cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
LansweeperSurge
Engaged Sweeper

If anybody knows a workaround, please let me know, but we'd LOVE to use Lansweeper for scanning AD, and finding unknown Users, Computers, etc. This requires us to scan ALL of AD. However, we have some users and specific OU's that need excluded because they are sensitive. I've searched for how to do this, and the response from lansweeper from the last 10 years has been the same. "This has been added to our wishlist and has not been implemented yet"

Anybody halfway familiar with programming knows this is very easy to implement, there's no reason there can't be exclusions if there are already inclusions. It's absolutely ridiculous that lansweeper doesn't allow exclusions and at least at my own company, this might be a deal breaker for our security team and we may very well have to prove there's no other better solutions.

Having to provide an exclusion within our security software, leaves the server performing the scans vulnerable to being used for reconnaissance on the environment outside of the parameters specified by Lansweeper. I don't understand how this could possibly be left on the docket for 10 years.

4 REPLIES 4
Mister_Nobody
Honored Sweeper II

Hmm, you can set concrete OU to scan via user path and computer path

Mister_Nobody_0-1689738013449.png

 

You can also do the same thing by using the OU filter within the Active directory domain scan. If you're using Lansweeper to DISCOVER assets that could be UNKNOWN, setting concrete OU's completely destroys that possibility.

Not to even mention that anybody that has multiple people working in AD, some of whom aren't familiar with Lansweeper even being active, this leads to all sorts of missed assets. Instead of simply excluding them, you have to set up an entire process just to ensure new OU's get put into Lansweeper. That's a lot of work for something not that complicated.

rom
Champion Sweeper III

I've had this same situation come up many times - it would be great if there were an exclusion in the active scanning for sure.  What I end up doing is what you mentioned, putting everything in the include EXCEPT the ones I dont want to have...  though to make it easier, take the sensitive OU consolidating it into one tree...  and add all of the root OU's to the inclusions minus that one.  At least that way, someone would have to make a root OU for some reason in AD and put stuff in there in order for something to be missed.  It's ugly, and the drawbacks are exactly what you said -  so yeah i'm open to any tricks and tips as well 🙂

You can exclude concrete computres from scanning.