ServiceNow auto discovery

Go to solution
Imran Shad
Mega Expert

‎03-10-2022 10:37 AM

Hello all,

I wish if someone could share the best practice for discovering servers through ServiceNow discovery. We have multiple MID servers deployed in our environment. The service id attached to these mid servers for server scanning is currently granted WMI access to all servers however to make that work the requirement of local admin for the service id was required. I am wondering if this poses any security issue. 

 

Thank you.

0 Helpfuls
  • 1,749 Views
1 ACCEPTED SOLUTION

Go to solution
VivekSattanatha
Mega Sage
Mega Sage

‎03-11-2022 01:22 AM

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Anshu_Anand_
Kilo Sage
Kilo Sage

‎03-11-2022 01:17 AM

The credentials for discovery are stored in credentials table of servicenow and in encrypted format.

So no security issue from servicenow side.

I am using many local admin credentials for many servers or group of servers with same password.

As long as password is complex, change from time to time and not shared with anyone, its good.

For linux servers, we have a schedule that after 90 days password expires and it needs to be changed.

Hope its helpful

 

 

Regards,
Anshu
0 Helpfuls

Go to solution
Imran Shad
Mega Expert
In response to Anshu_Anand_

‎03-11-2022 06:46 AM

Just wanted to confirm again, Isn't granting WMI access to all servers pose any security risks?

0 Helpfuls

Go to solution
Anshu_Anand_
Kilo Sage
Kilo Sage
In response to Imran Shad

‎03-11-2022 07:36 AM

There will be no threats as i have been using discovery since a long time.

discovering 7k-8k windows servers

Regards,
Anshu
0 Helpfuls

Go to solution
VivekSattanatha
Mega Sage
Mega Sage

‎03-11-2022 01:22 AM

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek

0 Helpfuls