e2-4ca2-b9ec-b9895ab70e08} ACCESS DENIED Desired Access: Read/Write
3:05:38.5341323 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2ea0b998-e7e8-41c6-8abc-093083ea21d7} ACCESS DENIED Desired Access: Read/Write
3:05:38.5341751 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{2ea0b998-e7e8-41c6-8abc-093083ea21d7}\{687d8f80-ffea-4de5-a41f-3e1c83378839} ACCESS DENIED Desired Access: Read/Write
3:05:38.5342528 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{31a5ebe2-c765-490a-937c-b0ab2787fe15} ACCESS DENIED Desired Access: Read/Write
3:05:38.5342993 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{31a5ebe2-c765-490a-937c-b0ab2787fe15}\{c73dfef0-11b8-4a3f-a1ad-0dcbbc5186ef} ACCESS DENIED Desired Access: Read/Write
3:05:38.5343995 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3817cb9c-49a8-436b-bc29-5518877d3c3a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5344455 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3817cb9c-49a8-436b-bc29-5518877d3c3a}\{82fa211f-e7f8-4ab5-a04c-cc523073b971} ACCESS DENIED Desired Access: Read/Write
3:05:38.5345315 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629} ACCESS DENIED Desired Access: Read/Write
3:05:38.5345756 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{2f66fd0a-9f6c-4d91-9f2f-2a1b5e41b7dc} ACCESS DENIED Desired Access: Read/Write
3:05:38.5346525 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{370e979a-377a-4f30-b2c4-9a0fd072890b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5347314 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{42cd0051-9dd9-4fe2-8db9-d37885d2d749} ACCESS DENIED Desired Access: Read/Write
3:05:38.5348115 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{52bc5412-dac2-449c-8bc2-96443888fe6b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5348882 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{b4fc721a-0378-476f-89ba-a5a79f810b36} ACCESS DENIED Desired Access: Read/Write
3:05:38.5349940 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{ed83b00b-6afd-4063-9420-16fe0fa3b36f} ACCESS DENIED Desired Access: Read/Write
3:05:38.5350981 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{f596750d-b109-4247-a62f-dea47a46e505} ACCESS DENIED Desired Access: Read/Write
3:05:38.5351870 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15} ACCESS DENIED Desired Access: Read/Write
3:05:38.5352280 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{2617bf8d-bedc-4231-b92b-1dd2d34ee225} ACCESS DENIED Desired Access: Read/Write
3:05:38.5353124 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{4ad2297e-ee20-42b4-9cb7-13f6f1598dbd} ACCESS DENIED Desired Access: Read/Write
3:05:38.5353927 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{59ceb84f-55ff-48c0-80cc-df0068501814} ACCESS DENIED Desired Access: Read/Write
3:05:38.5354815 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{882d9f58-d338-4a83-bc3d-23f5b0a98fa9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5355916 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{987a3601-c362-48e4-a856-e28f070efb07} ACCESS DENIED Desired Access: Read/Write
3:05:38.5356794 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{9acaa205-c3ed-4acd-a911-6554d156b095} ACCESS DENIED Desired Access: Read/Write
3:05:38.5357731 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{9acaa206-c3ed-4acd-a911-6554d156b095} ACCESS DENIED Desired Access: Read/Write
3:05:38.5358616 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{c0fe4189-5cfa-4659-9eba-10541cc395a0} ACCESS DENIED Desired Access: Read/Write
3:05:38.5359396 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3def464b-f31b-4117-8fb7-bb829a0e1a15}\{c5a19aba-349b-49cc-94c8-f36404082727} ACCESS DENIED Desired Access: Read/Write
3:05:38.5360305 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3e785595-30c2-437d-96ed-677d14724610} ACCESS DENIED Desired Access: Read/Write
3:05:38.5360807 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{3e785595-30c2-437d-96ed-677d14724610}\{6ca1716d-53cd-468a-a1b3-59032c19c166} ACCESS DENIED Desired Access: Read/Write
3:05:38.5362017 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{408443b2-2164-418a-ad52-c761f93310f3} ACCESS DENIED Desired Access: Read/Write
