Hi @supriyarajp ,

ServiceNow Discovery (using MID Server) for Windows hosts typically uses WMI (Windows Management Instrumentation) or WinRM to gather detailed data:

* Running services and processes
* Installed software
* Hardware and OS information
* Logged-in users
* Performance counters, etc.

To do this, the discovery probes execute remote WMI queries and sometimes run commands (like via wmic or powershell).

By default, only accounts in the Local Administrators group on the target machine have permission to:
Connect remotely to WMI namespaces
 

Run WMI methods and enumerate classes
 Access 

WinRM endpoints for remote management

Without Local Admin, the MID Server will often get access denied errors, incomplete data, or completely fail to classify the host.

Why a non-interactive domain user is often suggested

* Creating a dedicated non-interactive domain service account (can’t log in via RDP, etc.) and adding it to the Local Administrators group on each host is a common best practice.
* Limits risk vs. using an existing interactive admin account.

* The account only exists to run discovery probes; no one uses it to log in.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community MVP 2025