Logon / Startup Script Scan Setup Azure Environments
The following describes how to deploy ScanWin to perform a network inventory scan via logon script when you have an Azure AD environment. It covers basic setup for a small environment or big environments where clients/users are never present or have no access to the corporate network, further planning may be required depending on different components in your environment if needed.
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. You can check if your firewall is blocking port 445 with theTest-NetConnectioncmdlet. To learn about ways to work around a blocked 445 port, see the Cause 1: Port 445 is blocked section of our Windows troubleshooting guide.
To use an Azure file share with Windows, you must either mount it, which means assigning it mount point path to access it via its UNC path.
On a Azure storage account, create a share called scanwin to hold 2 folders 1 called scanwin and a folder to hold the collected data, called data, here is an of the share and the 2 folders created inside:
Mount the Azure file share
The Azure portal provides you with a script that you can use to mount your file share directly to a host. We recommend using this provided script.
To get this script:
- Sign in to the Azure portal.
- Navigate to the storage account that contains the file share you'd like to mount.
- Select File shares.
- Select the file share you'd like to mount.
- Select Connect.
- Select any drive letter to mount the share to, as we will not use it for the final setup.
- Copy the provided script.
- Autogenerated will look like this:
- Save it to a file named scanwin.ps1 and add it to the logon/startup group policy process specified at the end of this documentation, as this will map the UNC path and credentials to each user that logs on or starts up their machine.
The File share should be reachable for all clients that have run the Powershell.