This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Community Discussion] Scanning without domain admin credentials - Comment below

Mercedes_O
Community Manager
Community Manager

yesterday

How do you use Lansweeper to scan your entire network without relying on domain admin credentials, while still maintaining a strong security posture? What access controls and best practices do you follow? 

Share your comments below.

Labels:
2 REPLIES 2
RandomITDude232
Engaged Sweeper II

yesterday

So we give it local admin creds on most of our machines, but if a system requires a domain admin cred. We are using the LSAgent to get that information. That way we don't risk the user being too elevated, and we ensure our security team that we can get the info without violating policy. The agents are amazing for getting you the inventory data when elevated creds and sometimes no creds at all are your only option for servers. Honestly, we get buy okay with simple admin level.

0 Kudos
Tim_N
Lansweeper Employee
Lansweeper Employee
In response to RandomITDude232

yesterday

Oh, I like that idea @RandomITDude232 -- I like that you use the agents for those without admin rights. 

Maybe this is a little too personal... about your local admin creds, do you use Legacy LAPS to do this or are you guys using a single local credential? 

I think what you are doing is a good idea. Having a local credential on servers vs. workstations vs. laptops vs. etc. would help to divide out the risk as well. 

Thanks for sharing! Very interesting. 

Tim N.
Lansweeper Employee
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now