
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-14-2015 04:11 PM
Hi all
I use LANsweeper to scan lots of remote networks... and it works great for network devices. However, it seems that the product developers saw fit to DENY windows servers being discovered via SNMP...and instead, force you to use the joke of a protocol called WMI?
WMI will not work through firewalls especially when you have lots of them between you and the remote device.
Also, I do not have power over the remove devices to install agents or permission to deploy a scanning VM... so it is all about remote, agentless scanning.
we bought LANsweeper to replace the aging product of HP Ddmi... ands it has seemed a great switch for some time, until finally we add a range that contains windows servers..
LANsweeper scans IP using PING and SNMP
device returns as a windows box (so LANsweeper has MIB in I think)
LANsweeper switches device to Windows
Firewall blocks comms (of course, as who the heck lets WMI through perimeter firewalls and keeps their job?)
so.... what's the plan guys? do I have to throw out this software? as that would be a shame as I like it and had big plans for it...
cheers
dan
I use LANsweeper to scan lots of remote networks... and it works great for network devices. However, it seems that the product developers saw fit to DENY windows servers being discovered via SNMP...and instead, force you to use the joke of a protocol called WMI?
WMI will not work through firewalls especially when you have lots of them between you and the remote device.
Also, I do not have power over the remove devices to install agents or permission to deploy a scanning VM... so it is all about remote, agentless scanning.
we bought LANsweeper to replace the aging product of HP Ddmi... ands it has seemed a great switch for some time, until finally we add a range that contains windows servers..
LANsweeper scans IP using PING and SNMP
device returns as a windows box (so LANsweeper has MIB in I think)
LANsweeper switches device to Windows
Firewall blocks comms (of course, as who the heck lets WMI through perimeter firewalls and keeps their job?)
so.... what's the plan guys? do I have to throw out this software? as that would be a shame as I like it and had big plans for it...
cheers
dan
Labels:
- Labels:
-
Product Feedback
6 REPLIES 6

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2015 03:07 PM
Without knowing your specific configuration it's difficult to advise but if all PCs are on the same domain, you could configure WMI to use a fixed port using Group Policy.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2015 11:22 AM
hey there
thank you for the reply. the problem for us, is that all of our customers generally have SNMP configured across the estate for monitoring purposes, but we do not get the access to tie down WMI across the estate... though will look into it. I always seemed pretty hard on windows 2003 but they are gradually disappearing...
will have some more looks into this but not sure it is going to work unfortunately 😞
thanks again
cheers
dan
thank you for the reply. the problem for us, is that all of our customers generally have SNMP configured across the estate for monitoring purposes, but we do not get the access to tie down WMI across the estate... though will look into it. I always seemed pretty hard on windows 2003 but they are gradually disappearing...
will have some more looks into this but not sure it is going to work unfortunately 😞
thanks again
cheers
dan

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-21-2015 05:54 PM
Hi,
We have the same requirements and found it very easy to fix the WMI port used instead of using random ports as is set up by default. We then just permitted traffic from our LANSweeper server through the firewalls on that specific port. As LANSweeper have stated, you get far more information back from the machine from WMI than you do for SNMP and don't have to worry about MIBs etc. This is a failing from Microsoft and not LANSweeper. The only difference between SNMP and WMI probing is that SNMP uses standard, fixed ports. If SNMP used random ports, you would have exactly the same problem.
See this article from Microsoft
https://msdn.microsoft.com/en-us/library/bb219447%28v=vs.85%29.aspx
and get off LANSweeper's back. They have produced an efficient, cost effective, easy to use network management tool.
We have the same requirements and found it very easy to fix the WMI port used instead of using random ports as is set up by default. We then just permitted traffic from our LANSweeper server through the firewalls on that specific port. As LANSweeper have stated, you get far more information back from the machine from WMI than you do for SNMP and don't have to worry about MIBs etc. This is a failing from Microsoft and not LANSweeper. The only difference between SNMP and WMI probing is that SNMP uses standard, fixed ports. If SNMP used random ports, you would have exactly the same problem.
See this article from Microsoft
https://msdn.microsoft.com/en-us/library/bb219447%28v=vs.85%29.aspx
and get off LANSweeper's back. They have produced an efficient, cost effective, easy to use network management tool.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-14-2015 11:38 PM
We try to provide our users with as much information as possible prior to purchasing. Several knowledge base articles (Windows domain scanning requirements, Windows workgroup scanning requirements, Ports used by Lansweeper etc.) explain how Windows computers are queried. We offer fully functional trials as well and are always available to answer questions by phone or at support@lansweeper.com
Free updates are released on a regular basis and we continuously improve our software to suit our customers' needs. All feature requests posted on the forum are reviewed and requests sent in via email are flagged as well, so they can easily be reviewed by development. Unfortunately, our developers' time is limited, so we do have to perform a cost-benefit analysis before we start implementing new features. There's no way around this. If a feature is requested a lot and fairly easy to implement, the chances of it being added are good. If a feature is requested only once or twice, it's less likely to be implemented. I honestly can't recall anyone requesting SNMP scanning of Windows computers before and can't find any references to this on the forum, so that does make it less likely for this feature to be implemented. Customers that can't get their firewalls reconfigured to allow WMI traffic over random ports generally have better options for getting around these issues. They either set up a fixed port or scan locally with our scanning agent.
At this point I can only promise that development will review your request and will monitor any similar requests that may come in.
Free updates are released on a regular basis and we continuously improve our software to suit our customers' needs. All feature requests posted on the forum are reviewed and requests sent in via email are flagged as well, so they can easily be reviewed by development. Unfortunately, our developers' time is limited, so we do have to perform a cost-benefit analysis before we start implementing new features. There's no way around this. If a feature is requested a lot and fairly easy to implement, the chances of it being added are good. If a feature is requested only once or twice, it's less likely to be implemented. I honestly can't recall anyone requesting SNMP scanning of Windows computers before and can't find any references to this on the forum, so that does make it less likely for this feature to be implemented. Customers that can't get their firewalls reconfigured to allow WMI traffic over random ports generally have better options for getting around these issues. They either set up a fixed port or scan locally with our scanning agent.
At this point I can only promise that development will review your request and will monitor any similar requests that may come in.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-14-2015 06:52 PM
hi there
thank you for the reply. if I had realised the product had this crazy failing over other discovery products, I would never have allowed it to be purchased, and now I find that we have wasted a year of developing a discovery strategy around LANsweeper...
even if SNMP only brought back the basics, like model, SN and hostname, it would be a start...
does anyone else on here have this requirement?
cheers
dan
thank you for the reply. if I had realised the product had this crazy failing over other discovery products, I would never have allowed it to be purchased, and now I find that we have wasted a year of developing a discovery strategy around LANsweeper...
even if SNMP only brought back the basics, like model, SN and hostname, it would be a start...
does anyone else on here have this requirement?
cheers
dan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-14-2015 06:48 PM
We notice you sent us an email about this as well. As explained via email, Lansweeper does not currently query SNMP on Windows computers. We only query WMI, as WMI provides a lot more detailed information. Most customers who can't allow WMI traffic over random ports either set up a fixed WMI port or scan locally with our LsPush scanning agent.
We've moved your forum topic to the wish list section of the forum and made development aware of your request, but cannot guarantee that this feature will be implemented and cannot give a release date for it. What you are requesting would require some major changes to our scanning procedure and could not be implemented "on the fly".
We've moved your forum topic to the wish list section of the forum and made development aware of your request, but cannot guarantee that this feature will be implemented and cannot give a release date for it. What you are requesting would require some major changes to our scanning procedure and could not be implemented "on the fly".
