Security Considerations for Agentless Management in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
Agentless management allows you to monitor computers without installing an agent on them. For example, you can use agentless management for computers that are in special environments where an agent cannot be installed.
The management server communicates to the agentless-managed computer over the RPC port (TCP 135) and the DCOM port range, and therefore using agentless management for a computer outside a firewall is not supported.
To use agentless management, the management server’s action account must be a domain account that is also a local administrator on the remote computer and must be in the same domain, or a trust relationship must exist between their domains. For example, an agent proxy running as a low privilege account will fail to the access WMI namespace, and therefore rules, scripts, and monitors will fail to run.