3:05:38.5362644 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{408443b2-2164-418a-ad52-c761f93310f3}\{c3cf1c57-275d-4b71-a5a6-e4e90401b821} ACCESS DENIED Desired Access: Read/Write
3:05:38.5363426 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{408443b2-2164-418a-ad52-c761f93310f3}\{e363bd27-bfbd-4581-a142-ecc006a7b82b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5364196 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{408443b2-2164-418a-ad52-c761f93310f3}\{f961fa1c-6b9b-4d16-b414-499ed1f6d6f2} ACCESS DENIED Desired Access: Read/Write
3:05:38.5365143 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{420a6c98-914e-40fc-9a0f-80c7db801780} ACCESS DENIED Desired Access: Read/Write
3:05:38.5365607 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{420a6c98-914e-40fc-9a0f-80c7db801780}\{a44a45c2-664d-476c-b68c-6b123eccc31f} ACCESS DENIED Desired Access: Read/Write
3:05:38.5366350 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{4d4bac91-2b54-4f84-be36-cf74389f8f49} ACCESS DENIED Desired Access: Read/Write
3:05:38.5366765 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{4d4bac91-2b54-4f84-be36-cf74389f8f49}\{d30c5234-f79d-44a9-9803-2f9d5feef791} ACCESS DENIED Desired Access: Read/Write
3:05:38.5367875 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{4d4bac91-2b54-4f84-be36-cf74389f8f49}\{e6e560b2-062f-41ca-89ab-f6987f2b7a25} ACCESS DENIED Desired Access: Read/Write
3:05:38.5368990 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{4d4bac91-2b54-4f84-be36-cf74389f8f49}\{f4681672-32dc-41db-8669-fdf490345ba5} ACCESS DENIED Desired Access: Read/Write
3:05:38.5369932 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{57683f06-a08b-4708-8825-5c26f410744b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5370311 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{57683f06-a08b-4708-8825-5c26f410744b}\{d9ff82a4-a6a2-4fa5-899e-086ead3bab21} ACCESS DENIED Desired Access: Read/Write
3:05:38.5371035 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{57683f06-a08b-4708-8825-5c26f410744b}\{e0e99beb-f7d6-4402-ab36-e510d7048f22} ACCESS DENIED Desired Access: Read/Write
3:05:38.5372061 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{57ec1e30-406c-48ee-8e96-5da71298991f} ACCESS DENIED Desired Access: Read/Write
3:05:38.5372547 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{57ec1e30-406c-48ee-8e96-5da71298991f}\{6f1a94cb-68ed-4a84-9668-64e671e1ffef} ACCESS DENIED Desired Access: Read/Write
3:05:38.5373694 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5374466 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a}\{227419d5-f6d8-4fb7-85d6-2cac1725e4a9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5375344 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a}\{978c167d-4764-4d9c-9824-14747351dc81} ACCESS DENIED Desired Access: Read/Write
3:05:38.5376138 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a}\{be2139c7-ab81-424d-b107-d87f7c9322ac} ACCESS DENIED Desired Access: Read/Write
3:05:38.5376970 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a}\{f802502b-77b4-4713-81b3-3be05759da5d} ACCESS DENIED Desired Access: Read/Write
3:05:38.5377714 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5c3b2414-fd1d-44fb-8b00-e3194209dd1a}\{f9ed01f5-8f3e-4956-973f-9f05bc96f489} ACCESS DENIED Desired Access: Read/Write
3:05:38.5378585 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5db760bc-64b2-4da7-b4ef-7dab105fbb8c} ACCESS DENIED Desired Access: Read/Write
3:05:38.5379004 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5db760bc-64b2-4da7-b4ef-7dab105fbb8c}\{faa17411-9025-4b86-8b5e-ce2f32b06e13} ACCESS DENIED Desired Access: Read/Write
3:05:38.5379876 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5e6554b3-ccf8-4769-b82b-798f4cce5483} ACCESS DENIED Desired Access: Read/Write
3:05:38.5380363 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5e6554b3-ccf8-4769-b82b-798f4cce5483}\{ac5e8416-9f39-4166-951f-88ee9635b1d8} ACCESS DENIED Desired Access: Read/Write
