Just Enough Administration (JEA) for Windows Discovery

SNowUser11 · ‎08-20-2020

Hello,

Has anyone implemented JEA for Discovery its new from Orlando but if please let me know the steps to be performed.I was going through this link but if anyone has proper step by step procedure what from servicenow has to be done and what an windows SME has to perform

https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/discovery/concept/m...

Thanks

Florian Zemsky · ‎08-28-2020

Hi,

for me personally the best documentation I've found so far on this is the official one that you linked in your question. I've started writing on a community article on this but it will still take some time...

Here's a highlevel guide on how I got it working:

First of all - make sure general Discovery prerequisites are met (e.g. MID Server & Network Communication Requirements)
Then make sure all the JEA specific prerequisites from docs are met - at least at your MID Server Host, the Domain Controller and the Target you want to discover via JEA.
Create the domain user group and add the notadmin user that you will eventually use for JEA Disco
Make sure all the machines that you want to discover via JEA are defined as trusted hosts
Extend / adapt the list of cmdlets in the role capabilities file (.psrc) to match your requirements. A starting point on this might be documented here, but this is one of the things I still need to look into in more detail: Here

Check the attachments to see how I got this working.

HTH Florian

View solution in original post

Ashutosh Munot1 · ‎08-21-2020

Hi,

That document explains everything what you want and this HI article

https://hi.service-now.com/kb_view.do?sysparm_article=KB0782125 in this article the role profile is provide which can change as per your need and your windows guy has to give you this and configure on windows server.

Mostly you windows guy has to give you JEA credentials with domain level credentials and not local.

Thanks,
Ashutosh

Ashutosh Munot1 · ‎08-27-2020

If you got the answer please close this thread by marking answer as correct. SO people can use it.

Thanks,
Ashutosh

Florian Zemsky · ‎08-28-2020

Hi,

for me personally the best documentation I've found so far on this is the official one that you linked in your question. I've started writing on a community article on this but it will still take some time...

Here's a highlevel guide on how I got it working:

First of all - make sure general Discovery prerequisites are met (e.g. MID Server & Network Communication Requirements)
Then make sure all the JEA specific prerequisites from docs are met - at least at your MID Server Host, the Domain Controller and the Target you want to discover via JEA.
Create the domain user group and add the notadmin user that you will eventually use for JEA Disco
Make sure all the machines that you want to discover via JEA are defined as trusted hosts
Extend / adapt the list of cmdlets in the role capabilities file (.psrc) to match your requirements. A starting point on this might be documented here, but this is one of the things I still need to look into in more detail: Here

Check the attachments to see how I got this working.

HTH Florian

Mark113 · ‎12-21-2021

Hi Florian,

We have JEA working in the main, but there are a handful of servers that are not being classified properly as Windows Servers and are not being discovered properly. The JEA profile and FW rules all look ok...

In the above you mention machines need to be trusted hosts - what do you mean by that?

Thanks

Mark