eniojorge
commented
7 months ago I tried changing -Path Cert:\LocalMachine\My to -Path Cert:\CurrentUser\My but zabbix doesn't read it.
Open eniojorge opened 7 months ago
eniojorge
commented
7 months ago I tried changing -Path Cert:\LocalMachine\My to -Path Cert:\CurrentUser\My but zabbix doesn't read it.
skazochnik97
commented
7 months ago Zabbix service should run or already run as low privilage user. And this user doen't have any certificates. So you have two options: 1 Run zabbix-agent service at this host as current user. It's fast but less secure.
OR
2 Install psexec to escalate and change UserParameter to invoke command as current user. Seems not secure too.
https://learn.microsoft.com/en-ie/sysinternals/downloads/psexec
UserParameter=windows.certs[*],psexec -u USERNAME -p PASSWORD powershell -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files\zabbix-agent\scripts\windows_certs.ps1" -ActionType "$1" -Key "$2" -Value "$3"
Hi, I would like to know if there is a way to modify the template to get the certificates from the current user instead of the local machine.