The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Minimum Credentials Needed for Discovery of Windows Servers

Rick Mann
Tera Expert

We are in the process of using Discovery to build our CMDB. We have given our Midserver service account local admin rights on our servers to allow for Discovery. However, we cannot give this type of access on domain controllers. Has anyone run into a situation where they've had to grant Discovery the least amount of permissions possible on a server in order to complete Discovery? If so, what were the permission settings. Did you grant specific permissions on the WMI service? Thanks for any info.

Rick

10 REPLIES 10

doug_schulze
ServiceNow Employee
ServiceNow Employee

Rick,

For Domain Controllers you must be a domain admin to make remote queries, haven't found any limited permission set for DC's that work (yet) 🙂


Rick,

You could do this another way. Requires a little more work to set up, but it may suffice.

make a scheduled task on your DCs to run "cscript.exe snc_discovery.js"

not elegant, but it should work.

cheers,

robin850


The downside is that you wont get the automatic mapping of applications as an agentless discovery does, but you would get the hardware information....


Doug, you are of course correct! I knew there was something i was forgetting.


IMHO if you are running applications on a DC instead of their own server you are asking for issues.


cheers,

robin850