Hello,
I have a question that I do not understand and maybe somebody knows why this happens.
On our network we manage local administrators centrally and put them into a security group in the Active Directory e.g. localAdminsSRV555. This group is added into the Administrators group on the particular server thus allowing all people being part of the localAdminsSRV555 to operate as admins on the server. If some rights needs to be revoked we simply remove it from the localAdminsSRV555 group.
Our Lansweeper is configured to use a specific user for the WMI scanning of all hosts. This user is of course added as member of the localAdmisnSRV** group of each server. Allthough he is administrator by this and could e.g. install software without any issues Lansweeper complains not being able to scan the server if you try to do so by "rescan asset".
I have to add the specific user directly into the Administrators group on each server then the WMI scanning works fine. To be honest I do not understand the difference from user permission point of view. One time the rights are granted due to being member of a group that is part of the local Administrators group. The other time the rights are granted due to the user is member of the the local Administrators group. Why does WMI scanning not work if the user is member of the group that is part of the local Administrators group?
Any help in this would be great.
Thanks in advance
Maweko