This article applies to PRTG Network Monitor 16 or later

Monitoring WMI Sensors Outside a Domain

If the server on which PRTG is installed is part of a domain, whereas a few target machines are not, WMI monitoring often fails with the following error:

Connection could not be established (80070005: Access Denied …)

This article lists a few possible steps to resolve this issue to successfully monitor target machines outside your Windows domain.

Basic Steps

• First of all, please check if the correct credentials are used, especially if the hostname is entered in the field Domain or Computer Name in PRTG. You can try to use localhost here, especially in the settings of the parent group (if all devices in this group are outside of the domain, of course). Please do not leave this field empty!
• Verify if any firewalls in between PRTG and the target machine(s) may be interfering with connections on port 135.
• Check the access rights to the target machine. You can either try accessing as a local user with corresponding rights or as a domain admin:
  • If you want to use a local user to monitor the target machine (no matter if workgroup or domain machine), set up this user account as following.
    Note: This approach does not work with a domain user!
    • Open the Computer/Server Management tool on the target machine.
    • Navigate to System | Local Users and Groups | Groups.
    • Add the local user to Distributed COM Users and to Performance Monitor Users.
    • Navigate to Services and Applications below in the management panel.
    • Right-click WMI Control and choose Properties.
    • Select the Security tab.
    • Navigate to the namespace you are interested in (for example, Root\CIMV2).
    • Click the Security button.
    • Add the local user and give these permissions: Execute Methods, Enable Account, and Remote Enable.
    • Start DCOMCNFG.exe
    • Navigate to Component Services | Computers | My Computer.
    • Right-click My Computer and choose Properties.
    • Select the COM Security tab.
    • In section Launch and Activation Permissions click Edit Limits…
    • Add the local user and allow these permissions: Local Launch, Remote Launch and Remote Activation.
    • Monitoring with a local user user account should now work.

• How can I monitor WMI sensors if the target machine is not part of a domain? | Paessler Knowledge Base