6 Replies Latest reply on Jun 25, 2020 2:01 PM by Roland Pocek

    Discovery Outpost Credential Proxy Service User + credential question

    Roland Pocek
      Share This:

      hi all,

       

      as for the windows credential proxy, also the outpost credential proxy service needs to run with a local user that has administrative rights on the outpost machine to be able to run remquery.

      i am not sure if that is part of the docs but should be, using a domain account or local system wont work

       

      another thing i am not sure about is, can the credentials be used from the appliance like with a standard credential proxy or MUST the credentials reside on the outpost?

       

      cheers

      rop

        • 1. Re: Discovery Outpost Credential Proxy Service User + credential question
          Karen Williams

          Hi Roland,

          Yes. in order to get the Network information Remquery needs to run, and the way Remquery runs it needs to create a service.

          From the documentation: When RemQuery is used, it is copied onto the admin$ share of the scanned host, installed, and started as a service. The service is then used to execute the discovery scripts. At the end of the scan, the service is stopped and uninstalled, but the executable is left in the admin$ share. If a copy already exists, it is not copied again.

          Without that, we don't get network info, we don't get accurate application modeling, etc.

          Now, when you define a Windows or AD credential on an Outpost, it actually creates an Outpost Credential Proxy service or Outpost Active Directory Proxy service on the Outpost Windows server.  The Proxy services work the same way as the traditional Windows Proxy service would.

          So the requirement for admin rights is the same and resides with the credential and is not specific to the Outpost or a Windows Proxy.

           

          To your second question, You can have either or both. If the credentials are on the appliance, this would be Local Discovery from the appliance. The Outposts give you flexibility to have different credentials in different areas. When you configure your scan on the appliance, there is a new drop down in the 12.0.0.1 to choose Any, Local Discovery, or one of your Outposts.

           

          Enjoy Discovering! Karen

          3 of 3 people found this helpful
          • 2. Re: Discovery Outpost Credential Proxy Service User + credential question
            Roland Pocek

            hi Karen Williams

             

            thanks, so just to make sure, you are saying that the outpost needs to have its credentials defined on the outpost and the outpost credentail proxy is not able to get credentials from the appliance right?

             

            meaning that if i select any on the discovery run but the range is only active on the outpost but the credential for that ip would be on the appliance would it work?

             

            thanks

            • 3. Re: Discovery Outpost Credential Proxy Service User + credential question
              Andrew Waters

              Currently an Outpost needs to have all the credentials it uses defined on the Outpost. It will not use any credentials defined on the appliance.

               

              If you only define the credential on the appliance and an Outpost performs the discovery then the credential will not be used and hence (assuming only this credential works) discovery will fail.

              3 of 3 people found this helpful
              • 4. Re: Discovery Outpost Credential Proxy Service User + credential question
                Roland Pocek

                thanks Andrew Waters

                 

                if i have a windows server and credential that would work on outpost and proxy on the appliance and both have all ip addresses for its criteria, what will be used with a discvoery run and "Any" selected?

                 

                or will any outpost be used and if the proxy should be used i have to select "local discovery"?

                 

                thanks

                • 5. Re: Discovery Outpost Credential Proxy Service User + credential question
                  Andrew Waters

                  If this is an initial scan then whichever asks for work when the scan is processing the associated IP.

                   

                  After a successful access future scans will try to use the same place (much like the system will first try to use the last credential).

                   

                  If you want to force use of a proxy you either need to disallow the IP address for the Outpost or select local discovery.

                  2 of 2 people found this helpful