3:05:38.5381325 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5e6554b3-ccf8-4769-b82b-798f4cce5483}\{b790d108-d503-47ec-9d7b-b39737b39dba} ACCESS DENIED Desired Access: Read/Write
3:05:38.5382146 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{5e6554b3-ccf8-4769-b82b-798f4cce5483}\{e4a2b264-7187-41ca-aa73-7dc698d49ed1} ACCESS DENIED Desired Access: Read/Write
3:05:38.5383023 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752} ACCESS DENIED Desired Access: Read/Write
3:05:38.5383463 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752}\{08fb768b-1e55-4040-b153-e0ddbedd8042} ACCESS DENIED Desired Access: Read/Write
3:05:38.5384266 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752}\{21a64f86-6cbe-47e1-a497-261226ca12f7} ACCESS DENIED Desired Access: Read/Write
3:05:38.5385053 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752}\{60aa43c9-c1b7-41bf-9b4c-b7f6cc1d93b9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5385848 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752}\{65faa5f0-141d-4f38-acf0-c79bb0c7be2d} ACCESS DENIED Desired Access: Read/Write
3:05:38.5386729 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{62706b23-4f66-4c53-b6cc-c6600ccc2752}\{c0df9671-a0ea-4576-9f81-853127cf8d28} ACCESS DENIED Desired Access: Read/Write
3:05:38.5387626 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{71cb4f3b-e29c-4619-a5d5-5fd6a68120ad} ACCESS DENIED Desired Access: Read/Write
3:05:38.5388096 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{71cb4f3b-e29c-4619-a5d5-5fd6a68120ad}\{3c8cb362-147c-4105-b98b-11fd7e671dd7} ACCESS DENIED Desired Access: Read/Write
3:05:38.5388907 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{71cb4f3b-e29c-4619-a5d5-5fd6a68120ad}\{7b08ee8b-88d7-4cad-a06f-70d1c4b65ee7} ACCESS DENIED Desired Access: Read/Write
3:05:38.5389760 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{74800676-866f-4bbd-8680-dac6a6fb6c8e} ACCESS DENIED Desired Access: Read/Write
3:05:38.5390288 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{74800676-866f-4bbd-8680-dac6a6fb6c8e}\{06ebf20d-17fb-4338-a08d-7a99f17ca678} ACCESS DENIED Desired Access: Read/Write
3:05:38.5390977 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{74800676-866f-4bbd-8680-dac6a6fb6c8e}\{ad8644c4-ae02-4b22-990d-52b491f91c26} ACCESS DENIED Desired Access: Read/Write
3:05:38.5391773 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb} ACCESS DENIED Desired Access: Read/Write
3:05:38.5392227 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{16dcff2c-91a3-4e6a-8135-0a9e6681c1b5} ACCESS DENIED Desired Access: Read/Write
3:05:38.5392960 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{8ebb0470-da6d-485b-8441-8e06b049157a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5393656 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{e829b6db-21ab-453b-83c9-d980ec708edd} ACCESS DENIED Desired Access: Read/Write
3:05:38.5394488 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{898a4828-e6e6-4ddd-abb2-5751e3949aa4} ACCESS DENIED Desired Access: Read/Write
3:05:38.5394907 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{898a4828-e6e6-4ddd-abb2-5751e3949aa4}\{115b92b4-7191-491a-a9b5-93c8e9fb641b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5395755 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{9eeedeb1-de39-4fba-9cd5-6521b9f19984} ACCESS DENIED Desired Access: Read/Write
3:05:38.5396233 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{9eeedeb1-de39-4fba-9cd5-6521b9f19984}\{2b048375-f829-4b1d-b117-681e9ead1d50} ACCESS DENIED Desired Access: Read/Write
3:05:38.5397055 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{9eeedeb1-de39-4fba-9cd5-6521b9f19984}\{c71cfb00-0ecc-43a3-bf5a-a90ca7718033} ACCESS DENIED Desired Access: Read/Write
3:05:38.5397962 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a18453e4-433b-4d33-ac66-2551e3bba9be} ACCESS DENIED Desired Access: Read/Write
3:05:38.5398346 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a18453e4-433b-4d33-ac66-2551e3bba9be}\{66f19dff-a4dd-4802-8fbb-29e6a54af9da} ACCESS DENIED Desired Access: Read/Write
3:05:38.5399212 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995} ACCESS DENIED Desired Access: Read/Write
