The Now Platform® Washington DC release is live. Watch now!
‎05-11-2010 08:31 AM
We are in the process of using Discovery to build our CMDB. We have given our Midserver service account local admin rights on our servers to allow for Discovery. However, we cannot give this type of access on domain controllers. Has anyone run into a situation where they've had to grant Discovery the least amount of permissions possible on a server in order to complete Discovery? If so, what were the permission settings. Did you grant specific permissions on the WMI service? Thanks for any info.
Rick
‎05-11-2010 09:14 AM
Rick,
For Domain Controllers you must be a domain admin to make remote queries, haven't found any limited permission set for DC's that work (yet) 🙂
‎05-11-2010 09:24 AM
Rick,
You could do this another way. Requires a little more work to set up, but it may suffice.
make a scheduled task on your DCs to run "cscript.exe snc_discovery.js"
not elegant, but it should work.
cheers,
robin850
‎05-11-2010 09:25 AM
The downside is that you wont get the automatic mapping of applications as an agentless discovery does, but you would get the hardware information....
‎05-11-2010 09:30 AM
Doug, you are of course correct! I knew there was something i was forgetting.
IMHO if you are running applications on a DC instead of their own server you are asking for issues.
cheers,
robin850