I am responsible to Packaging Applications for my company and is was decided that we needed to have Dynatrace Appmon packaged for easier distribution.
Now, all of our packages install with the System account and grant the users just enough rights to use the program. So granting the user Local Admin rights is out of the question.
So far, we have the package installed and working normally. We have done this so far by Granting Modify access to the Program Directory and well as specific rights to the users groups for all dynaTrace Services.
The only issue we seem to have left is when a non-admin user is attempting to use the “Dynatrace Agent Configuration for .NET.lnk” shortcut in the start cut.
We have altered it so it ignores the UAC prompt as we assumed full access to the program directory would resolve that, it has not.
So the question I have here is, what Rights does this installation or just that Configuration program in particular need that we are not granting. Registry locations? Another location on the disk?
The .NET Agent Configuration Utility sets registry settings and enables/disables the debugger within the .NET runtime environment by setting global variables. So these are activities not normally available to non-admin users. If you can grant the ability to modify the registry and global variables then that should allow anyone to run it when necessary.
Keep in mind that the agent can also be enable/disabled by setting process level environment variables. I'm not sure if that would help your situation, but something to consider when designing your procedures from a security perspective. Then once the agent is installed, non-admin users could enable/disable the agent on a per process basis, perhaps procedurally via scripts.
You might find some useful details on the doc page: https://community.dynatrace.com/community/display/... Check out the bottom section on Troubleshooting.
Let us know if that's sufficient detail.