You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are using Asset Insight Discovery tool to scan our assets but we have one security concern with Windows based machines. As mentioned in your documentation, we need local admin privileges on all targeted windows machines.
Our Security team is not allowing local admin privileges and we have few concerns as mentioned below.
i) Why asset discovery tool credentials need local admin privileges on all windows targeted machines?
ii) What will be activities performed by Insight Discovery tool using admin rights on windows?
iii) If we are not wrong, Insight Discovery will just read the information from windows system during scanning?
iv) Will Insight discovery tool will write anything on targeted windows machines?
v) Is there any clear requirements that on which specific paths we need to provide the admin rights for scanning?
Does anyone know regarding the above mentioned queries. Please provide you feedback for above queries
Provide any workaround for this problem so that we don't need to use admin rights on each targeted windows machine.
Thanks & Regards,
I can't answer all of that in any detail but the short answer is "because you need to be an admin on the machine to be able to see a lot of the data Insight is looking for".
Windows doesn't have the granularity of admin control to be able to say "and let an unprivileged account see, but not edit, the settings" in a lot of places.
Insight will not try to change anything, it is a pure read of data.
Dear Nic Brough,
Thanks for your response. But I am still confused, if it is just related to read the data and not to edit anything then why we need local admin privileges.
Second concern, do you have any idea on which specific paths/folders we need to provide the admin rights for scanning?
>just related to read the data and not to edit anything then why we need local admin privileges
Because that's how Windows works.
> which specific paths/folders we need to provide the admin rights for scanning
It doesn't do much direct reading of files, it's mostly reading system settings. I don't know what files it might be reading, but it's safe to say "all the folders the operating system is installed and configured in"
@Nic Brough -Adaptavist- Hi, I am having trouble with testing my credentials I do have local admin rights on all of the devices but the test does not work. When I did a scan the only device that import was my device. Can you help at all? Can you use .\ before username for the local admin?