Windows credentials
-
- UpdatedAug 1, 2024
- 4 minutes to read
- Xanadu
- External Credential Storage
Windows credentials provide access to Windows computers. This credential type is available for Discovery and Orchestration.
Credential requirements
- Install a MID Server on a Windows host as a service.
- Add Windows
credentials to one of these locations:
- An entry in the Credentials
[windows_credentials]
table - A MID Server service account to run as a specific Windows user or domain account.
- An entry in the Credentials
Granting proper permissions
- A domain user with local administrator access on the target Windows hosts.
- A local account that has administrator privileges and User Access Control (UAC) disabled on the same target host.
- A user who meets the requirements of Windows probes and permissions (Discovery only).
- A user who meets the requirements of the Orchestration activity to be run (Orchestration only).
Security around granting privileged access can be enhanced by using JEA profiles to run Discovery. For more information, see Microsoft Just Enough Administration (JEA) for Discovery.
Workgroup computers
- Built-in administrator account on the Workgroup computer.
- Domain user on the Workgroup computer.
Multi-domain configuration
To enable Windows credentials to function across multiple domains, make sure to sure to use the correct name formats and MID Server configuration.
Discovery and Orchestration support Windows domain credentials in both User Principal Name and Down-Level Logon Name user name formats. For example, Domain\UserName or UserName@example.domain.com. You can provide Windows workgroup credentials in the following format: WORKGROUP\UserName.
Condition | Additional actions required |
---|---|
MID Server host on the same domain as the Windows target. | None |
MID Server host on a different domain than the Windows target. | Ensure that PowerShell 3.0 (or higher up to 5.1) is installed on the MID Server host. |
MID Server host on a different domain than the Microsoft SQL Server target. | See MSSQL server discovery . |
Windows credentials type
Configure Windows credentials for the MID Server
Configure the MID Server to use either the credentials of its own Windows service or credentials from the Credentials [discovery_credentials] table.
Before you begin
Role required: admin
Procedure
-
Configure the MID Server to use credentials from the MID Server service
account.
- Set the Configure Windows MID Server service credentials to a user who meets the permission requirements.
- Verify the user name meets the name format requirements.
- Fill in the fields on the form, as appropriate.
- Verify the credentials meet domain requirements.
-
Configure the MID Server use credentials from the Credentials
[discovery_credentials] table.