This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does it make sense to run both the active directory computer scan and the lsagent scan

jturley
Engaged Sweeper

‎09-20-2021 09:48 PM

I am currently in the process of setting up LanSweeper. I have Installed lsagent on all of the computers in my domain. I am receiving scan data from most of the clients. I also had a active directory scan enabled for the same group of computers. I am getting a WMI error on those scans due to the fact that the configured scan user is not an admin on the local computers. I am happy with the data I am getting from lsagent and do not see the need for the active directory scan. I currently have it disabled. Is this how scanning is generally configured or is there an advantage tor running both scans.

Thanks
Labels:
0 Kudos
7 REPLIES 7
julioortiz
Engaged Sweeper

‎12-29-2023 06:58 AM

Hi!

Is there any solution for this topic? I am really interested in solving this for a customer in Argentina. @FrankSc @Tane 

Thanks

0 Kudos
FrankSc
Lansweeper Tech Support
Lansweeper Tech Support
In response to julioortiz

‎12-29-2023 02:33 PM

Dear, 
It depends on which data you are finally interested in. 
If you don't want to scan AD attributes from users and groups, then you don't need to set up AD scanning. But if you are only after the asset data, then the LsAgent scan can be enough.
Which part are you struggling with? With the agentless scan? For that, we recommend looking at our Knowledge Base to solve scanning errors. Or you can indeed also contact Support.

Mercedes_O
Currently Away
In response to julioortiz

‎12-29-2023 02:24 PM

Hi @julioortiz due to the age of the original post I recommend contacting our support team directly to follow up Contact Support - Lansweeper 

0 Kudos
rom
Champion Sweeper III

‎11-30-2022 10:30 PM - edited ‎11-30-2022 11:02 PM

sorry i replied to the top - can't figure out how to delete this post

0 Kudos
rom
Champion Sweeper III

‎11-30-2022 08:15 PM

Bringing this one back up -  I have certain situations/installations where I need to run both LSAgent and Active Scanning but I need to separate them - i.e. if LSAgent scans it within the acceptable Active Scan interval, it doesn't scan it with Active Scan -  I can't have active scan going off all the time, getting access denied errors, triggering security applications.  Is there a way around this?

0 Kudos
FrankSc
Lansweeper Tech Support
Lansweeper Tech Support

‎09-29-2021 12:05 PM

Hi,

LsAgent has the advantage that it runs locally and that it does not require administrative privileges to scan a computer. The fact that you are seeing these WMI errors, indicates that the credentials you are using for the AD scan are indeed missing these privileges.
Finally, it is your decision to use both or not. Both scans can run simultaneously and will give the same scanning results. LsAgent has the advantage that it can communicate with a relay server to send scan results, when not connected to your network.
0 Kudos
rom
Champion Sweeper III
In response to FrankSc

‎11-30-2022 11:03 PM - edited ‎11-30-2022 11:15 PM

No - I'm not talking about WMI/credential issues - i'm talking about Active Scanning not counting an LSAgent scan when determining the timeframe to scan the computer or not.  So, I have an LSAgent scan and an Active Scan on the asset.  Obviously having an agent negates the need for a windows account - but since Active Scanning ignores an LSAgent scan, it will scan or attempt to scan the domain computer - resulting in access denied errors.  On 30,000 endpoints, this is unacceptable as that will trigger/flood security tools monitoring access denied entries for an account.  Thus, unless there is a way to have Active Scanning count an LSAgent scan, I cannot use Active Scanning in conjunction with LSAgent.

 

rom_0-1669846129573.png

If it did, Active scanning would say "hey this asset has been scanned today with LSAgent, skip it"  so I wouldnt have an access denied error (or errors if it tries various windows credentials).  Conversely, if a windows machine does not* have LSAgent, there would be no agent-based scan, thus Active scanning would attempt to scan it.

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now