→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
steviebuk
Engaged Sweeper
I'm curious to get an official word. We have version 6.0.100.98 and I was recently asked to create an account that lansweeper could use to scan all the machines. The past engineer had been using their domain admin account.

Despite the password being correct and the account have local admin rights on all the machines that scans would fail. If I used my domain admin account the scans were successful.

I then discovered if I wrote under login on "scanning credentials" the domain as upper case, the local admin account works. If the domain is typed in lower case it fails. Its very odd because if you put the domain in lower case for the domain admin account, it works.

Example:

mydomain\sweeperaccount - scanning would fail with simply "scanning access denied"
MYDOMAIN\sweeperaccount - scanning was a success.
mydomain\domainadminaccount - scanning was a success.

Very odd.
3 REPLIES 3
steviebuk
Engaged Sweeper
Thanks for the reply. Instead of using LsPush yet I went on all the servers that failed and had to manually add the user name into the local admins group. Appears to have worked for most of them.
Bruce_B
Lansweeper Alumni

The scanning service will authenticate with the exact credentials you've input in the web console, using locally available authentication methods, which will be either Kerberos or NTLM. We haven't run into this kind of case sensitive issue before, but I'd expect similar issues if you were for instance to log on to a computer using "mydomain\sweeperaccount".

As for the scanning of servers, any server that has a local Administrators group can be treated just like any workstation computer. The scanning credential needs to be a member of the Administrators group for successful agentless scanning. For servers that don't have local groups (domain controllers), the account would need to be a domain admin.

If you're not comfortable using domain admin credentials you can use LsPush  for scanning these types of computers instead, which does not require elevated credentials and can also be automated.

steviebuk
Engaged Sweeper
Further testing I've found this account isn't working when it tries to scan servers. I just get "Scanning Access Denied".

So does the scanning account 100% require domain admin?