Trying to get network discovery / install agent feature to work. The discovery works fine, the install agent option fails. It says the credentials are incorrect even though I know they are correct. I have tried using M365 email/ azuread\username/local admin account. All fail. If i just clear credentials it shows a installation failed: device error message.
Has anyone gotten this to work at all ? anything I am missing?
For the endpoints are they on a Domain or Workgroup?
M365 email/ azuread\username/local admin account
Network Push Installs are tricky unless all the endpoints are already configured to allow for network installs. Easiest way to do that is via Group Policy on a Domain Controller.
While I am not a Windows System engineer, I do remember reading somewhere that if you are attempting to use a local admin account that only the BUILTIN Administrator account works by default (for things like network push installs). There are other requirements as well, like WMI and Firewall settings for port 135, etc.
Not to beat a dead horse, but often it is easiest just to use Group Policy (if on a domain) or just manually install the agent, then try and manually line up all the required settings (and troubleshoot them) on workgroup computers.
To check the local builtin administrator, use command prompt and try
net user administrator
This command should get you an output like this, verify it is active, you might have to reenable it:
when trying to type in the local admin in the scan profile, see if this syntax works for you:
1 Like
If this did help, my biggest issue is that the using or having the Administrator account (SID -500) enabled at all and not renamed has been against security best practice for a long while.
I 100% agree, and it did seem like you can change Windows to work for remote installs on different account other than the built in administrator, but this required addition changes per individual machine. It took enough blood, sweat, and tears to figure out that by default, workgroup machines only worked with the built-in account, I didnt bother researching in detail what it took to allow other types of user accounts to work.
This seems to be a standard issue across the board, with any software that uses WMI over the network in workgroup environment. For example, using PDQ or RFT would have the same limitations, requirements and configurations setup per individual workgroup machine to work correctly.
1 Like