Just Enough Administration (JEA) for Windows Discovery

SNowUser11
Kilo Guru

Hello,

Has anyone implemented JEA for Discovery its new from Orlando but if please let me know the steps to be performed.I was going through this link but if anyone has proper step by step procedure what from servicenow has to be done and what an windows SME has to perform

Thanks
 
1 ACCEPTED SOLUTION

Florian Zemsky
ServiceNow Employee
ServiceNow Employee

Hi,

for me personally the best documentation I've found so far on this is the official one that you linked in your question. I've started writing on a community article on this but it will still take some time...

Here's a highlevel guide on how I got it working:

  1. First of all - make sure general Discovery prerequisites are met (e.g. MID Server & Network Communication Requirements)
  2. Then make sure all the JEA specific prerequisites from docs are met - at least at your MID Server Host, the Domain Controller and the Target you want to discover via JEA.
  3. Create the domain user group and add the notadmin user that you will eventually use for JEA Disco
  4. Make sure all the machines that you want to discover via JEA are defined as trusted hosts
  5. Extend / adapt the list of cmdlets in the role capabilities file (.psrc) to match your requirements. A starting point on this might be documented here, but this is one of the things I still need to look into in more detail: Here

Check the attachments to see how I got this working.

HTH Florian

View solution in original post

6 REPLIES 6

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

That document explains everything what you want and this HI article

https://hi.service-now.com/kb_view.do?sysparm_article=KB0782125 in this article the role profile is provide which can change as per your need and your windows guy has to give you this and configure on windows server.


Mostly you windows guy has to give you JEA credentials with domain level credentials and not local.

Thanks,
Ashutosh

 

If you got the answer please close this thread by marking answer as correct. SO people can use it.


Thanks,
Ashutosh

Florian Zemsky
ServiceNow Employee
ServiceNow Employee

Hi,

for me personally the best documentation I've found so far on this is the official one that you linked in your question. I've started writing on a community article on this but it will still take some time...

Here's a highlevel guide on how I got it working:

  1. First of all - make sure general Discovery prerequisites are met (e.g. MID Server & Network Communication Requirements)
  2. Then make sure all the JEA specific prerequisites from docs are met - at least at your MID Server Host, the Domain Controller and the Target you want to discover via JEA.
  3. Create the domain user group and add the notadmin user that you will eventually use for JEA Disco
  4. Make sure all the machines that you want to discover via JEA are defined as trusted hosts
  5. Extend / adapt the list of cmdlets in the role capabilities file (.psrc) to match your requirements. A starting point on this might be documented here, but this is one of the things I still need to look into in more detail: Here

Check the attachments to see how I got this working.

HTH Florian

Hi Florian,

We have JEA working in the main, but there are a handful of servers that are not being classified properly as Windows Servers and are not being discovered properly.  The JEA profile and FW rules all look ok...

In the above you mention machines need to be trusted hosts - what do you mean by that?

Thanks

 

Mark