Creating and mapping scanning credentials

Scanning credentials are login/password combinations and certificates/keys used by your Lansweeper installation to remotely access and scan network assets. The following asset types require a scanning credential in order to be scanned remotely: Linux, Unix, Mac and Windows computers, VMware servers and network devices (printers, switches...) that have SNMP enabled. For Windows computers, scanning credentials are also used during software deployment.

Your Lansweeper installation allows you to submit an unlimited number of scanning credentials. Scanning credentials are managed in the following section of the web console: Scanning\Scanning Credentials

Scanning Credentials menu
Scanning credentials must be created and then mapped, so Lansweeper knows when to use them. If you map a Windows credential to a domain for instance, Lansweeper will try to use that credential for any Windows computer within that domain.
Windows computers can be scanned locally as well, with the LsPush scanning agent. If you scan your Windows computers exclusively with LsPush and don't use software deployment, you do not need to submit Windows scanning credentials. Computers running a Home edition of Windows must be scanned with LsPush, as these machines cannot be accessed remotely. Information on the LsPush scanning agent can be found in this knowledge base article.

 

Creating scanning credentials

To create a credential, hit the Add new Credential button in the Scanning\Scanning Credentials section of the web console. There are 6 types of credentials:

  • Windows credentials

    Windows credential
    - Used for scanning: Windows computers (non-Home editions) and users
    - Must have: administrative privileges on your computers and, for scanning domain computers/users, read-only access to Active Directory
    - Name: custom name you can assign to the credential
    - Login: a down-level logon name like NetBIOS domain name\username (domain credentials) or a user principal name (UPN) like username@yourdomain.local (domain credentials) or .\username (local credentials) or username@outlook.com (Microsoft accounts)
    - Password: your user account's password
  • SNMP(v1/v2) credentials

    SNMPv1 or SNMPv2 credential
    - Used for scanning: network devices that have SNMPv1 or SNMPv2 enabled
    - Must have: read-only access to SNMP
    - Name: custom name you can assign to the credential
    - Password: the (case-sensitive!) SNMP community string used by your devices. Many network devices use public and private as their default SNMP community strings, public being for read-only access and private for read/write access. Your devices could be using custom strings however.
    - Use SNMP(v1)/Use SNMP(v2): optionally, uncheck one of these boxes to have Lansweeper only try SNMPv1 or SNMPv2.
  • SNMP(v3) credentials

    SNMPv3 credential
    - Used for scanning: network devices that have SNMPv3 enabled
    - Must have: read-only access to SNMP
    - Name: custom name you can assign to the credential
    - Login: SNMP login
    - Password: your SNMP login's password
    - Encryption key: encryption key required if authentication type is set to MD5 or SHA1
    - Authentication type: None, MD5 or SHA1
    - Privacy type: None, DES, AES 128, AES 192, AES 256 or Triple DES
  • SSH credentials

    SSH credential
    - Used for scanning: Linux, Unix and Mac computers
    - Must have: access to the uname (Linux/Unix) or system_profiler (Mac) command
    - Name: custom name you can assign to the credential
    - Login: SSH login
    - Password: your SSH login's password
  • SSH certificates (added in Lansweeper 6.0)

    SSH certificate
    - Used for scanning: Linux and Unix computers
    - Must have: access to the uname command
    - Name: custom name you can assign to the credential
    - Login: your login
    - Passphrase: your passphrase, if there is one
    - Private SSH key: your SSH key
  • VMware credentials

    VMware credential
    - Used for scanning: VMware servers
    - Must have: read-only access to your VMware server's MOB (Managed Object Browser)
    - Name: custom name you can assign to the credential
    - Login: VMware login
    - Password: your VMware login's password

Mapping scanning credentials

To map a credential, hit the Map Credential button in the Scanning\Scanning Credentials section of the web console. You can select multiple credentials by holding down Shift. Credentials are tried in the order you see them. In the example below, Lansweeper will first try Windows2 to scan computers in Workgroup, then Windows1. You can change the order in which credentials are tried by grabbing (left-click and hold) a credential in the Credentials column and dragging it to a new position.

mapping credentials
The only credentials you don't need to map are global credentials. Global credentials are tried for any asset of the specified type, if all other credentials of the same type have failed. Your global Windows credential is tried for any Windows computer for instance, if all other credentials mapped to the computer have failed.
Recent Lansweeper releases will remember which credential they last successfully scanned an asset with. When the asset is rescanned, the last successful credential is tried first. If that fails, any mapped credentials are tried. If those fail as well, your global credentials are tried.

You can map a credential to:

  • A domain or workgroup

    mapping to a domain or workgroup
    - Domain or Workgroup: NetBIOS name of the domain or name of the workgroup
  • An individual Windows computer

    mapping to a Windows computer
    - Domain\Computername: NetBIOS domain name\NetBIOS computer name or workgroup name\NetBIOS computer name
  • An IP address

    mapping to an IP address
  • An IP range

    mapping to an IP range
    - Select a range from the dropdown. Additional ranges can be submitted by hitting the Add Scanning Target button in the Scanning\Scanning Targets section of the web console and selecting IP Range from the Scanning Type dropdown.

Related Articles