This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Question user permission WMI scanning
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2014 02:07 PM
Hello,
I have a question that I do not understand and maybe somebody knows why this happens.
On our network we manage local administrators centrally and put them into a security group in the Active Directory e.g. localAdminsSRV555. This group is added into the Administrators group on the particular server thus allowing all people being part of the localAdminsSRV555 to operate as admins on the server. If some rights needs to be revoked we simply remove it from the localAdminsSRV555 group.
Our Lansweeper is configured to use a specific user for the WMI scanning of all hosts. This user is of course added as member of the localAdmisnSRV** group of each server. Allthough he is administrator by this and could e.g. install software without any issues Lansweeper complains not being able to scan the server if you try to do so by "rescan asset".
I have to add the specific user directly into the Administrators group on each server then the WMI scanning works fine. To be honest I do not understand the difference from user permission point of view. One time the rights are granted due to being member of a group that is part of the local Administrators group. The other time the rights are granted due to the user is member of the the local Administrators group. Why does WMI scanning not work if the user is member of the group that is part of the local Administrators group?
Any help in this would be great.
Thanks in advance
Maweko
I have a question that I do not understand and maybe somebody knows why this happens.
On our network we manage local administrators centrally and put them into a security group in the Active Directory e.g. localAdminsSRV555. This group is added into the Administrators group on the particular server thus allowing all people being part of the localAdminsSRV555 to operate as admins on the server. If some rights needs to be revoked we simply remove it from the localAdminsSRV555 group.
Our Lansweeper is configured to use a specific user for the WMI scanning of all hosts. This user is of course added as member of the localAdmisnSRV** group of each server. Allthough he is administrator by this and could e.g. install software without any issues Lansweeper complains not being able to scan the server if you try to do so by "rescan asset".
I have to add the specific user directly into the Administrators group on each server then the WMI scanning works fine. To be honest I do not understand the difference from user permission point of view. One time the rights are granted due to being member of a group that is part of the local Administrators group. The other time the rights are granted due to the user is member of the the local Administrators group. Why does WMI scanning not work if the user is member of the group that is part of the local Administrators group?
Any help in this would be great.
Thanks in advance
Maweko
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2014 05:48 PM
For anyone wondering about this: both approaches (adding the user to the admins directly or adding a group the user belongs to) should work. The few instances where we've seen issues with this were caused by Active Directory problems. You can try running dcdiag /e /q on your domain controllers to look for Active Directory issues.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2014 05:48 PM
For anyone wondering about this: both approaches (adding the user to the admins directly or adding a group the user belongs to) should work. The few instances where we've seen issues with this were caused by Active Directory problems. You can try running dcdiag /e /q on your domain controllers to look for Active Directory issues.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- SALTO Door Access Controllers in General Discussions
- Deployments keep timing out; any other logs I can find anywhere? in Deployment Packages
- [Event]Ask Our Experts Live: Industrial Inventory Management 101 in General Discussions
- Lansweeper.vbs download in General Discussions
- Monitor not being detected if already an asset? in General Discussions
