Configuring the Ivanti Endpoint Security Server for Discovery Scanning

The Ivanti Endpoint Security server must be configured to accept session security encryption so that you may run the Agent Management Job on your managed endpoints.

Prerequisites:

On the server the authentication package for the local security authority has values defined in the server registry. You need to authenticate that the server has the correct security encryption value in order to run the Agent Management Job on endpoints within your network.

  1. Log in to the Ivanti Endpoint Security server using an account with System Administrator privileges.
  2. Open the Registry Editor.
    1. From the Start Menu or Start Screen, open a Run prompt.
    2. Type regedit.exe and press ENTER.
      The Registry Editor window opens.
  3. Expand the registry tree to HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\Control\Lsa.
  4. Ensure the value for the LmCompatibilityLevel registry value is set to 3.
    1. Ensure Lsa is selected in the registry tree.
    2. In the right-window area, select the LmCompatibilityLevel binary value.
    3. Right-click on the LmCompatibilityLevel binary value select Modify.
      The Edit Binary dialog opens.
    4. Ensure 3 is visible in the Value data field. If not present, then change the value to 3.

Under most network conditions, a setting of 3 (Send NTLM 2 response only) is sufficient. However, in some networks, this key may require a different value. To determine which value to use, refer to How to Enable NTLM 2 Authentication.

The Ivanti Endpoint Security server is configured to utilize discovery scanning.

After Completing This Task:

If you are configuring the server for scanning in preparation for an Agent Management Job, ensure you have complete the tasks needed for an Agent Management Job. For more information, see Agent Management Job Checklist.