3:05:38.5399586 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{042478fc-1449-4b04-a0d8-ba5660ab739a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5400278 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{3ab34489-ec07-4d11-a4bb-677b87cd58d9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5401022 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{3f0903d7-5b0b-493e-abf2-a36fd7ce2601} ACCESS DENIED Desired Access: Read/Write
3:05:38.5401687 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{6800b902-8b06-11df-9561-f043dfd72085} ACCESS DENIED Desired Access: Read/Write
3:05:38.5402568 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{7495d5d9-ea6a-444d-afab-e3cae27c047b} ACCESS DENIED Desired Access: Read/Write
3:05:38.5403406 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{a3886623-dd46-48fc-a1f9-e3da35125995}\{cd376bd3-9f6b-48c0-840e-1816b7a50fdc} ACCESS DENIED Desired Access: Read/Write
3:05:38.5404186 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{b1c6de93-e020-4ad9-9ca5-4dd5553004cf} ACCESS DENIED Desired Access: Read/Write
3:05:38.5404666 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{b1c6de93-e020-4ad9-9ca5-4dd5553004cf}\{1045bf74-023b-445a-9e2b-2038ff4789a6} ACCESS DENIED Desired Access: Read/Write
3:05:38.5405514 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{b1c6de93-e020-4ad9-9ca5-4dd5553004cf}\{86b34670-d4bb-40c9-8301-33fb16675d61} ACCESS DENIED Desired Access: Read/Write
3:05:38.5406512 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{b9fcf33d-ba8f-4654-a5f2-bf58a5866ca8} ACCESS DENIED Desired Access: Read/Write
3:05:38.5406999 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{b9fcf33d-ba8f-4654-a5f2-bf58a5866ca8}\{bd4b1f37-d1f0-4fc5-996d-d4a21290f212} ACCESS DENIED Desired Access: Read/Write
3:05:38.5408262 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ba888490-8281-4ac7-b0de-8cc46b314d43} ACCESS DENIED Desired Access: Read/Write
3:05:38.5409369 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ba888490-8281-4ac7-b0de-8cc46b314d43}\{06f6022a-82f9-48a5-bc16-074c1bed416c} ACCESS DENIED Desired Access: Read/Write
3:05:38.5410487 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb44ecb6-d88a-4b33-a39c-d6a9c03142a9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5410942 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb44ecb6-d88a-4b33-a39c-d6a9c03142a9}\{4e590c2e-2ad3-4138-8f61-4b08771dbbc8} ACCESS DENIED Desired Access: Read/Write
3:05:38.5411848 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7308} ACCESS DENIED Desired Access: Read/Write
3:05:38.5412334 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7308}\{19b5bae2-18c5-4ab8-99de-255f0e96760a} ACCESS DENIED Desired Access: Read/Write
3:05:38.5413437 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7380} ACCESS DENIED Desired Access: Read/Write
3:05:38.5413884 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7380}\{135f3513-bc27-4360-b281-0a36caceb1f2} ACCESS DENIED Desired Access: Read/Write
3:05:38.5414734 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7380}\{19b5bae2-18c5-4ab8-99de-255f0e9676a0} ACCESS DENIED Desired Access: Read/Write
3:05:38.5415505 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7380}\{8bc1703a-939f-4ee1-8785-b0fc5837feb2} ACCESS DENIED Desired Access: Read/Write
3:05:38.5416384 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cb6d8ddc-a302-4349-88fd-9fcf6d3a7380}\{cc16fe4c-d638-492e-a924-519185396ebf} ACCESS DENIED Desired Access: Read/Write
3:05:38.5417285 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cc549940-0edf-41b1-8298-74c2627b6af9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5417818 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cc549940-0edf-41b1-8298-74c2627b6af9}\{35a002b8-38a7-41eb-bedd-6610bb93f046} ACCESS DENIED Desired Access: Read/Write
3:05:38.5418712 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cc629d13-f318-4c40-b1ed-d70bce524515} ACCESS DENIED Desired Access: Read/Write
3:05:38.5419141 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{cc629d13-f318-4c40-b1ed-d70bce524515}\{22ca1519-4394-4a5f-be88-84a5c853a4aa} ACCESS DENIED Desired Access: Read/Write
