yesterday
How do you use Lansweeper to scan your entire network without relying on domain admin credentials, while still maintaining a strong security posture? What access controls and best practices do you follow?
Share your comments below.
13 hours ago
We don't use domain admins account into LS:
9 hours ago - last edited 9 hours ago
@Mister_Nobody this is another great strategy.
One benefit of using LsPush at login is that you can track EVERY USER that logs into that machine. Then, you know your user information is accurate when looking at the asset list.
{For those that don't know, the active user will only be displayed from when that asset was scanned. So, if you scan 1x per day, only that one user who was logged on during the scan will be displayed. What Mister_Nobody is doing will provide the up-to-date active user.}
I also like how you combine the agents (point #2) as well as scan the assets with a dedicated credential (step #3). You have this covered well.
Thanks for sharing!
14 hours ago
We solely rely on LsPush for scanning our +1500 (industrial) Windows devices.
Main advantages:
9 hours ago
@Hendrik_VE That's a great idea. I didn't consider warranty issues on industrial systems, this is a good call out for others as well.
Thanks for sharing your strategy.
yesterday
So we give it local admin creds on most of our machines, but if a system requires a domain admin cred. We are using the LSAgent to get that information. That way we don't risk the user being too elevated, and we ensure our security team that we can get the info without violating policy. The agents are amazing for getting you the inventory data when elevated creds and sometimes no creds at all are your only option for servers. Honestly, we get buy okay with simple admin level.
yesterday
Oh, I like that idea @RandomITDude232 -- I like that you use the agents for those without admin rights.
Maybe this is a little too personal... about your local admin creds, do you use Legacy LAPS to do this or are you guys using a single local credential?
I think what you are doing is a good idea. Having a local credential on servers vs. workstations vs. laptops vs. etc. would help to divide out the risk as well.
Thanks for sharing! Very interesting.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now