This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Excluding OU's and User's

LansweeperSurge
Engaged Sweeper

‎07-18-2023 09:52 PM - last edited on ‎04-02-2024 10:13 AM by

If anybody knows a workaround, please let me know, but we'd LOVE to use Lansweeper for scanning AD, and finding unknown Users, Computers, etc. This requires us to scan ALL of AD. However, we have some users and specific OU's that need excluded because they are sensitive. I've searched for how to do this, and the response from lansweeper from the last 10 years has been the same. "This has been added to our wishlist and has not been implemented yet"

Anybody halfway familiar with programming knows this is very easy to implement, there's no reason there can't be exclusions if there are already inclusions. It's absolutely ridiculous that lansweeper doesn't allow exclusions and at least at my own company, this might be a deal breaker for our security team and we may very well have to prove there's no other better solutions.

Having to provide an exclusion within our security software, leaves the server performing the scans vulnerable to being used for reconnaissance on the environment outside of the parameters specified by Lansweeper. I don't understand how this could possibly be left on the docket for 10 years.

Labels:
0 Kudos
4 REPLIES 4
Mister_Nobody
Honored Sweeper II

‎07-19-2023 05:40 AM

Hmm, you can set concrete OU to scan via user path and computer path

Mister_Nobody_0-1689738013449.png

 

0 Kudos
LansweeperSurge
Engaged Sweeper
In response to Mister_Nobody

‎07-19-2023 11:29 PM

You can also do the same thing by using the OU filter within the Active directory domain scan. If you're using Lansweeper to DISCOVER assets that could be UNKNOWN, setting concrete OU's completely destroys that possibility.

Not to even mention that anybody that has multiple people working in AD, some of whom aren't familiar with Lansweeper even being active, this leads to all sorts of missed assets. Instead of simply excluding them, you have to set up an entire process just to ensure new OU's get put into Lansweeper. That's a lot of work for something not that complicated.

0 Kudos
rom
Champion Sweeper III
In response to LansweeperSurge

‎07-22-2023 08:43 PM

I've had this same situation come up many times - it would be great if there were an exclusion in the active scanning for sure.  What I end up doing is what you mentioned, putting everything in the include EXCEPT the ones I dont want to have...  though to make it easier, take the sensitive OU consolidating it into one tree...  and add all of the root OU's to the inclusions minus that one.  At least that way, someone would have to make a root OU for some reason in AD and put stuff in there in order for something to be missed.  It's ugly, and the drawbacks are exactly what you said -  so yeah i'm open to any tricks and tips as well 🙂

0 Kudos
Mister_Nobody
Honored Sweeper II
In response to LansweeperSurge

‎07-20-2023 08:16 AM

You can exclude concrete computres from scanning.

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now