‎04-06-2023 06:34 PM - edited ‎04-06-2023 06:56 PM
I have a domain account for scanning Active Directory domain computers in Lansweeper for the Global Windows account. Because this requires local admin privileges, I've put this account in the "protected users" group in Active Directory for additional security. I've noticed that under Scanning Targets for active scanning it will say invalid credentials. However, I know the credentials are correct. If I select a computer asset in Lansweeper and click "rescan asset", it scans the computer with the same Global credentials without issue. If I remove this account from the Protected Users group, the active scanning under Scanning Targets does not show "invalid credentials". So why is active scanning different from rescan asset? Is the only way this works to have the scanning account NOT a part of protected users?
Solved! Go to Solution.
‎04-06-2023 10:43 PM - edited ‎04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
‎04-06-2023 10:43 PM - edited ‎04-06-2023 10:45 PM
Here's what MS Says:
"Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error "the user name or password is incorrect" for any service or computer that is added to the Protected Users group."
There's lots of technical reasons in there which I don't know enough about to tell you why exactly - but, I just stopped at the paragraph above 🙂
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now