Showing results for 
Show  only  | Search instead for 
Did you mean: 
Engaged Sweeper III
We have changed our scanning credentials from being a Domain Admin to a Local Admin (Group Policy controls local Administrators members).

Domain Controllers do not have local users and groups. The solution for scanning is to have a scheduled task running LSPUSH.

The annoying thing is that the Domain Controllers flip between having scanning errors and not having errors. I tried excluding the IP from the scheduled scan, but this prevented LSPUSH from updating.

Is this expected behavior? Is there a workaround, i.e. a way to prevent scanning but allow LSPUSH? Do I just have to live with scanning errors?

Lansweeper Alumni
As scan exclusions exclude assets from scanning of any kind, it is intended behavior that this also prevents LsPush data from being imported for the asset in question.

Depending on through which Scanning Target your Domain Controllers are still being picked up you could set up your scanning targets in such a way that they skip your Domain Controllers:
  • Active Directory Domain Scanning: If your DCs are in a separate OU, you could use OU filters, which are explained in this article.
  • IP Range Scanning: If your DCs are all contained within a specific IP Range, you could set up your IP Range scanning target to not cover that range.