3:05:38.5420143 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{db314ee3-3157-4e56-8fd9-2184874d195d} ACCESS DENIED Desired Access: Read/Write
3:05:38.5420707 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{db314ee3-3157-4e56-8fd9-2184874d195d}\{fb01b3ef-bb4a-4c48-9ab8-dc1871675e6d} ACCESS DENIED Desired Access: Read/Write
3:05:38.5421879 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ddf417dc-4cc3-4529-9ffc-1d04eb678da3} ACCESS DENIED Desired Access: Read/Write
3:05:38.5422463 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ddf417dc-4cc3-4529-9ffc-1d04eb678da3}\{d53266b4-c9f5-4808-8a0f-d17bbf493416} ACCESS DENIED Desired Access: Read/Write
3:05:38.5423263 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{e08d5971-88fb-4799-b066-6978845f73c1} ACCESS DENIED Desired Access: Read/Write
3:05:38.5423768 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{e08d5971-88fb-4799-b066-6978845f73c1}\{b851890b-3e61-427a-ab94-461e088d4827} ACCESS DENIED Desired Access: Read/Write
3:05:38.5424552 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c} ACCESS DENIED Desired Access: Read/Write
3:05:38.5424969 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{11ace151-4bac-44b0-8a82-0a859a5355d9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5425690 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{1cc9da8b-58a5-4c92-9a4e-f05f2a2ae7a3} ACCESS DENIED Desired Access: Read/Write
3:05:38.5426417 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{28d00a68-8309-4a3e-bf1d-0ebd27c75787} ACCESS DENIED Desired Access: Read/Write
3:05:38.5427494 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{40990512-fb18-4bbd-95e2-f72e8cdae178} ACCESS DENIED Desired Access: Read/Write
3:05:38.5428372 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{40e6824e-1b9b-4329-9a6e-e94c8fb03a3f} ACCESS DENIED Desired Access: Read/Write
3:05:38.5429193 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{58276884-7f29-450d-bcfa-5be4b7266334} ACCESS DENIED Desired Access: Read/Write
3:05:38.5429907 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{63c158d0-2a4c-4509-8d27-29e935b69e5f} ACCESS DENIED Desired Access: Read/Write
3:05:38.5430658 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{6b81611f-8998-47c2-9550-f7dc0324e620} ACCESS DENIED Desired Access: Read/Write
3:05:38.5431264 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{7a030929-9547-485c-ba6c-3e891612c2ce} ACCESS DENIED Desired Access: Read/Write
3:05:38.5431907 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{83a3746d-a9ec-47c0-830f-6dd440b07666} ACCESS DENIED Desired Access: Read/Write
3:05:38.5432665 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{9815b8f4-d337-4eb4-a468-fc9a83bcce65} ACCESS DENIED Desired Access: Read/Write
3:05:38.5433534 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{a30f983f-321a-48b0-85c3-cab02781dd02} ACCESS DENIED Desired Access: Read/Write
3:05:38.5434508 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{aaca5b25-a859-438d-93b6-924f63a2cb3c} ACCESS DENIED Desired Access: Read/Write
3:05:38.5435209 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{ef63b92d-c5a6-4314-ac9f-cc6b1c56fb9c}\{e6e73867-856a-4574-a0ba-01c066d376f5} ACCESS DENIED Desired Access: Read/Write
3:05:38.5435966 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f25a20a5-fd7a-417b-afc3-76295ebac77c} ACCESS DENIED Desired Access: Read/Write
3:05:38.5436428 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f25a20a5-fd7a-417b-afc3-76295ebac77c}\{51bda498-67cb-479f-b898-57d2d73788f0} ACCESS DENIED Desired Access: Read/Write
3:05:38.5437227 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f25a20a5-fd7a-417b-afc3-76295ebac77c}\{811bbce5-7327-4ad9-ab62-a8b955f61eef} ACCESS DENIED Desired Access: Read/Write
3:05:38.5438140 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3991d9d-fc17-4f37-b12f-8984a43e1aeb} ACCESS DENIED Desired Access: Read/Write
3:05:38.5438567 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3991d9d-fc17-4f37-b12f-8984a43e1aeb}\{9ff69334-839c-41fe-96e0-c5189ac431f2} ACCESS DENIED Desired Access: Read/Write
