This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Use service account for Domain Admin permissions?

bkantar
Engaged Sweeper

‎06-25-2018 09:38 PM

Hi,

I'm using Lansweeper on a Domain other than mine (it is installed on a VM in their Domain, which I remote into) and need to do a few scans. They don't want to provide me with credentials to a Domain Admin account, however I need one to scan the servers. Is there a work around where they can, say, create a service account with Domain Admin permissions that I can use with Lansweeper? Or, do you have a workaround other you can share?

Thank you!

bkantar
Labels:
0 Kudos
4 REPLIES 4
lansend
Engaged Sweeper

‎06-27-2018 07:36 PM

It has been made abundantly clear that Lansweeper scanning credentials require administrative privileges on the target computer. Nevertheless, for other reasons I too do not want to use credentials with Full Admin privileges.

On a Windows server there is a group called Remote Management Users, described as follows.

Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.


Can this group be leveraged somehow?
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to lansend

‎06-27-2018 07:55 PM

lansend wrote:
It has been made abundantly clear that Lansweeper scanning credentials require administrative privileges on the target computer. Nevertheless, for other reasons I too do not want to use credentials with Full Admin privileges.

On a Windows server there is a group called Remote Management Users, described as follows.

Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.


Can this group be leveraged somehow?


To be honest, your best bet is just to test it. You have a slight change it might work. I know that for some specific WMI classes administrative privileges are required, which is why we set it as a requirement. There might be more things I'm forgetting though.
0 Kudos
lansend
Engaged Sweeper
In response to Esben_D

‎06-28-2018 04:24 PM

Charles,
Thanks for your prompt response. I tried it , it did not work. I suspect it has something to do with " This applies only to WMI namespaces that grant access to the user." . Looked it up and ended in Technet , which was way over my pay grade.
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎06-26-2018 11:52 AM

We have an article in our knowledge base which lists all the Domain Scanning Requirements.

As mentioned in the articles, to scan assets using Active Directory Domain, for credentials:
  • You must provide Lansweeper with a username/password combination that has administrative privileges on the client machine and, for scanning Active Directory information, read-only access to Active Directory.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now