Discovering under local admin (not domain admin)

stryker129
Mega Guru

‎04-21-2017 05:46 AM

Hello all,

In my company there are computers in a domain as well as computers which are not in domain.

While discovering network using domain administrator we have all needed data and all is fine.

But in case of using local administrator in a computers which are in domain - discovery doesn't work.

We are using local admin credentials in the following format: ".\administrator"

DCOM and WMI are enabled on those PCs.

In case of switching off User Access Control (UAC) on local PCs - credentials are passed and discovery works.

How can we discovering these PCs using local admin credentials and NOT switching off UAC ?

Can anyone advise on this matter?

Thanks.

0 Helpfuls
  • 2,654 Views
8 REPLIES 8

doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to stryker129

‎04-21-2017 06:37 AM

Not at all.. The wmi script can be run locally on the machine if you have an absolute requirement of NOT shutting of UAC and ONLY having a local account.   you can run that script on a schedule locally to discover the machine from the inside.



Discovery of a domain computer with a local admin account should also work just fine (no UAC).. as is discovering a domain computer with a domain user that has local admin privileges.. You should have no reason to utilize a Domain Administrator, unless of course you wanted to.. but again, not necessary


0 Helpfuls

stryker129
Mega Guru
In response to doug_schulze

‎04-21-2017 06:54 AM

Good point.


So algorithm is in the following:


- run shell script in those PC and save data to .txt file


- move this file to MID server


Now MID server has, for example, 20 .txt files from 20 PCs.


- MID server should open and parse this file (HOW to do that?? Probably Import Sets   by schedule ?? If so - how to know where each value from file should be stored in a specific column in DB)



Thanks.


0 Helpfuls

doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to stryker129

‎04-21-2017 06:56 AM

the Shell script? Not at all.. the script (java script) itself will report directly to the instance.   Have a read of this link.. should help the understanding...



http://wiki.servicenow.com/index.php?title=Help_the_Help_Desk#gsc.tab=0


0 Helpfuls

stryker129
Mega Guru
In response to doug_schulze

‎04-24-2017 04:50 AM

We have found a way to resolve our issue by enabling remote UAC:


There is a parameter needs to be added to registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System


parameter is DWORD (32-bit) with name LocalAccountTokenFilterPolicy set to 1



All is ok right now as per our requirements.


But is there any objections/risks using this approach?


Thanks


0 Helpfuls