Steps To Enable The Agentless Scanner in LDMS 2016.3 and Beyond

Version 6

    Verified Product Versions

    LANDESK Management Suite 2016.x

    Description

     

    The self-electing subnet service (SESS) agentless inventory scanner is new to LANDESK® Management and Security 2016.3. Once enabled on a subnet, the SESS-elected device uses credentials an administrator provides to attempt full inventory scans on unmanaged and LANDESK agentless devices found by extended device discovery (XDD) that are past the scan frequency time. By default the elected device attempts these scans for unmanaged devices on its subnet once per day.

     

    The agentless scanner does this by periodically getting a list of unmanaged devices from the core server. The elected device remotely uses credentials an administrator provides within to map a drive to an unmanaged device's C$ share. The credentials provided should ideally be domain administrator credentials. By default Windows typically disables C$ share access to local accounts.

     

    If the mapping is successful, the elected device copies scanner files to a temporary folder, C:\Landesk_AGLS\scanner. From there the scanner runs and reports results to the elected device, which uploads the scan to the core server. After the scanner finishes, the elected device removes the files and folder it copied over, leaving behind the scan file or error file in C:\Landesk_AGLS.

     

    When the agentless inventory scanner runs successfully on a device, that device is moved from the Unmanaged devices database table to the Computers table. You can view agentless devices in the Network view under Devices > Agentless devices. Devices in the Agentless devices view will still be scanned by the agentless inventory scanner once a day (if you haven't changed the default scan frequency).

     

    The process below will provide a walkthrough of the various settings that will need to be implemented in order to utilize the agentless scanner feature.

     

    Resolution

     

    1. Enable the agentless inventory scanner in an agent setting

     

    A. On the core navigate to Tools > Configuration > Agent Settings

     

    agntless1.png

    B. Within the Agent settings tree, click Client connectivity and double-click an existing agent setting or right-click and create a new one.

     

    C. Within the Client Connectivity window expand the 'Self-electing subnet service' tree and select the 'Agentless scanner service' option. Check the box next to the option to 'Enable agentless scanner service' and then click 'Save'.

     

    agntless2.png

     

    D. Back within the Agent settings window, create a  task to 'Change Settings' from the Agent settings toolbar.

     

    agntless3.png

     

    E. Within the Change settings page, ensure the client connectivity setting you modified are set and click 'Save'.

     

    agntless4.png

     

    F. Add targets to the new change settings task and run it. You can target multiple (or all) devices on a subnet and let SESS manage which device runs the agentless scanner service on that subnet.

     

    2. Enable extended device discovery

    Note: The agentless scanner relies on XDD for a list of unmanaged devices that should be scanned. If XDD is already enabled in your environment, please feel free to skip this step.

     

    A. On the core navigate to Tools > Configuration > Self-electing subnet services

     

    agntless5.png

     

    B. Select the 'Extended device discover (ARP) tree, right click on the subnet you wish to modify and click 'Enable'

     

    agntless6.png

     

    C. Allow the changes to propagate. It can take up to 15 minutes for these changes to propagate within the environment.

     

    3. Enter agentless scanning credentials

     

    A. Navigate to Tools > Configuration > Self-electing subnet services

     

    agntless5.png

     

    B. Within the toolbar select the 'Manage Credentials' button

     

    agntless7.png

     

    C. Within the new window click the 'Add' button and enter the credentials. Once this has been completed click 'Save'.

    Note: The Agentless Scanner is currently a Windows only feature and as such the 'Type' field is set to 'Windows' and cannot be altered.

     

    agntless8.png

     

    4. Enable the agentless scanner on a subnet

     

    A. Navigate to Tools > Configuration > Self-electing subnet services

     

    agntless5.png

     

    B. Select the 'Agentless scanner service' tree and right click on the subnet you wish to enable this feature on and select 'Enable'

     

    agntless9.png

     

    C. Select the 'Agentless scanner service' tree and right click on the subnet you wish to modify and select 'Service Settings'

     

    agntless10.png

    Within the new window you can alter the polling and scan frequency values.

    Note: The polling frequency is how often an elected scanner asks the core for an updated list of new unmanaged devices on the subnet.

     

    D. Once you have updated these values click 'Save'.

     

    E. Allow the changes to propagate. It can take up to 15 minutes for these changes to propagate within the environment.

     

    To learn more about the new Agentless Scanning feature in LDMS 2016.3 please visit About Agentless Scanning in LDMS 2016.3