Windows discovery without 'domain admin' or 'local admin' privileges ? - Support and Troubleshooting

Windows discovery without 'domain admin' or 'local admin' privileges ? Issue Can a separate set of access rules be configured on Windows Domain Controller to grant the following permissions ? Access to the WMI service to the current namespace and sub-namespaces. Access to the Powershell service. Membership in the Distributed COM Users local security group. If yes, is there any relevant documentation to set up the configurations on Windows Domain Controller end ? Is there a possibility to reconfigure the ServiceNow discovery share in a different location and not in the admin shares location ? Release All Resolution There is one basic rule for all queries related to WMI and PowerShell that mid should be able to run WMI and PowerShell commands on remote system. If the commands requires admin privileges, admin share is required. In case of discovery, most of the system detail commands requires admin privilege. The below listed commands are all governed by the Windows user Access to the WMI service to the current namespace and sub-namespaces. Access to the Powershell service. Membership in the Distributed COM Users local security group. This user may or may not have admin privileges based on the requirement. From Servicenow, it is suggested that the customer should have the admin or equivalent privileges for the successful discovery execution. If you do not wish to provide admin privileges, we can only suggest you to create the users with the required permissions and test. This is out of the scope of the support to comment beyond this. Question : If yes, would it be possible for you to share the relevant configurations to be carried on Windows DC end ? Servicenow does not hold any documentation related to the configuration set up on the Windows end. you may have to check with the Microsoft team for the same. Alternately, you can allow non-administrator users limited access to run the specific commands, scripts, and executables necessary for Discovery via Microsoft JEA . Microsoft JEA enables role-based administration through PowerShell Remoting, which uses Windows Remote Management (WinRM) to manage communication and authentication. More details are provided in the below page: https://www.servicenow.com/docs/bundle/vancouver-it-operations-management/page/product/discovery/concept/microsoft-jea-discovery.html The sample JEA profile provided in KB0965705 is configured to discover many basic CIs and attributes. The profile can be modified and should only serve as a baseline for Discovery with JEA. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0965705 Question : Is there a possibility to reconfigure the ServiceNow discovery share in a different location and not in the admin shares location ? Yes this can be achieved by the property " glide.discovery.adme.base_dir_windows ". Check for this property under " sys_properties " table. If you do not find an entry, create one with the Type: string and update the Value with the path of the desired location. Related Links Please refer the below documentation for the same https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/reference/r_DiscoveryProperties.html https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/reference/r_ApplicationDependencyMapping.html