Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Why we need Local admin privileges on all targeted windows machines for Asset Insight Discovery tool

Tariq Ashraf
Tariq Ashraf Oct 06, 2022

Dear Team,

We are using Asset Insight Discovery tool to scan our assets but we have one security concern with Windows based machines. As mentioned in your documentation, we need local admin privileges on all targeted windows machines.

https://confluence.atlassian.com/insightapps/discovery-system-requirements-1085180644.html#Discoverysystemrequirements-Windows:WMI

Our Security team is not allowing local admin privileges and we have few concerns as mentioned below. 

i) Why asset discovery tool credentials need local admin privileges on all windows targeted machines?

ii) What will be activities performed by Insight Discovery tool using admin rights on windows?

iii) If we are not wrong, Insight Discovery will just read the information from windows system during scanning?

iv) Will Insight discovery tool will write anything on targeted windows machines?

v) Is there any clear requirements that on which specific paths we need to provide the admin rights for scanning?

Does anyone know regarding the above mentioned queries. Please provide you feedback for above queries

OR

Provide any workaround for this problem so that we don't need to use admin rights on each targeted windows machine.

 

Thanks & Regards,
Tariq Ashraf

Answer
Watch
Like Be the first to like this
312 views

1 answer

1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Oct 06, 2022

I can't answer all of that in any detail but the short answer is "because you need to be an admin on the machine to be able to see a lot of the data Insight is looking for".

Windows doesn't have the granularity of admin control to be able to say "and let an unprivileged account see, but not edit, the settings" in a lot of places.

Insight will not try to change anything, it is a pure read of data.

View More Comments
Tariq Ashraf
Tariq Ashraf Oct 09, 2022

Dear Nic Brough,

Thanks for your response. But I am still confused, if it is just related to read the data and not to edit anything then why we need local admin privileges. 

Second concern, do you have any idea on which specific paths/folders we need to provide the admin rights for scanning?

 

Regards,

Tariq Ashraf

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Oct 09, 2022

>just related to read the data and not to edit anything then why we need local admin privileges

Because that's how Windows works.

> which specific paths/folders we need to provide the admin rights for scanning

It doesn't do much direct reading of files, it's mostly reading system settings.  I don't know what files it might be reading, but it's safe to say "all the folders the operating system is installed and configured in"

Like
Nicolaus Brooks
Nicolaus Brooks Aug 24, 2023

@Nic Brough -Adaptavist- Hi, I am having trouble with testing my credentials I do have local admin rights on all of the devices but the test does not work. When I did a scan the only device that import was my device. Can you help at all? Can you use .\ before username for the local admin?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
VERSION
4.20.10
TAGS
AUG Leaders

Atlassian Community Events

See all events