- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2024 10:10 AM
Dear Experts,.
We have some restricted server which are not discoverable through a ServiceNow discovery or through Agent Client Collectors as well (as it cannot be installed) but are open through AD as they are connected through these (On Prem) , is there a way by which I can use AD to allow the MID Servers to work access the AD and run the process of discovery.
A quick help is appreciated
REgards
Nilanjan
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 04:44 AM
Hi Nilanjan,
The communication from device to MID is over secure port. The accounts you use will depend on the options available and that may have more questions from your Infra and Security Team. There are options of using a service account or leaving to system. gMSA was not enabled for ACC as far as i know.
You can refer to datasheet if it has any mention for your questions on how secure it is else you will have to reach support to get detailed information around vulnerabilities.
https://www.servicenow.com/standard/resource-center/data-sheet/ds-itom-acc.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 03:14 AM
@pratik0306 It is because the security team felt that the ACC configuration can be changed..if there are ways to circumvent and reach to the installers. I need something specific that describes this. These are windows servers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 03:38 AM
Hi Nilanjan,
I still did not understand the point of why agentless is not working or preferred. You can use WMI WinRM, gMSA methods. But if you are looking specifically for ACC only then you may refer below links.
For ACC, all you need is-
1. MID server[it can be existing MID as well or you can spin up a new one]
2. make sure the MID server and the servers you plan to install the agent can connect on the port as per the pre requisite. Please check the docs for all the pre requisites
3. If there are multiple servers then you may need a Third party tool[ex: SCCM] to deploy them, else you can install manually and for that as well there are clear steps mentioned in below links.
Hope this helps and you can test for 1 machine and see the results and if all good you can roll out for all.
ACC-
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0815247
https://noderegister.service-now.com/kb?id=kb_article_view&sysparm_article=KB1122613
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 04:35 AM
Thank you @pratik0306 for your help and support. After extensive discussion with the security team they will be ready for a ACC installation but want to know what are the vulnerability for the ACC, how much secure it is... etc. 😁 I am just giving documents and discussion. Do you have anything that defines it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 04:44 AM
Hi Nilanjan,
The communication from device to MID is over secure port. The accounts you use will depend on the options available and that may have more questions from your Infra and Security Team. There are options of using a service account or leaving to system. gMSA was not enabled for ACC as far as i know.
You can refer to datasheet if it has any mention for your questions on how secure it is else you will have to reach support to get detailed information around vulnerabilities.
https://www.servicenow.com/standard/resource-center/data-sheet/ds-itom-acc.html
