Notification

Icon
Error

How do you scan your assets on your network? - What methods do you use?

Posted: Tuesday, June 25, 2019 8:48:11 PM(UTC)
OycAdmin

OycAdmin

Member Original PosterPosts: 1
0
Like
Hello all,

I just recently purchased a license for Lansweeper and am enjoying it so far. My intention is to make sure that I'm keeping it as secure as possible.

What are you scanning setups? Do you have Lansweeper on a server segmented off on its own network and maybe firewalled down to what you need?

For Windows environments with AD - do you have a Lansweeper AD account you use for the credentials to scan?

Any tips or input is welcome. I'd just like to have a discussion about how everyone uses Lansweepers scan and what security methods they employ.

Thanks.
CyberCitizen
#1CyberCitizen Member Posts: 196  
posted: 6/27/2019 1:14:18 AM(UTC)
We are running it on a vm server on the same network. We setup a separate domain admin account for Lansweeper.

The package share directory though we did a little different. That isn't on the Lansweeper server but a hidden $ share on our file server (Apps$).

We pointed Lansweepers (PackageShare) to this new location which has read and execute rights to all users. For the share username we are using a local user account .\lsshare so should it be discovered it doesn't really give them much access.

Deployments we are using SYSTEM or Scanning Credentials (Domain Admin) or the odd as logged on user.
MakeBug
#2MakeBug Member Posts: 53  
posted: 6/27/2019 3:39:14 PM(UTC)
We're running it on a vm server as well. The server is in the same network as the clients, so there is no real need for a firewall between them (we simply don't scan the clients from outside at the moment). The scanning user is an AD account without access to anything and has been added to the administrators group on each client (via GPO).

The Lansweeper-server also hosts the package-share for most of these locations, only some have their own shares on one of their local servers because the line between us and them isn't that great (China and the US for example). All users have full access to the share, to make sure noone finds and deletes any content, it's hidden with $. If someone still manages to delete/change something then A) we have a history of the folder changes so we can go after them and rip their head of and B) We have daily backups of the whole server so we can restore it within 5 minutes.
The deployment jobs use the scanning user, it's already a local admin on each client and the packageshare is public anyways so no need for an additional user there.

So far this setup has been more than successfull. It's working almost too well so my boss now expects all updates to be installed on about 90% of the environment within 2 weeks. This basically means I have only 2 weeks to organise every last one of our ~1500 clients (randomly distributed worldwide) d'oh!

Active Discussions

Lansweeper Patch Tuesday report, last 3 months
by  dshu   Go to last post Go to first unread
Last post: Yesterday at 7:04:41 PM(UTC)
Lansweeper Active Assets Versus Non-Active
by  RC62N  
Go to last post Go to first unread
Last post: 8/23/2019 9:29:26 PM(UTC)
Report Center Low Hard Disk Space (coloured) - Win+Linux
by  Olivier J.   Go to last post Go to first unread
Last post: 8/23/2019 4:16:02 PM(UTC)
Lansweeper check if process is running report
by  Randomusername  
Go to last post Go to first unread
Last post: 8/23/2019 3:29:16 PM(UTC)
Lansweeper Top 10 users submitting tickets
by  ChuckSchurman   Go to last post Go to first unread
Last post: 8/22/2019 3:53:21 AM(UTC)
Lansweeper Identifying weak protocols
by  Jason Tree  
Go to last post Go to first unread
Last post: 8/20/2019 3:06:03 PM(UTC)
Lansweeper Ticket Report Overview
by  briangmiller   Go to last post Go to first unread
Last post: 8/20/2019 1:49:35 PM(UTC)
Lansweeper switch ports with multiple assets
by  FischbachM  
Go to last post Go to first unread
Last post: 8/19/2019 9:10:42 AM(UTC)