This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Scanning Credentials & Protected Users
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 06:34 PM - edited 04-06-2023 06:56 PM
I have a domain account for scanning Active Directory domain computers in Lansweeper for the Global Windows account. Because this requires local admin privileges, I've put this account in the "protected users" group in Active Directory for additional security. I've noticed that under Scanning Targets for active scanning it will say invalid credentials. However, I know the credentials are correct. If I select a computer asset in Lansweeper and click "rescan asset", it scans the computer with the same Global credentials without issue. If I remove this account from the Protected Users group, the active scanning under Scanning Targets does not show "invalid credentials". So why is active scanning different from rescan asset? Is the only way this works to have the scanning account NOT a part of protected users?
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 10:43 PM - edited 04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2023 10:43 PM - edited 04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Scanner broken, installed new scanner on same server how to transfer scan ranges and credentials in Product Discussions
- Credentials from "my credentials" not mapped to all scanning servers in General Discussions
- Value does not fall within the expected range in Deployment Packages
- Not able to add new credentials to scanning credentials in General Discussions
- Mass Mapping of Credentials in General Discussions
