The Remote Registry service must be running on the system being monitored. This service runs by default on all server versions of Windows but is disabled by default on desktop versions.
Domain account users must be members of the Domain Users group. On monitored systems, this group must also be part of the Performance Monitor Users group.
Local account users must be members of the "Users" and "Performance Monitor Users" groups.
Performance counters utilize DCOM/RPC and dynamic ports between 49152 to 65535. Allowing "File and Printer Sharing" in Windows Firewall enables performance counter monitoring.
Domain account users need to be part of the Domain Admins group.
Local account users should be part of the "Users" and "Distributed COM Users" groups.
Users must have "Enable Account" and "Remote Enable" permissions in the WMI Control applet (wmimgmt.msc) for the Root\CIMV2 namespace.
WMI also uses DCOM/RPC and dynamic ports between 49152 to 65535. Enabling "Windows Management Instrumentation" in Windows Firewall suffices for monitoring.
ICMP uses IP datagrams. Enabling "File and Printer Sharing (Echo Request - ICMPv4-In)" and "File and Printer Sharing (Echo Request - ICMPv6-In)" in Windows Firewall allows IPv4 and IPv6 pings, respectively.