I'm trying discovering Windows Server, it does get information like Software installed, Network data, CPU/RAM, but not Storage device and File systems and TCP Connections with out admin credentials.   I'm using the WMI credentials.

I have an AD user account with "Performance Log User" Group, and user has permissions in wmimgmt, security and at root level with Enable Remote, Remote Control and Read Security. I applied the permission to all sub-folders under root.

I get an error "The result file can't be fetched because it doesn't exist." for Powershell and Multi-probe in the ECC queue input (I do not see any information in the xml for Windows - Network ARP Table and WIndows storage)

Hi Gopi,

If your domain account is not a local administrator then you need to fulfill the following requirements.

Permission requirements for Windows credentials

Discovery Windows probes and permissions

Make sure you gave all the permissions.

Regards,

Vivek

Based on the impact hit like, helpful or correct

Gopichand Ramini wrote:


I'm trying discovering Windows Server...   with out admin credentials. I'm using the WMI credentials.

If all the probes are doing are issuing WMI statements then you're fine.   However, higher privilege levels are required to run specific commands (like netstat -b)

The two links posted above by Vivek are the ones I was about to post.   I don't agree that local admin level is required on the machine - I've queried what specific rights a discovery account needs - but as yet the general rule of thumb is that security restrictions are not imposed on local machine administrators and as such they can interrogate and fetch any information required.

To test this, my suggestion would be:

1. temporarily create a local machine account (called "discoprobe") with (local) admin rights
2. add this into your discovery credentials list
3. disable the domain admin credentials
4. re-run discovery against this server and see if the right information is fetched.

Hope that helps.