Enabling Scan and Discovery Authentication Credentials

What privilege levels are necessary for the credentials used during Scan and Discovery for all information to be collected (IP, Hostname, Credentials, Groups, etc).

Devices must meet the following requirements:

  • Must have WinRM set, via HTTP (5985) or via HTTPS (5986)
  • The senhasegura must have access to the device via Windows RM on port 5985 or 5986
  • Must have LDAP connection enabled for domain discovery cases (safety connectivity is not required, only enabled on the device on which discovery will be run)
  • Access to run Powershell with administrative access

Credentials must meet the following requirements:

  • Must belong to the “Remote Management Users” group, users in this group can access management features like WS-Management through Windows Remote Management and Windows Management Instrumentation (WMI). Typically users in these groups are used to allow users to manage servers via remote commands (via PowerShell).

How security policies are:

  • Access this computer from the network
  • Add workstation to domain
  • Bypass traverse checking
  • Increase a process working set

The user must have the privilege to execute the following commands:

  • ComputerSystem
  • PATH
  • Get-ItemProperty
  • Import-Module
  • WebAdministration
  • Where-Object
  • wmic
  • Hostname
  • NET USER/LOCALGROUP
  • Access to %userprofile% directory
  • User must have permission to read the event log (Win32_NTLogEvent)