ServiceNow auto discovery

Imran Shad
Mega Expert

Hello all,

I wish if someone could share the best practice for discovering servers through ServiceNow discovery. We have multiple MID servers deployed in our environment. The service id attached to these mid servers for server scanning is currently granted WMI access to all servers however to make that work the requirement of local admin for the service id was required. I am wondering if this poses any security issue. 

 

Thank you.

1 ACCEPTED SOLUTION

VivekSattanatha
Mega Sage
Mega Sage

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek

View solution in original post

6 REPLIES 6

Just wanted to confirm again, Isn't granting WMI access to all servers pose any security risks?

Only MID Servers can access your target servers and MID Server is in your environment and it's not exposed to the internet.