"There's a right way, a wrong way, and a Microsoft way."
That applies to security credentials as much as it does to other areas. Microsoft chose to go their own way, not using the tried-and-true methods of the Unix world. If your enterprise has a heterogenous computing environment, you know what I'm talking about. Whether you love it or hate it, that's the way it is — and we all have to deal with that pesky real world.
Agentless discovery products like ours depend on two kinds of access to Windows system — the "administrative share" and Windows Management Instrumentation (WMI). The administrative share can only be accessed by Domain Administrators or Local Administrators. There's a lot of documentation on Microsoft's site about using WMI to probe remote computers — but unless you're operating in the context of a Domain Administrator or Local Administrator, it involves configuration changes that most enterprises would find difficult or impossible to roll out. Further, these configuration changes are dependent on the operating system and even the service pack level. So we have taken the path of least resistance (and least likely to run into future compatibility issues): to explore Windows systems, Discovery requires a MID server running on a Windows server in the context of a Domain Administrator or Local Administrator.
