This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Python Extension 2.0 - Using LocalSystem user

Go to solution
Benji_Dynatrace
Participant

‎13 May 2024 08:32 PM - last edited on ‎14 May 2024 08:12 AM by Community Team

Hi,

this is pretty self explanatory, we are trying to build extensions that can do things with admin rights (like running certain powershell scripts for example) but we noticed that the python environment run on the LocalService account which doesn't have admin rights. So our question is this, is there a way to deploy the python environment so that it runs on LocalSystem instead of LocalService?

Thanks!

 

Labels:
Reply
5 REPLIES 5

Go to solution
Mike_L
Dynatrace Guru
Dynatrace Guru

‎13 May 2024 09:59 PM

There is not. The way we work around this is by asking for a username and password and running the commands as that user.

Please raise a product idea if that is insufficient for you.

Mike
Reply

Go to solution
Benji_Dynatrace
Participant
In response to Mike_L

‎23 May 2024 09:15 PM - edited ‎23 May 2024 09:15 PM

Hi Mike,

are there any examples on how to implement the execution using given usernames and passwords, we haven't been able to replicate it on our end.

Thanks

0 Kudos
Reply

Go to solution
Mike_L
Dynatrace Guru
Dynatrace Guru
In response to Benji_Dynatrace

‎23 May 2024 10:49 PM

You can grab either the extended activedirectory extension or the Citrix extension from the hub. They have implemented that functionality.

Mike
0 Kudos
Reply

Go to solution
jonhaugen
Helper
In response to Mike_L

‎25 Jun 2024 01:51 PM - edited ‎25 Jun 2024 03:35 PM

Hi Michael, 

Can you please elaborate on some of the thoughts behind this decision? Every other Oneagent process is running as NT AUTHORITY\SYSTEM including the old extension process.

 

There are a few extensions where you need to run as SYSTEM such as when querying a database or listing any IIS related properties. This is even visible in the new IIS Extension available through the Hub where App pools and sites is listed with metrics through WMI, but no relationships between each other.

 

Thank you very much in advance! 

EDIT:
Added Product Idea: https://community.dynatrace.com/t5/Product-ideas/Python-Extension-2-0-run-as-NT-AUTHORITY-SYSTEM/idi...

Intility - Dynatrace Professional
0 Kudos
Reply

Go to solution
Mike_L
Dynatrace Guru
Dynatrace Guru
In response to jonhaugen

‎25 Jun 2024 04:42 PM

It was a requirement from our security department. As extension framework 2.0 distributes code, it was important that the code does not run as a privileged user. We were looking into a way to opt out of the more secure method, your product idea will help put that onto the radar again.

Mike
Reply
Ask a question

Featured Posts