- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2022 10:37 AM
Hello all,
I wish if someone could share the best practice for discovering servers through ServiceNow discovery. We have multiple MID servers deployed in our environment. The service id attached to these mid servers for server scanning is currently granted WMI access to all servers however to make that work the requirement of local admin for the service id was required. I am wondering if this poses any security issue.
Thank you.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 01:22 AM
Hi Imran,
The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.
There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.
https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html
From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.
Regards,
Vivek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 01:17 AM
The credentials for discovery are stored in credentials table of servicenow and in encrypted format.
So no security issue from servicenow side.
I am using many local admin credentials for many servers or group of servers with same password.
As long as password is complex, change from time to time and not shared with anyone, its good.
For linux servers, we have a schedule that after 90 days password expires and it needs to be changed.
Hope its helpful
Anshu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 06:46 AM
Just wanted to confirm again, Isn't granting WMI access to all servers pose any security risks?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 07:36 AM
There will be no threats as i have been using discovery since a long time.
discovering 7k-8k windows servers
Anshu

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 01:22 AM
Hi Imran,
The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.
There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.
https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html
From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.
Regards,
Vivek