This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: Set Up the scan for Domain Controllers (not AD...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2021 10:46 AM
Hello 🙂
I´m glad to be here and I directly have my first question.
In the past in the company, I´m working for, the user for the scanning was a domain admin.
When I arrived, I started to "clean up" and I switched this.
Therefore I followed the Windows domain scanning requirements:
https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Globally speaking - it worked fine - the clients get scanned and the AD is scanned.
The only "problem" we have is that the Domain Controllers are not scanned anymore ...
... of course, because the scanning user is "only" local admin on clients and servers, but not on the Domain Controllers ... because this is not possible 😛
Nevertheless I think that there must be a possibility to scan also the Domain Controllers.
I would prefer not to install something (the agent) on the Domain Controller - if possible !!
I hope someone has a hint for me !
thanks - BR Georg
I´m glad to be here and I directly have my first question.
In the past in the company, I´m working for, the user for the scanning was a domain admin.
When I arrived, I started to "clean up" and I switched this.
Therefore I followed the Windows domain scanning requirements:
https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Globally speaking - it worked fine - the clients get scanned and the AD is scanned.
The only "problem" we have is that the Domain Controllers are not scanned anymore ...
... of course, because the scanning user is "only" local admin on clients and servers, but not on the Domain Controllers ... because this is not possible 😛
Nevertheless I think that there must be a possibility to scan also the Domain Controllers.
I would prefer not to install something (the agent) on the Domain Controller - if possible !!
I hope someone has a hint for me !
thanks - BR Georg
Labels:
- Labels:
-
General Discussion
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2021 04:03 PM
I'll start by saying I have not verified myself that the steps at the link below work with Lansweeper, however I have leveraged it myself to allow SIEM and NAC tools to perform WMI queries against domain controllers without making them domain admins. You'll have to touch each domain controller.
https://kc.mcafee.com/corporate/index?page=content&id=KB74126
There are multiple variations on the internet of how to grant WMI access on a DC without admin rights, however this is the one that I can guarantee works. On-prem, AWS hosted, and Azure hosted domain controllers... all worked.
Alternatively you could take a look at the lsagent. I don't use it, but I have to imagine it would run as the system account and also solve your issue if you have no issues with having it installed.
https://kc.mcafee.com/corporate/index?page=content&id=KB74126
There are multiple variations on the internet of how to grant WMI access on a DC without admin rights, however this is the one that I can guarantee works. On-prem, AWS hosted, and Azure hosted domain controllers... all worked.
Alternatively you could take a look at the lsagent. I don't use it, but I have to imagine it would run as the system account and also solve your issue if you have no issues with having it installed.
GeorgB wrote:
Hello 🙂
I´m glad to be here and I directly have my first question.
In the past in the company, I´m working for, the user for the scanning was a domain admin.
When I arrived, I started to "clean up" and I switched this.
Therefore I followed the Windows domain scanning requirements:
https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Globally speaking - it worked fine - the clients get scanned and the AD is scanned.
The only "problem" we have is that the Domain Controllers are not scanned anymore ...
... of course, because the scanning user is "only" local admin on clients and servers, but not on the Domain Controllers ... because this is not possible 😛
Nevertheless I think that there must be a possibility to scan also the Domain Controllers.
I would prefer not to install something (the agent) on the Domain Controller - if possible !!
I hope someone has a hint for me !
thanks - BR Georg
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- OU-based report of computers in Reports & Analytics
- Inside Lansweeper: Weekly Recap in General Discussions
- [Community Discussion] Scanning without domain admin credentials - Comment below in General Discussions
- Software Change Report not reflecting Removed Software in General Discussions
- How to set up scannig ADC ... without being DomainAdmin? in General Discussions
