In this quick start guide, we'll cover how you go from installing Lansweeper to successfully scanning Windows devices. At the bottom of the page, you'll be able to find links to resources that cover all device types that Lansweeper scans so you can discover any device in your IT environment.
After installing Lansweeper, you'll start on our first run wizard. Here, you'll get the chance to configure your scanning before starting to actively use Lansweeper. In this quick guide, we will only go through Windows scanning but you'll always have the chance to configure your credentials for any type of scan later in the web console.
After selecting your default subnet to scan, you can already add your Windows credentials for scanning. However, in this guide, we will skip this step as we will do this in the credential area later so we can ensure your assets are configured correctly before scanning them with credentials.
Viewing Your Assets
To view all your assets, you can navigate to the Assets tab once you've exited the first run wizard. Thanks to our credential-free scanning, your subnets' assets should already be there with basic data. To help you get started with getting more data from your devices and detect the rest of your network, we've compiled everything you need to do below.
Before starting, we have to make sure that the Windows device is configured correctly so that Lansweeper is able to connect to the device and retrieve data. Since Lansweeper does not require an agent for scanning, certain network configurations might be needed depending on your environment.
The initial connection to a client machine is made over TCP port 135. By default, Windows then sends the WMI data over random ports in the 1025-5000 or 49152-65535 range. In order to remotely scan Windows computers, you must ensure that the machines' firewalls are properly configured to allow all WMI traffic. Opening specific ports is not enough, as traffic is sent over random ports as previously mentioned.
Option 1: Lansweeper Script
The easier option is to run the following script on your Windows devices. This ensures that DCOM, Windows Firewall, and other settings are correct. You can open the script in a text editor to review its contents, before executing in Command Prompt.
Download (right-click and Save Link As) and run this script in an elevated Command Prompt on the client machine.
Option 2: Command Prompt
The second option is to use two command prompt commands to perform the needed changes. Run the commands below in an elevated Command Prompt on the client machine. These commands will run successfully on both older and newer operating systems. They may generate deprecation warnings on newer operating systems but are functional there as well.
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes netsh advfirewall firewall add rule name="TCP Port 135" dir=in action=allow protocol=TCP localport=315
Option 3: Manually
If you're more of a hands-on person, you can do the changes manually by configuring the firewall using the Windows interface, you can find all the steps to do this in the Configuring Windows Firewall knowledgebase article.
Adding Your Credentials
The next step in getting more data is providing credentials. To gather detailed information from devices and services, credentials are a requirement. For Windows, your credential must meet the following requirements:
- The credential must have administrative privileges on the target machine
- If you plan on scanning via Active Directory, the credential must also have read-only access to Active Directory.
Navigate to Scanning Credentials
Head over to Scanning/Scanning Credentials using the top menu.
Edit the Global Windows Credential
Click the edit button on the Global Windows credential. The global credentials are your default credentials. They will be automatically tried by most scanning targets.
If you have a credential that meets the previously listed requirements, you can enter it in one of the following formats:
- If you use a domain credential, submit a down-level login name like NetBIOS domain name\username or a user principal name (UPN) like email@example.com
- For local credentials, use the format .\username
- Microsoft accounts like firstname.lastname@example.org can be used as credentials as well.
Choosing your Scanning Target
Now that you have a global Windows credential, the Asset Radar scanning can also use this once it attempts to scan an asset, so even without any further steps, you'll start seeing more detailed information on Windows assets soon.
Navigate to Scanning Targets
Head over to Scanning using the top navigation.
Add an IP Range Scanning Target
The simplest and arguably most powerful scanning target is the IP Range scanning target. This will attempt to scan every single IP Address in the IP range you enter.
Click the "Add Scanning Target" button and select the IP Range scanning target. You can enter any of your local subnets' IP Range in the two provided boxes.
As you'll see there are more options to configure, but we will leave those in their default state for now. You can find more info about them in the IP Range knowledgebase article.
Scan your IP Range scanning target
Now that your scanning target is ready, you can scan it immediately by clicking the "Scan Now" button.
If the configuration above conflicts with your strict security policies, or if you have a lot of devices outside of your corporate network. You can use LsAgent to scan devices either locally or remotely without any configuration!
Additional Scanning Methods
- Overview of scanning targets and methods
- Scanning with an Active Directory Domain scanning target
- How to scan mobile devices through VMware AirWatch
- How to scan an AWS cloud environment
- How to scan an Azure cloud environment
- How to scan Chrome OS machines
- How to scan Intune with a Microsoft Cloud Services credential
- How to scan Office 365 with a Microsoft Cloud Credential
- Integrating Lansweeper with SCCM