This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disable Agentless Windows Scanning Alltogether?

jweyts
Engaged Sweeper II

‎05-14-2024 10:41 AM

Is there a way in which you can disable agent-less windows scanning system wide?

Would the option "Ignore Windows" in an IP Scanning target fit this purpose?

And what to do with "Active Directory Domain" as a Target, this does not have that option.

Labels:
7 REPLIES 7
rader
Champion Sweeper III

‎05-17-2024 12:10 AM

It looks like you are correct. Exclusions take priority over scans. The listed article states that the asset will still be scanned to determine what it is, but the information is not saved in the database.

As I read it that means that a windows asset would be scanned, and if the exclusion is setup for workgroup or domain computers, that info wouldn't be saved. If an asset isn't a windows computer, that info would be saved in the database. I believe that the windows asset would have to be scanned no matter what to determine if it needed to be kept.

Now which takes precedence is the question. LSAgent scans or Agentless scans?

Only other way I could see to exclude windows assets is to have them in a separate IP range and not scan that range. Disabling the AD scanning options as well as noted earlier. Of course that depends on your environment.

What you're trying to do I believe is beyond the program's design. If any of the Lansweeper techs that haunt the forum have a better answer, please chime in.

0 Kudos
jweyts
Engaged Sweeper II
In response to rader

‎05-17-2024 08:50 AM

I'm starting to come to the same conclusion, that there is no easy way of doing this.

And redesigning IP subnet for all different location is not feasible.

 

At the moment we're dealing with this by setting 'Ignore Windows' on every 'IP Range' -Scan Target in combination with setting the option 'LsAgent Only' in the LsAgent Configuration.

This seems to reduce agent-less scanning to a minimum, but not 0.

msedge_iqiZHNZmYd.png

rader
Champion Sweeper III
In response to jweyts

‎05-17-2024 08:19 PM

Good find. I've not upgraded to the latest yet so I didn't see the option you highlighted.

Maybe a feature request could be setup for a future version.

Best of luck @jweyts .

0 Kudos
rader
Champion Sweeper III

‎05-14-2024 04:36 PM

Another thought is to add an exclusion like this.

exclude domain.png

0 Kudos
jweyts
Engaged Sweeper II
In response to rader

‎05-15-2024 09:18 AM

I thought about this option, but it looks like Windows machines will still get scanned but the results are ignored.

Maybe to clarify what I want to achieve is: I don't want lansweeper to use agent-less scanning for Windows boxes ever.
But still want the Windows info from LsAgent scans.

From the Lansweeper documentation:

"If an excluded asset is part of a scanning target, the asset will still be scanned but the data will be ignored as the exclusion has priority over the scanning target."
Exclude assets from scanning - Lansweeper Community

0 Kudos
rader
Champion Sweeper III

‎05-14-2024 04:31 PM

Try disabling the scanning targets here. My guess is that nothing will be scanned. If however, you're using IP ranges to scan, Lansweeper will still scan what's in that range, be it windows or other devices.

Disable scanning.png

 

0 Kudos
jweyts
Engaged Sweeper II
In response to rader

‎05-15-2024 09:12 AM

indeed, that option will not work, I still want to scan non-windows machines.

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now