- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 09:38 AM
Hi,
Windows team in our organization is hesitant to provide the local admin privileges to the service account that we are going to use for the discovery of Windows servers.
Basic Windows server attributes, Softwares installed, processes running, Network Adapters are part of the discovery requirement.
Without local admin privileges for the service account, what attributes and application dependency mapping info are we going to miss in the discovery.
Regards,
Chandra
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 11:40 AM
Without local admin privileges for the service account, what attributes and application dependency mapping info are we going to miss in the discovery.
Quite a number. Show them the discovery patterns and probes used to interrogate a windows platform so that they understand there are a few privileged commands there.
Windows team in our organization is hesitant to provide the local admin privileges to the service account that we are going to use for the discovery of Windows servers.
If they're managing this kit... aren't they the ones performing the discovery?
This is always a contentious issue, and it stems from the fact that those trying to capture these CIs that are brought under configuration control differ from those actually managing the CIs - causing a clash.
Simply put: if they don't want to enable discovery on their kit, then make them responsible for manually keeping the CMDB up to date with kit in their area of responsibility. If they want to create a service account that enables discovery read-only access to windows attributes, they can easily enable auditing and check what's being run then verify it's safe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 11:14 AM
Hi Chandra,
You must have local admin since it requires access to wmi.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 11:18 AM
My recommendation will be to bring an expert to discuss with the respective stakeholder groups within your organization so that they can understand the fears and speak with authority into what's required and the associated risks behind each access required to perform Discovery.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 11:20 AM
We at Volteo can help you out with that if you're interested... ! It's often step #1 in any ITOM implementation.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2017 11:21 AM
Hi Chandra,
You will lose Application dependency mapping since it requires netstat. You need local admin privilege to run netstat commands.
Regards,
Vivek
