Network and Credentials
ScanWin uses Microsoft Windows Management Instrumentation (WMI) to connect to and inventory networked computers. WMI by default uses TCP ports 135 (RPC) and 445 (WMI/SMB) in addition to dynamically assigned ports, typically in the range of 1024 to 1034. A user account that has enough permission to query WMI on the target machine should be used. This can be a Domain Administrator account or a user account with specifically assigned permissions.
If using Windows Defender Firewall with Advanced Security in your environment, the Predefined Inbound Rules to allow are the following:
- File and Printer Sharing
- Windows Management Instrumentation (WMI)
More information for enabling these via Group Policy can be found here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules
ScanWin can discover devices through Active Directory, and for this, it uses LDAP to communicate with an Active Directory Domain Controller, which typically uses TCP port 389 (LDAP) but can also use TCP ports 636 (LDAP SSL), 3268 (LDAP GC), 3269 (LDAP GC SSL). A user account with Domain User rights is required to query Active Directory.
ScanWin can also discover devices via an IP range scan which can be performed by providing start and end IP addresses or by providing a CIDR network address. ScanWin will attempt to ICMP ping each IP address, and if there is a response, the IP address will be included in the inventory scan. If your environment is not configured to allow ICMP echo requests, it will need to be configured before using this method. More information for enabling ICMP options via Group Policy can be found here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule