The ultimate security for invoking a Checkmk-agent is offered by invoking it via Secure Shell – in Linux in the form of an implementation of OpenSSH. Since Windows 10 and Windows Server 2019 OpenSSH is already included.
Step-by-step guide
Start nStart OpenSSH Server
Code Block net start sshd
Create SSH Key pair
Code Block ssh-keygen
Create the file 'authorized_keys' in C:\Users\<USERNAME>\.ssh\
Code Block fsutil file createnew authorized_keys 2000
- Put in the public key from Checkmk Site User
Now you can login without Password to the Windows machine
Code Block OMD[nagnis_master]:~$ ssh IEUser@192.168.2.106 Microsoft Windows [Version 10.0.17763.379] (c) 2018 Microsoft Corporation. Alle Rechte vorbehalten. ieuser@MSEDGEWIN10 C:\Users\IEUser>
Modify the authorized_keys on the Windows Host and restrict access to the execution on the agent
Code Block command="\C":\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe\" test" ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGb6AaqRPlbEmDnBkeIW3Q6Emb5lr2QEbWEQLmA5pb48 mysite@mycmkserver
- Go to Checkmk and configure a special agent for the Windows Hosts
WATO CONFIGURATION → Host & Service Parameters → Datasource Programs → Individual program call instead of agent access
Info 
- Modify the Datasource of the Windows Host
WATO CONFIGURATION → Hosts → Edit the properties of this host
Info 
Now you can stop the Checkmk Agent Service on the Windows Host
Code Block net stop CheckMkService
Diagnosis
Code Block OMD[nagnis_master]:~$ cmk -d Windows_SSH |more <<<check_mk>>> Version: 1.6.0p19 BuildDate: Nov 16 2020 AgentOS: windows Hostname: MSEDGEWIN10 Architecture: 64bit or via SSH OMD[nagnis_master]:~/$ ssh IEUser@192.168.2.128 " " or OMD[nagnis_master]:~/$ ssh -T IEUser@192.168.2.128
...