3:05:38.5439776 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3991d9d-fc17-4f37-b12f-8984a43e1aeb}\{a8180dab-81d0-4e05-b76b-eb4c5fb37357} ACCESS DENIED Desired Access: Read/Write
3:05:38.5440646 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3991d9d-fc17-4f37-b12f-8984a43e1aeb}\{c0c9c676-ac38-40d4-a23c-69f05d12a306} ACCESS DENIED Desired Access: Read/Write
3:05:38.5441304 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3991d9d-fc17-4f37-b12f-8984a43e1aeb}\{d7e69761-f919-4bfa-bbb6-bece1050a2ce} ACCESS DENIED Desired Access: Read/Write
3:05:38.5442066 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3b975e7-e068-4f66-81ef-b23e0a0e64c9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5442619 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3b975e7-e068-4f66-81ef-b23e0a0e64c9}\{fc9e399c-c70a-4458-8430-ca249c371eb3} ACCESS DENIED Desired Access: Read/Write
3:05:38.5443404 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f6c5ad57-a5be-4259-9060-b2c4ebfccd96} ACCESS DENIED Desired Access: Read/Write
3:05:38.5443959 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f6c5ad57-a5be-4259-9060-b2c4ebfccd96}\{1f7207c2-0b8c-48de-9dcd-64ff98cc24e1} ACCESS DENIED Desired Access: Read/Write
3:05:38.5444669 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{fd0dce36-af57-417b-9ce6-2d10633b4cf9} ACCESS DENIED Desired Access: Read/Write
3:05:38.5445237 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{fd0dce36-af57-417b-9ce6-2d10633b4cf9}\{7d937e49-cfd5-438f-af4f-b3047d90a5c3} ACCESS DENIED Desired Access: Read/Write
3:05:38.5446175 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{fd0dce36-af57-417b-9ce6-2d10633b4cf9}\{f3e82f6e-9df4-425d-a5d5-3a9832005b16} ACCESS DENIED Desired Access: Read/Write
3:05:38.9623809 PM agent-windows-amd64.exe 2980 RegCreateKey HKLM\Software\Microsoft\WBEM\CIMOM ACCESS DENIED Desired Access: Query Value, Set Value
3:05:38.9625134 PM agent-windows-amd64.exe 2980 RegCreateKey HKLM\SOFTWARE\Microsoft\Wbem\CIMOM ACCESS DENIED Desired Access: Query Value, Set Value
3:05:38.9627008 PM agent-windows-amd64.exe 2980 RegCreateKey HKLM\Software\Microsoft\WBEM\CIMOM ACCESS DENIED Desired Access: Read/Write
3:05:38.9628383 PM agent-windows-amd64.exe 2980 RegCreateKey HKLM\SOFTWARE\Microsoft\Wbem\CIMOM ACCESS DENIED Desired Access: Read/Write
3:05:39.0750078 PM agent-windows-amd64.exe 2980 RegOpenKey HKLM\System\CurrentControlSet\Services\EventLog\Application ACCESS DENIED Desired Access: Create Sub Key
Natycat33
commented
2 years ago I ran into a similar issue with this today. In my instance, it turned out I was using a relative path in my agents-conf.yaml for my bookmarks file. This meant grafana agent attempted to put it in system32, which failed and crashed the program. After fixing this, I was able to get it working with an account in the eventlog readers, performance log users, and performance monitor users groups.
EDIT: I also discovered I had to give full access for the service user to the registry key HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>EventLog>Application.
Full Procedure:
github-actions[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had any activity in the past 30 days. The next time this stale check runs, the stale label will be removed if there is new activity. The issue will be closed in 7 days if there is no new activity. Thank you for your contributions!
The install runs Grafana Agent service with SYSTEM (root equivalent). Replaced SYSTEM account with virtual service account (shadow account equivalent) "NT SERVICE\Grafana Agent", add account to "Performance Monitor Users" ("Members of this group can access performance counter data locally and remotely"), give modify permissions on "C:\Program Files\Grafana Agent" and "C:\ProgramData\grafana-agent-wal", but the service didn't started with "Error 1067: The process terminated unexpectedly". Microsoft Sysinternals Process Monitor ( procmon64.exe https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) shows several "ACCESS DENIED Desired Access: Read/Write" at registry performance counters.
PS: windows_exporter and splunk universal forwarder runs with "Performance Monitor Users" privilege under virtual accounts.