cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jturley
Engaged Sweeper
I am currently in the process of setting up LanSweeper. I have Installed lsagent on all of the computers in my domain. I am receiving scan data from most of the clients. I also had a active directory scan enabled for the same group of computers. I am getting a WMI error on those scans due to the fact that the configured scan user is not an admin on the local computers. I am happy with the data I am getting from lsagent and do not see the need for the active directory scan. I currently have it disabled. Is this how scanning is generally configured or is there an advantage tor running both scans.

Thanks
7 REPLIES 7
julioortiz
Engaged Sweeper

Hi!

Is there any solution for this topic? I am really interested in solving this for a customer in Argentina. @FrankSc @Tane 

Thanks

FrankSc
Lansweeper Tech Support
Lansweeper Tech Support

Dear, 
It depends on which data you are finally interested in. 
If you don't want to scan AD attributes from users and groups, then you don't need to set up AD scanning. But if you are only after the asset data, then the LsAgent scan can be enough.
Which part are you struggling with? With the agentless scan? For that, we recommend looking at our Knowledge Base to solve scanning errors. Or you can indeed also contact Support.

Hi @julioortiz due to the age of the original post I recommend contacting our support team directly to follow up Contact Support - Lansweeper 

rom
Champion Sweeper III

sorry i replied to the top - can't figure out how to delete this post

rom
Champion Sweeper III

Bringing this one back up -  I have certain situations/installations where I need to run both LSAgent and Active Scanning but I need to separate them - i.e. if LSAgent scans it within the acceptable Active Scan interval, it doesn't scan it with Active Scan -  I can't have active scan going off all the time, getting access denied errors, triggering security applications.  Is there a way around this?

FrankSc
Lansweeper Tech Support
Lansweeper Tech Support
Hi,

LsAgent has the advantage that it runs locally and that it does not require administrative privileges to scan a computer. The fact that you are seeing these WMI errors, indicates that the credentials you are using for the AD scan are indeed missing these privileges.
Finally, it is your decision to use both or not. Both scans can run simultaneously and will give the same scanning results. LsAgent has the advantage that it can communicate with a relay server to send scan results, when not connected to your network.
rom
Champion Sweeper III

No - I'm not talking about WMI/credential issues - i'm talking about Active Scanning not counting an LSAgent scan when determining the timeframe to scan the computer or not.  So, I have an LSAgent scan and an Active Scan on the asset.  Obviously having an agent negates the need for a windows account - but since Active Scanning ignores an LSAgent scan, it will scan or attempt to scan the domain computer - resulting in access denied errors.  On 30,000 endpoints, this is unacceptable as that will trigger/flood security tools monitoring access denied entries for an account.  Thus, unless there is a way to have Active Scanning count an LSAgent scan, I cannot use Active Scanning in conjunction with LSAgent.

 

rom_0-1669846129573.png

If it did, Active scanning would say "hey this asset has been scanned today with LSAgent, skip it"  so I wouldnt have an access denied error (or errors if it tries various windows credentials).  Conversely, if a windows machine does not* have LSAgent, there would be no agent-based scan, thus Active scanning would attempt to scan it.