This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Preventing Windows Credentials Scan Attempts - Agent Scanning Only

ChrisParr1
Engaged Sweeper III

‎09-13-2023 03:47 PM

We want to just pick up Windows machine details via LSAgent and not try to remotely scan them, but we also want to pick up and merge the computer account info from Active Directory, so we can see AD fields like OU, Location, Managed By etc. along side the computer details pulled back by LSAgent, and also make use of the Asset Clean up options when the AD Computer Object is disabled or deleted.

How can we configure our scan settings so that we're linked up the computer objects in AD with the LSAgent data, but not filling our scan logs with "Scanning Access denied. Username(s) tried: ..." messages, and not granting an account the rights needed to remotely scan Windows machines?

Labels:
0 Kudos
3 REPLIES 3
ChrisParr1
Engaged Sweeper III

‎09-19-2023 01:20 PM

Thanks Tim,

We're seeing errors on individual computers entries when the AD scan runs, looks like it's happening with both AD Domain, and AD Computer path scans. It's reporting that the failure is for the Global Windows credential. There are no bad passwords for that account and it's got basic read access to AD.

It looks like the AD scan is triggering an attempt to scan the computer over the network. How do we avoid that while also ensuring that the information in AD is also mapped to the Lansweeper computer info?

0 Kudos
Tim_N
Lansweeper Employee
Lansweeper Employee
In response to ChrisParr1

‎09-19-2023 04:15 PM

Hello @ChrisParr1 

Scanning AD Computers will discover computer assets in AD and add that asset to the asset scanning queue. Therefore, scanning with an agent will provide the asset details and then scanning AD will attempt to scan that asset again. 

At this time, there is not an objective to have AD only scan AD content and return that content to the appropriate asset. 

Keep in mind, that only scanning via an Agent will only scan "what you know" and you could miss "things you don't know." 

I hope this helps to clarify. 

Tim N.
Lansweeper Employee
0 Kudos
Tim_N
Lansweeper Employee
Lansweeper Employee

‎09-15-2023 06:55 PM - edited ‎09-15-2023 06:55 PM

Hello @ChrisParr1 

This is a great question. First, configure the LsAgent to the settings you desire. Those assets will be pulled into Lansweeper and will able to be modified/updated when AD is scanned -- or visa versa. 

Secondly, you'll want to setup a scan target for either AD Domain or AD OU. Lansweeper will automatically match the appropriate assets and merge the scanned data as you stated in your post. 

This would also mean that you only have an AD scan target and not an IP Range target. 

Lastly, to prevent "Scanning Access denied. Username(s) tried:..." errors, ensure the scanning that's occurring through AD has the appropriate permissions. For AD, it only needs read access. This way, the AD read-only credentials will gather the AD info as you desire, Lansweeper will also scan the asset via LsAgent, and Lansweeper's logic and technology will merge the data for each asset. 

Give that a try and let us know how it goes. 

Tim N.
Lansweeper Employee
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now