MORE INFORMATION
To remotely view performance data on a computer running Windows NT Server,
follow these steps:
- On a computer running either Windows NT Workstation or Server, run
Performance Monitor.
- On the Edit menu, click Add to Chart.
-or-
On the toolbar, click the button with the plus (+) on it.
After entering \\<ComputerName> in the Add to Chart dialog box, you are
either denied access in some way or allowed to add counters from the remote
computer to the local performance chart.
Default Behavior on Windows NT Server 3.51 Computers
Prior to Windows NT 3.51, any user (Guest, User, Administrator) who could
make a connection to IPC$ on a server could also use Performance Monitor to
remotely view the server's performance data.
By default, the Everyone group has READ access in the following registry
keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\009
NOTE: The above registry key is one path; it has been wrapped for
readability.
READ access is all that is required to read the performance data, so
Everyone could access the data remotely.
Restricting Remote Access to Performance Data on Windows NT Server 3.51
Computers
To restrict access on a computer running Windows 3.51 Server, follow these
steps:
WARNING: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall your operating system. Microsoft cannot
guarantee that problems resulting from the incorrect use of Registry Editor
can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys And
Values" online Help topic in Registry Editor (Regedit.exe) or the "Add and
Delete Information in the Registry" and "Edit Registry Data" online Help
topics in Regedt32.exe. Note that you should back up the registry before
you edit it.
- Run Registry Editor (Regedt32.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key:
\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perfl - Select the Perflib key.
- On the Security menu, click Permissions.
- Select Everyone and click Remove.
NOTE: Check to make sure that Administrator and System have Full Control
access to Perflib and its subkey, 009.
NOTE: 009 is the language ID for the English version of Windows NT.
- Add a value called CheckSystemProfileRight to the Perflib key. The
value type is REG_DWORD and should be set to 1.
NOTE: In Windows NT 3.51 and 4.0, if the CheckSystemProfileRight value
under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib\ key has been defined and given a value of 1,
Read access to this key is necessary to retrieve the performance data.
If this value is not defined or is defined and set to zero, the ACL will
NOT be checked (to provide Windows NT 3.5 compatible behavior).
- Click OK and quit Registry Editor.
- If the Windows NT system partition is NTFS, use Explorer or File Manager
to check the security on the following files:
%windir%\system32\PERFCxxx.DAT
%windir%\system32\PERFHxxx.DAT
NOTE: xxx is the basic language ID for the system. For example, 009 is
the ID for the English version.
These files contain performance data. If you want to restrict remote
access to this data, remove Everyone (or other appropriate groups) from
the access list for these files.
NOTE: Read access to both Perfc009.dat and Perfh009.dat is required to
monitor performance data. BOTH files must have the correct ACL.
- Shut down and restart Windows NT 3.51.
Users who attempt to remotely access performance data with Performance
Monitor should now receive the following message:
Insufficient privilege to access performance data
Default Behavior on Windows NT Server 4.0 Computers
In Windows NT 4.0, guests (if the Guest account is enabled) and
administrators are supposed to be able to access performance data remotely.
However, security on the following registry key is restricted to
administrators:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
\Winreg
NOTE: The above registry key is one path; it has been wrapped for
readability.
Without read access to this key, no one will be able to access performance
data on this server. Prior to Service Pack 3.0 for Windows NT Server 4.0,
neither guests nor users are able to access performance data. Adding read
access to the Winreg key for the Guests, Domain Guests, Users, Domain
Users, or Everyone group will grant the desired user(s) access to
performance data. Anyone attempting to view remote performance data without
this permission will receive the following error message:
Computer name not found
This message would normally mean that the client had network connectivity
problems or perhaps a NetBIOS name resolution problem. In this case, it is
the equivalent of "Insufficient privilege to access performance data."
Restricting Remote Access to Performance Data on Windows NT SERVER 4.0
Computers
Follow steps 1 through 6 above to restrict access to Windows NT 4.0
performance data. After step 6, perform the following step:
- Before closing the registry, locate this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
\winr
NOTE: The above registry key is one path; it has been wrapped for
readability.
Check the security permissions for this key. If there, remove the
Everyone group (and other appropriate groups) from the permissions list.
However, be sure that administrators and system retain Full Control of
this key.
After securing the permissions on this key, complete steps 7 through 9 from
above. Now, no one except administrators should be able to remotely access
the server's performance data using Performance Monitor.