Recommended Agent: On-Premises
Supported Agents: On-Premises
Is Auto-Discovered By: Agent install, Active Directory Inspector
Can Auto-Discover: Active Directory, SQL Server Inspectors, Hyper-V, Network Discovery
Parent/Child Type Inspector: No
Inspection via: CLI
Data Summary: Here
Enhanced Inspector Count
Windows is considered to be an Enhanced Inspector. Liongard provides you with a limited number of Enhanced Inspectors for each Environment.
To view your Enhanced Inspector count per Environment, navigate to Admin > Environments screen > Review in the Enhanced Inspector column
If you would like additional Enhanced Inspectors, please reach out to your Account Manager.
Video isn't playing? Click here.
- Potential Windows inspectors are auto-discovered from the Active Directory inspector.
- We support "remote inspection" where a single Agent installed on a network can complete Windows inspections of many other servers.
Windows Server Inspector vs. Active Directory Inspector
The Windows Server Inspector pulls data for local accounts.
To review data from accounts on the Active Directory domain, please use our Active Directory Inspector.
For more information on what data the Windows Server Inspector pulls, please review our System Inspector Summary document.
The Windows Inspector requires a Windows Server 2012 or greater.
Your first Windows Inspector will likely be the one auto-discovered by installing your on-premises Windows Agent. Setting up that inspector and then following on with an Active Directory inspector will auto-discover other Windows Servers joined to Active Directory.
- Run that first Windows inspector. In addition to landing data about that server, it will auto-discover Active Directory if the server is an AD domain controller and will auto-discover and auto-activate a Network Discovery Inspector.
- If it isn't a domain controller, set up an Active Directory inspector to auto-discover the other Windows Servers on this network.
- The Active Directory Inspector will auto-discover the other servers on your network!
- The Network Discovery Inspector can discover several different types of network Inspectors as detailed on the Network Discovery Inspector page!
- Verify that the Active Directory inspector on a given network has run at least once since the new version of this inspector was shipped to your Liongard instance.
- Setup Agent permissions. Verify that the Agent through which you want to run multiple Windows inspections has been setup with service permissions sufficient to do so. See: Agent Service Permissions.
- Activate launchpoints. Navigate in your Liongard instance to Admin > Inspectors > Windows and then check the Discovered Systems tab. Any auto-discovered systems that the Active Directory inspector found will appear here to be activated.
- Note: We may auto-discover Windows servers that you have already setup with a Windows inspector either manually or via an Agent installed directly on the server. Use the Archive Launchpoints option to hide Discovered Systems that you don't wish to activate.
We will auto-discover Windows inspector launchpoints via our AD inspector for machines that:
- Are running a Windows Server operating system version 2012 or greater?
- Are joined to the Active Directory domain and the machine account is enabled, and
- Have checked in with the domain within the last 45 days.
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
In general, remote Windows inspections work wherever the Agent machine can make remote PowerShell calls against the target Windows machine and if the Agent service has permissions to make such calls.
If you run into any issues, note:
- Verify remoting enabled. In order for an agent to run a remote inspection against a Windows server, the target machine must be configured to receive remote PowerShell commands.
To enable remoting on the target machine, run the following PowerShell command:
- PS 2.0 limitations. Liongard does not support PowerShell 2.0 and older. We recommend at least PowerShell 5.1 on all servers queried by Liongard.
- Verify Agent permissions. The Agent needs to have network access permissions delegated by running the Liongard Agent service as an appropriate user account. See Agent Service Permissions.
- Verify firewall settings. The Agent machine must be able to access all target Windows servers via network ports for PowerShell remoting (typically done automatically if PS remoting is enabled) and SMB/CIFS.
- Network bandwidth considerations. The pre-processing payload (i.e., the data transferred between the target server and the Agent machine can be several megabytes in size. This is unlikely to be a concern on a LAN-speed network, but inspections over WAN links such as site-to-site VPN tunnels may require special consideration. Contact Liongard Product Support with any questions.
The Windows Inspector Auto-Discovers Active Directory, Hyper-V, and SQL Server Inspectors.
Updated about a month ago