This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LSAgent On Servers

FlyingToaster
Engaged Sweeper

3 weeks ago

I had a few questions as we work through our deployment.  Specifically, our on-prem server infrastructure. While I see a huge use case for LSagent on user endpoints, I'm debating if there is value on deploying to our servers as well.   Subnet scanning seems like the preference??- but what if you have 100s of subnets and that number only grows?    I need a way to ensure we have accurate inventory of our server infra.  Is it best to maintain my subnets or just roll out the LSagent?  From a security standpoint, which one mitigates risks more?  How are users handling large environments to ensure that accurate server inventory? 

 

Thanks 

Labels:
0 Kudos
3 REPLIES 3
Mister_Nobody
Honored Sweeper III

3 weeks ago - last edited 3 weeks ago

We use LSagent for DC and non-domain servers.

All others we agentless scan with special account which is not domain admin.

Also we wait when LS will support LAPS 2.0.

0 Kudos
DavidPK
Lansweeper Tech Support
Lansweeper Tech Support

3 weeks ago

Hi,

 

Depends on the use case.  Both methods can provide accurate inventory. Many modern security postures prefer minimizing inbound ports and credential storage, favoring agent-based solutions. Many of our users utilize a combination of both scanning methods (e.g., LsAgent and agentless) to maintain their asset data

 

LsAgent:
 

  • Firewall Friendly: Typically  requires outbound HTTPS (port 443)  or direct connect port 9524 connectivity from the server, which is often easier to manage with security policies than opening inbound ports.   
  • No Stored Credentials: Lansweeper doesn't need privileged credentials stored within its database to scan servers using LsAgent. 
  • This requires more manually deploying and maintaining. 

Agentless scanning:

 

  • No need to install or manage agents on the target servers.
  • Scanning targets and credentials are managed centrally within Lansweeper.
  • Firewall Requirements: Requires specific inbound ports to be open on server firewalls (e.g., WMI ports [RPC/135+dynamic], SSH [22]) from the Scan Server(s).
  • Credential Management: Requires storing privileged credentials within Lansweeper for the scans to work. 
0 Kudos
FlyingToaster
Engaged Sweeper
In response to DavidPK

a week ago

Thanks for the reply.  We are leaning towards LSagent--seems like the only downside is the deployment fact.  And as we move more to Azure, LSagent really is the only path for use as there is no way to manage the ranges in that environment. 

How about my vmware/vcenter assets--still same position as above?  

I noticed in my testing, that some of my vmware assets are showing as hyperv?  

Thanks again for the help. 

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now