1) The scanning account must be an administrator on the scanned computers.
Alternate credentials are used if they are configured for the domain.
If no alternate credentials are configured, the default windows credential is used.
2) Configure the Windows Firewall to enable remote administration.
In a domain the easiest way to do this is to create a Group Policy:
How to configure the windows firewall using group policies.
3) Configure active scanning for your domain.