Discovery Password is being recorded on midserver event log in clear text - Support and Troubleshooting

Discovery Password is being recorded on midserver event log in clear text Issue When running a discovery against a Windows device we are able to view the password in the Event viewer Audit logs.

Cause This is due to the Windows policy setting "Include command line in process creation events."

This policy setting determines what information is logged in security audit events when a new process has been created.

This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.

If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.

Resolution This is out of the scope of ServiceNow and you should work with Microsoft team to get around these settings.

Related Links Command line process auditing