ServiceNow auto discovery

Go to solution
Imran Shad
Mega Expert

‎03-10-2022 10:37 AM

Hello all,

I wish if someone could share the best practice for discovering servers through ServiceNow discovery. We have multiple MID servers deployed in our environment. The service id attached to these mid servers for server scanning is currently granted WMI access to all servers however to make that work the requirement of local admin for the service id was required. I am wondering if this poses any security issue. 

 

Thank you.

0 Helpfuls
  • 1,866 Views
1 ACCEPTED SOLUTION

Go to solution
VivekSattanatha
Mega Sage
Mega Sage

‎03-11-2022 01:22 AM

Hi Imran,

 

The local admin creds are required for ServiceNow to gather most of the information. If have a plan to do a proper discovery and plan to do Servicemapping in a later phase then it's good to have local admin creds.

There is a way to use JEA from Microsoft if your company thinks of local admin as a security issue.

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html

From my experience, many clients initially fear to give it but they would have given the local admin creds for some monitoring tools. If that's the case then ServiceNow also can use those creds. In another way, you can limit the access of discovery admin role and admin roled users in the instance for misusing these credentials from the instance.

 

Regards,

Vivek

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Imran Shad
Mega Expert
In response to VivekSattanatha

‎03-11-2022 06:46 AM

Just wanted to confirm again, Isn't granting WMI access to all servers pose any security risks?

0 Helpfuls

Go to solution
VivekSattanatha
Mega Sage
Mega Sage
In response to Imran Shad

‎03-11-2022 07:31 AM

Only MID Servers can access your target servers and MID Server is in your environment and it's not exposed to the internet.

0 Helpfuls