The following steps will need to be followed for every Windows Server or Windows Client (SecOps) if the TotalView Service Account does not have Local Administrator permissions.


Limitations of Running TotalView without Full Local Admin Rights:

  • No ability to display Logged in users
  • No ability to control services
  • No ability to kill processes


Must be Running TotalView 12.1  Build R12174 or Later for Proper Functioning

Local User Group Membership

Add the TotalView Service Account user to following Local Security Group
Performance Log Users

Performance Monitor Users

Remote Management Users

Distributed COM Users

WMI user access permissions

  1. Using an administrator account, logon the computer you want to monitor.
  2. Go to Start > Control Panel > System and Security > Administrative Tools > Computer Management > Services and Applications.
  3. Click WMI control, right-click, and then select Properties.
  4. Select the Security tab, expand Root, and then click CIMV2.
  5. Click Security and then add the TotalView Service Account  used to access this
    computer. Ensure you grant the following permissions: Enable Account and Remote Enable.
  6. Click Advanced, and then select the user account used to access this computer.
  7. Click Edit, select this namespace and sub namespaces in the Apply to
    field, and then click OK.
  8. Click OK to close the Advanced Security Settings for CIMV2 window.
  9. Click OK to close the Security for Root\CIMV2 window.
  10. In the left navigation pane of Computer Management, click Services.
  11. In the Services result pane, select Windows Management Instrumentation, and then click Restart.

Enable RemoteAdmin on the Windows Firewall

Run the Following PowerShell Command on the Remote Host:

netsh firewall set service RemoteAdmin enable

optionally:  You can limit RemoteAdmin only from the TotalView Host or Subnet:

netsh firewall set service RemoteAdmin enable custom <TotalView IP Address (eg.> or <subnet eg.>

To Enable Monitoring on a Domain Controller:

The TotalView Service Account needs to be added the the Following Active Directory Global Security Groups:

Performance Log Users

Performance Monitor Users

Remote Management Users

Distributed COM Users

Additional Permissions for Windows Service Enumeration:

Determine the SID for the TotalView Service Account

Run the Following PowerShell Command on a Domain Controller:

Get-AdUser -Identity <TotalView Service Account> | Select Name, SID, UserPrincipalName


Username: svc-totalview-min

SID:  S-1-5-21-581919217-3246652730-623169886-1156

Enable Service Enumeration for the TotalView Service Account:

Run the Following command locally

Replace The Highlighted SID with the SID for your service account:

sc sdset scmanager D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)(A;;CC;;;S-1-15-3-1024-528118966-3876874398-709513571-1907873084-3598227634-3698730060-278077788-3990600205)(A;;GA;;;S-1-5-21-581919217-3246652730-623169886-1156)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

For Reference:  Windows and WMI Calls TotalView Makes:

Machines that exist in the domain.

Active directory search with the following filter: "(&(objectCategory=computer))"


Machine name.



OS of a specific machine, RAM, Windows version.



CPU load.



Logged in users








Network utilization.



Disk utilization.