→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mister_Nobody
Honored Sweeper II

I have additional credentials besides global.

Last versions of LS ignore credentials failback. If Global doesn't allow then LS fail to scan and doesn't try to use additional Credential Mapping.

1 ACCEPTED SOLUTION
Mister_Nobody
Honored Sweeper II

I decide to use workaround and

set direct cred to computer:

Windows Computer domain\computer Server_adm

after that scan is passed

View solution in original post

14 REPLIES 14
Mister_Nobody
Honored Sweeper II

I decide to use workaround and

set direct cred to computer:

Windows Computer domain\computer Server_adm

after that scan is passed

When assigning the creds, are you hardcoding the domain or did you try to leverage a local admin account? I see that you stated domain\computername but I'm curious. In some instances, we're leveraging a local admin account via .\user instead of pcname\user .

I have also leveraged domain creds with the full email for an admin perm account (Ex. lsadmin@contose.com). Do to Group Policies issues in our env, we've had to leverage both.

I could just be being nosy atm but, thoughts/opinions?

-Don't forget to hand out Kudos and mark Solutions to replies you receive!-
LS Tech Support Email: Support@lansweeper.com
LS Tech Support KB: https://www.lansweeper.com/contact-support/

We use all variants - domain\user and local .\user and not use computer\user

Also we not use UPN (via user@domain

 

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

Glad to hear that you found a workaround and for sharing it on our forum!

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

Global scanning credentials are only used when no other credentials are mapped to a specific target though, or when all other credentials fail. So, in effect, global scanning credentials will not be used if your credentials are fully and correctly mapped, so global scanning credentials are the fallback credentials. For more information on mapping scanning credentials, you can check this article: https://www.lansweeper.com/knowledgebase/creating-and-mapping-scanning-credentials/

*Oh, sorry, I used 'failback' insteed 'fallback'

Thanks for explanation.

More info about my situation.

We don't use domain admins accounts - we use special domain accounts for servers and workstations. LS allow set credentials for Windows only per computer or workgroup/domain. So we used IP-range mapping and I think before LS 10.5 (but it's not certain) IP-range mapping works for Windows computers too. But now it doesn't work.

May be it is 'by design'. In such way you have to add per-OU credentials mapping.

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

What is your scanning target setup like? Do you only use IP Range scanning targets? Or do you have some AD scanning targets active as well? 

We have a lot of IP-targets and AD-computers scan.

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

If we understand your setup correctly, Lansweeper will only use the credentials mapped to the domain, and there is no fallback to any IP range scanning mappings if the domain credentials fail. If these assets would be exclusively scanned via IP range scanning targets and not covered by your AD scanning targets, then Lansweeper should use the IP range mappings you have set up, but this might be a cumbersome setup to maintain.