This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Scanning without a domain admin account

chada
Engaged Sweeper III

‎05-27-2011 11:15 PM

My lansweeper service account and the accounts I used for each domain were all domain admins which made active scanning easy. Now I am tasked with removing all service accounts from the domain admin group as it is bad security practice and we are going through Cybertrust audits.

I am changing our lansweeper service accounts to administrators of all servers through the restricted group group policy feature for each domain. My question is with regards to the domain controllers and how I will be able to scan them after removing them from domain admins. Am I going to have to restort to lsclient scans for these or is there another built in security group in AD with enough rights for what lansweeper scans for on a server?
Labels:
0 Kudos
3 REPLIES 3
Csilano
Engaged Sweeper

‎06-16-2011 09:01 AM

I'm scanning with a server administrator account. All of my workstations have the global server administrators group included in the local admins group. No DA acct required.
0 Kudos
chada
Engaged Sweeper III

‎05-31-2011 07:27 PM

Ya, I knew it just needed to read active directory but I was wondering how people are dealing with Administrative rights on a domain controller without using a domain admin account. When a Server is promoted it loses all of its local accounts so you can't add a local admin for obvious security reasons.
0 Kudos
Hemoco
Lansweeper Alumni

‎05-28-2011 11:28 AM

The account needs read access to active directory (which most users have), administrative rights on the target computers and on the server.
You can also run the service as "localsystem" and use the alternate credentials for scanning.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now