![]() ![]() Our current roadmap already has lots of content but custom discovery is at the top of our list to be reviewed. Hence we're evaluating including this in the next-gen version (mentioned in the section above) GMSA: we evaluated adding gMSA support previously to Lansweeper but the foundations needed to be changed too drastically. Adding JEA to the final solution would really help out to have a scan server working according to a least privileged account. Just Enough Administration: great tip! While Lansweeper currently relies on RPC, remote registry and sometimes PowerShell (to keep full support with older operating systems), we're currently working on a next-gen version that focuses more on retrieving the data using Powershell where possible. This would allow you to send specific read commands to your assets and capture these in custom discovery sections. lspush ipaddress -g 'Comapnyname' ) (I would use this only as the initial push) Is this possible If not what are the chances of this feature. PS Session Configuration: we're considering including a custom discovery section within the Lansweeper solution. I would like to flag the command to add the asset to a certain group. ![]() Hi ideas would really be beneficial for the configuration of Lansweeper so extra asset details are retrieved and asset and scan server security is increased. I'd need to make the gMSA and allow the server running Lansweeper scanner permissions to get the gMSA password. ![]() Then I wouldn't have to put in a password in the web UI. (Cybersecurity & Vulnerabilities)įinally, it would be awesome if Lansweeper supported a gMSA (Group-Managed Service Account) for scanning. This would reduce risk because it's a non-admin account and only allowed to run specific cmdlets. LsPush/LsAgent could also be used to optionally install the required SessionConfiguration. This would require Lansweeper scanning service to use PowerShell remoting to scan computers. For example, the LansweeperScanning SessionConfiguration could allow all cmdlet's that match with Get-* (e.g., Get-Cim*, Get-Wmi*, Get-Process, etc.). After connection that non-admin account runs as a virtual account using SYSTEM and the SessionConfiguration restricts what commands it can run. Bring out JEA! The Windows device would need a SessionConfiguration that allows an Active Directory non-admin account to connect to it. LAPS scanning is a great new feature! However, LAPS still uses a local Admin account, and our security policy blocks local accounts from connecting remotely. Scanning Windows devices without being Administrator. It would be useful knowing which computers have which SessionConfigurations. I'm deploying more and more SessionConfigurations to servers so users can connect using PowerShell Remoting but are only allowed to run specific commands without adding them to Remote Desktop Users, Remote Management Users, or Administrators group. Scan and report on Get-PSSessionConfiguration. There are two things that could benefit Lansweeper scanning.ġ. This creates a copy of the report that you can customize further.I recently learned about the power of PowerShell SessionConfigurations and Just Enough Administration (JEA). If you want to build a custom report, an easy way to do so is by editing a built-in report and choosing Save As from the report builder. Perform a search for "driver" in the Reports menu of the web console to find built-in driver reports. You can also use built-in or custom reports to view driver data. There are sub-tabs for system drivers, PnP signed drivers and printer drivers. Scanned drivers can be viewed in the Config> Windows > Drivers tab of individual Windows asset pages. With default driver intervals of 6 days for instance, an IP range scan will only refresh driver data every 6 days at most. If you use another scanning method like an IP range target, the driver data being refreshed will depend on how you configured your scanned item intervals. If you rescan your computers with one of the Rescan buttons found throughout the web console, the computers' drivers will immediately be retrieved as part of the rescan. Note that you must use an agentless scanning method or LsAgent to scan your client machines, as the older LsPush agent does not scan drivers. Once you've completed the previous steps, fully rescan your client machines to immediately retrieve the driver data.įor instance, click the Assets menu at the top of the web console, filter the Type column for Windows computers, tick the upper checkbox to select all assets and click Rescan asset(s). Refresh the data as infrequently as possible as well, by increasing the SYSTEMDRIVERS refresh setting if possible. It is recommended that you only enable system driver scanning if you have a specific need for it. Scanning system drivers can therefore impact client machine performance. The WMI class storing system driver data is inherently heavy to read. ![]()
0 Comments
Leave a Reply. |