→ The Lansweeper Customer Excellence Awards 2024 - Submit Your Project Now! Learn More & Enter Here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bkantar
Engaged Sweeper
Hi,

I'm using Lansweeper on a Domain other than mine (it is installed on a VM in their Domain, which I remote into) and need to do a few scans. They don't want to provide me with credentials to a Domain Admin account, however I need one to scan the servers. Is there a work around where they can, say, create a service account with Domain Admin permissions that I can use with Lansweeper? Or, do you have a workaround other you can share?

Thank you!

bkantar
4 REPLIES 4
lansend
Engaged Sweeper
It has been made abundantly clear that Lansweeper scanning credentials require administrative privileges on the target computer. Nevertheless, for other reasons I too do not want to use credentials with Full Admin privileges.

On a Windows server there is a group called Remote Management Users, described as follows.

Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.


Can this group be leveraged somehow?
Esben_D
Lansweeper Employee
Lansweeper Employee
lansend wrote:
It has been made abundantly clear that Lansweeper scanning credentials require administrative privileges on the target computer. Nevertheless, for other reasons I too do not want to use credentials with Full Admin privileges.

On a Windows server there is a group called Remote Management Users, described as follows.

Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.


Can this group be leveraged somehow?


To be honest, your best bet is just to test it. You have a slight change it might work. I know that for some specific WMI classes administrative privileges are required, which is why we set it as a requirement. There might be more things I'm forgetting though.
Charles,
Thanks for your prompt response. I tried it , it did not work. I suspect it has something to do with " This applies only to WMI namespaces that grant access to the user." . Looked it up and ended in Technet , which was way over my pay grade.
Esben_D
Lansweeper Employee
Lansweeper Employee
We have an article in our knowledge base which lists all the Domain Scanning Requirements.

As mentioned in the articles, to scan assets using Active Directory Domain, for credentials:
  • You must provide Lansweeper with a username/password combination that has administrative privileges on the client machine and, for scanning Active Directory information, read-only access to Active Directory.