The Zurich release has arrived! Interested in new features and functionalities? Click here for more

why does windows credentials need to be a part of local admin group on the target windows host

supriyarajp
Tera Contributor

‎07-14-2025 07:06 AM

In our project, we are going to do IP based discovery for citrix worker machines using IP subnet but we would need a domain user which will then needs to be a part of local domain group on the target windows hosts. Thought it will be a non interactive account but we are unable to get approval for this approach. is there any other way we can do this

0 Helpfuls
  • 602 Views
8 REPLIES 8

Harish Bainsla
Kilo Patron
Kilo Patron

‎07-15-2025 03:15 AM

Hi @supriyarajp  I think without admin right discovery will fail . In this I think you can raise a high support case with servicenow for another way they will tell you about this one.

if my answer helps you mark helpful and accept solution/

0 Helpfuls

supriyarajp
Tera Contributor
In response to Harish Bainsla

‎07-15-2025 05:31 AM

@Harish Bainsla i think you are right that discovery would fail without admin rights. Here is my justification: the mid server user account used to perform discovery must have admin privileges on the windows device being discovered. This is required for successful WMI queries and registry access. if the account used to perform the Discovery scan lacks the appropriate privileges. The discovery process will not be able to return data, and the result will be incomplete or failed discovery.

 

 

I am unable to proof my theory with the SN article.

 

0 Helpfuls

Shreya Jain1
Tera Guru
In response to supriyarajp

‎07-15-2025 07:42 AM

netstat is the only command and it requires admin file share access as well. Check below KB - 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0832625

0 Helpfuls