‎07-18-2023 09:52 PM - last edited on ‎04-02-2024 10:13 AM by Mercedes_O
If anybody knows a workaround, please let me know, but we'd LOVE to use Lansweeper for scanning AD, and finding unknown Users, Computers, etc. This requires us to scan ALL of AD. However, we have some users and specific OU's that need excluded because they are sensitive. I've searched for how to do this, and the response from lansweeper from the last 10 years has been the same. "This has been added to our wishlist and has not been implemented yet"
Anybody halfway familiar with programming knows this is very easy to implement, there's no reason there can't be exclusions if there are already inclusions. It's absolutely ridiculous that lansweeper doesn't allow exclusions and at least at my own company, this might be a deal breaker for our security team and we may very well have to prove there's no other better solutions.
Having to provide an exclusion within our security software, leaves the server performing the scans vulnerable to being used for reconnaissance on the environment outside of the parameters specified by Lansweeper. I don't understand how this could possibly be left on the docket for 10 years.
‎07-19-2023 05:40 AM
Hmm, you can set concrete OU to scan via user path and computer path
‎07-19-2023 11:29 PM
You can also do the same thing by using the OU filter within the Active directory domain scan. If you're using Lansweeper to DISCOVER assets that could be UNKNOWN, setting concrete OU's completely destroys that possibility.
Not to even mention that anybody that has multiple people working in AD, some of whom aren't familiar with Lansweeper even being active, this leads to all sorts of missed assets. Instead of simply excluding them, you have to set up an entire process just to ensure new OU's get put into Lansweeper. That's a lot of work for something not that complicated.
‎07-22-2023 08:43 PM
I've had this same situation come up many times - it would be great if there were an exclusion in the active scanning for sure. What I end up doing is what you mentioned, putting everything in the include EXCEPT the ones I dont want to have... though to make it easier, take the sensitive OU consolidating it into one tree... and add all of the root OU's to the inclusions minus that one. At least that way, someone would have to make a root OU for some reason in AD and put stuff in there in order for something to be missed. It's ugly, and the drawbacks are exactly what you said - so yeah i'm open to any tricks and tips as well 🙂
‎07-20-2023 08:16 AM
You can exclude concrete computres from scanning.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now