This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Scanning Credentials & Protected Users
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 06:34 PM - edited 04-06-2023 06:56 PM
I have a domain account for scanning Active Directory domain computers in Lansweeper for the Global Windows account. Because this requires local admin privileges, I've put this account in the "protected users" group in Active Directory for additional security. I've noticed that under Scanning Targets for active scanning it will say invalid credentials. However, I know the credentials are correct. If I select a computer asset in Lansweeper and click "rescan asset", it scans the computer with the same Global credentials without issue. If I remove this account from the Protected Users group, the active scanning under Scanning Targets does not show "invalid credentials". So why is active scanning different from rescan asset? Is the only way this works to have the scanning account NOT a part of protected users?
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 10:43 PM - edited 04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 10:43 PM - edited 04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Intune Scanning - No V2 in List & Issues in General Discussions
- I see Intune as an option in the on-prem Lansweeper. What exactly does it scan if I add that target? in Open Office Hours Q&A
- Azure Scanning in Lansweeper. in General Discussions
- Multiple computers with Access denied in General Discussions
- Shutdown PCs daily in General Discussions
