Why use a Scanning Agent
Lansweeper can scan the entire IT environment without agents, as you have learned in previous chapters. However, some assets may be difficult to reach due to various factors, such as:
- Mobility and location of devices (e.g., remote laptops out on the road, home offices, devices at remote locations
- Segmented machines in protected zones (DMZs)
With Lansweeper, you do not have to make the choice to only use agentless or agent-based scanning. Both methods can be used together for more comprehensive scanning.
LsAgent: Discover Hard-to-Reach Devices
LsAgent is Lansweeper's agent-based scanning method used for keeping track of difficult-to-scan devices, without depending on credentials, requirements or firewall changes. LsAgent is installed locally on devices, gathers local asset data and sends it back to the Lansweeper installation, using either a direct connection with the customer's installation or through Lansweeper's cloud-hosted relay service. The relay encrypts and stores the data in a hyper-secure environment, where the Lansweeper installation can fetch it.
Both methods (sending to your local installation and through Lansweeper’s cloud-hosted relay service) can be used at the same time. This provides flexibility for those remote users who may come into the office on occasion.
LsAgent is not limited to run only on Windows. Supported operating systems include:
- Windows
- Linux flavors
- Apple Mac devices
However, LsAgent cannot be used to deploy any applications.
LsAgent Only
LsAgent can also be exclusively used for scanning your environment. Maybe you have a policy restricting you from entering credentials into Lansweeper. LsAgent will help you scan your assets and maintain your inventory. This is not a recommended solution as you will not be able to discover and deep scan your assets on your network. This method will only allow you to scan inventory you know already exists and you lose the power of Lansweeper’s discovery capabilities. The Agent can only be installed on Windows/Unix and MAC, so you cannot discover network assets with it.
If this is your only option, it is recommended that you enable Asset Radar so you can maintain visibility in your network.
To learn more about LsAgent, you can visit these pages:
- 📗LsAgent scanning feature explained
- ☝️How to use LsAgent
- ☝️How to deploy Ls with Intune
- 📚Use case: Governing Remote work
LsPush: Scanning Agent for Windows
LsPush is Lansweeper's legacy agent, created before LsAgent. LsPush must be executed on a Windows device and only works on Windows devices.
The most common use case for LsPush is in a production environment using older Windows systems, where there’s no possibility to install LsAgent.
The other is using LsPush in a GPO policy, logon script and Intune, which runs the LsPush agent automatically the moment someone logs in to the domain of the company, enables customers to capture actual user login times. Occassionaly Lansweeper Support may ask you to run an LsPush in order to have a full scan of an Asset or the Lansweeper server.
Use cases for LsPush:
- accuracy in timestamps for user login times
- user currently logged into device
To learn more about LsPush, you can visit these pages:
Continue your training with Vulnerability Risk Assessment ▶️
