Recommended Agent: On-Premises
Supported Agents: On-Premises
Is Auto-Discovered By: On-Premises Agent install, Active Directory Inspector
Can Auto-Discover: Active Directory, SQL Server Inspectors, Hyper-V, Network Discovery
Parent/Child Type Inspector: No
Inspection via: CLI
Data Summary: Here
Endpoint Inspector Count
The Windows Inspector is an Endpoint Inspector. Endpoint Inspectors are billed per unit according to your agreement with Liongard. Usage beyond the contracted amount will be charged on your monthly invoices.
To view your Endpoint Inspector count per Environment, navigate to Admin > Environments > Review the "Endpoint Inspector" column
To view the number of included Endpoint Inspectors and your minimum commitment for Endpoint Inspectors, navigate to your username in the upper right-hand corner and select Company Settings.
Please contact your Account Manager for additional contract and pricing details.
Video isn't playing? Click here.
- Potential Windows Inspectors are auto-discovered from the Active Directory Inspector.
- Windows Inspectors will be auto-discovered upon install of a Liongard On-Premises Agent on a Windows Server.
- We support "remote inspection" where a single Agent installed on a network can complete Windows inspections of many other servers.
Windows Inspector vs. Active Directory Inspector
The Windows Inspector pulls data for local accounts.
To review data from accounts on the Active Directory domain, please use our Active Directory Inspector.
For more information on what data the Windows Inspector pulls, please review our System Inspector Summary document.
The Windows Inspector requires a Windows Server 2012 or greater.
Your first Windows Inspector will likely be the one auto-discovered by installing your On-premises Windows Agent. Activating that Inspector will auto-discover an Active Directory Inspector which, once activated, will auto-discover other Windows Inspectors joined to Active Directory.
- Activate and run the first Windows Inspector. In addition to landing data about that server, it will auto-discover an Active Directory Inspector, if the server is an Active Directory domain controller, and will auto-discover a Network Discovery Inspector.
- If you install an Agent on a server that is not a domain controller, deploy an Active Directory Inspector to auto-discover the other Windows Servers on this network.
- The Active Directory Inspector will auto-discover the other servers on your network.
- The Network Discovery Inspector can discover several different types of network Inspectors as detailed on the Network Discovery Inspector page.
- Verify that the Active Directory Inspector on a given network has run at least once.
- Setup Agent permissions: Verify that the Agent through which you want to run multiple Windows inspections has been set up with service permissions sufficient to do so. See: Agent Service Permissions.
- Activate launchpoints: Navigate in your Liongard instance to Admin > Inspectors > Windows and then check the Discovered Systems tab. Any auto-discovered systems that the Active Directory Inspector auto-discovered will appear here to be activated.
- Note: We may auto-discover Windows Inspectors you have already set up manually. Use the Archive Launchpoints option to hide Discovered Systems that you do not wish to activate.
We will auto-discover Windows Inspector launchpoints via our AD inspector for machines that:
- Are running a Windows Server operating system version 2012 or greater.
- Are joined to the Active Directory domain and the machine account is enabled, and
- Have checked in with the domain within the last 45 days.
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
In general, remote Windows inspections work wherever the Agent machine can make remote PowerShell calls against the target Windows machine and if the Agent service has permissions to make such calls.
If you run into any issues, note:
- Verify remoting enabled. In order for an agent to run a remote inspection against a Windows server, the target machine must be configured to receive remote PowerShell commands.
To enable remoting on the target machine, run the following PowerShell command:
- PS 2.0 limitations. Liongard does not support PowerShell 2.0 and older. We recommend at least PowerShell 5.1 on all servers queried by Liongard.
- Verify Agent permissions. The Agent needs to have network access permissions delegated by running the Liongard Agent service as an appropriate user account. See Agent Service Permissions.
- Verify firewall settings. The Agent machine must be able to access all target Windows servers via network ports for PowerShell remoting (typically done automatically if PS remoting is enabled) and SMB/CIFS.
- Network bandwidth considerations. The pre-processing payload (i.e., the data transferred between the target server and the Agent machine can be several megabytes in size. This is unlikely to be a concern on a LAN-speed network, but inspections over WAN links such as site-to-site VPN tunnels may require special consideration. Contact Liongard Product Support with any questions.
The Windows Inspector Auto-Discovers Active Directory, Hyper-V, and SQL Server Inspectors.
Updated 6 days ago