Requirements
3 minute read
How it works
The Docusnap Enterprise Gateway copies the Discovery-Windows.exe to the IPC$ share of the desired target systems during the discovery process. Once the copy process has been successfully completed, the Docusnap Enterprise Gateway starts the Discovery-Windows.exe. During this process, data retrieval is performed using WMI, PowerShell and registry queries. The results are received by the Docusnap Enterprise Gateway via a stream, processed and transferred to the isolated storage.
Prerequisites
The following requirements must be met for the successful discovery of Windows systems:
- Accessibility of target systems
- Transparent firewall configuration
- Access to IPC$ share
- PowerShell version 3.0 or higher
- Administrative permissions
Accessibility of target systems
For the interactive and scheduled discovery of Windows systems by the Docusnap Enterprise Gateway, the reachability of the target systems is crucial. Reachability means that the target system can be accessed on the specified network via TCP/IP.
Transparent Firewall Configuration
In order for the Docusnap Enterprise Gateway to successfully connect to target systems, it is necessary to allow connections. The Windows firewall settings can be made via “Group Policy Objects” (GPOs) as well as via the direct firewall settings.
For Windows Firewall rules, the following incoming connections must be configured:
- Remote management (RPC-EPMAP) - inbound rule for RPCSS service allowing RPC/TCP traffic for all local services.
- remote management (NP incoming) - incoming rule allowing remote management of all services via named pipes
- Remote management (RPC) - inbound rule allowing remote management of all services via RPC/TCP.
When using GPOs, enable the following rule:
- Allow incoming remote management exceptions
Accessing the IPC$ share
As described in the introduction, Discovery-Windows.exe is copied to the IPC$ share of the target system. For this operation, the user specified in the wizard must be either a member of the Local Administrators group or a member of the Domain Administrators group.
PowerShell version 3.0 or higher
During the discovery of Windows systems, data is queried via the Windows PowerShell, among other things. The minimum requirement for the PowerShell version is 3.0, which was already delivered as standard with the Windows 8 and Windows Server 2012 operating systems. For Windows 7 and Windows Server 2008 R2, PowerShell 3.0 or higher can be installed subsequently.
Administrative permissions
- Member of the “Local Administrators” group or
- Member of the “Domain Administrators” group
Protocols and ports
| Description | Port | Protocol |
|---|---|---|
| Remote Procedure Call | 135 | TCP |
| NetBIOS name resolution | 137 | UDP |
| NetBIOS datagram service | 138 | UDP |
| NetBIOS session service | 139 | TCP |
| SMB (Server Message Block) over IP | 445 | TCP |
| Remote administration (dynamic RPC ports) | 1024-65535 | TCP |