Starting in London, Discovery can now support Windows without a local admin. It can be done with a non-admin user using JEA (Just Enough Administration). This is a Windows security protocol similar to SUDO on Unix.
Please refer to KB0697317 - ServiceNow Discovery with Microsoft JEA for details regarding the configuration of JEA.
Here are a few points that need to be noted:
- "Test credentials won’t work with the JEA non-admin credential but Discovery does work. This is a known issue.
- It doesn’t populate installed software. This is a known issue.
- It only works for Windows 2016 and Windows 2012.
To get this to work, you must follow the attached instructions exactly. You can’t skip any steps when setting up the JEA endpoint.
The instructions include the setup for the
- Windows Server you are trying to discover
- MID Server
- SN Instance
- You must be running ServiceNow London version or higher
- The Windows Server that you wish to discover must be part of a Windows domain
- The JEA credential must be a domain level non-Admin credential
- PowerShell remoting must be enabled on the Windows Server
- Windows Remote Management must be running on the Windows Server
- Windows Management Framework 5 must be running on the Windows Server
- MID Server must be part of the same Windows Domain
London and newer releases.