Asset Management Scan Requirements

Before attempting an asset scan, please confirm that you meet the following requirements:

  • The Windows Management Instrumentation (WMI) service must be enabled and accessible on the target machines.
  • TCP port 135 must be configured on your organization's firewall to allow the WMI protocol.
  • Credentials must be provided for the target machines. You cannot perform scans using your current logon credentials. See Supplying Credentials for details.
  • For target machines using Windows operating systems, which employ the use of User Account Control, you must either:
    • Join the machines to a domain and then perform the scan using domain administrator credentials, or
    • If you are not using the built-in Administrator account on the target machines (and using that account is NOT recommended), you must disable User Account Control (UAC) remote restrictions on the machines. To do this:
  1. Click Start, click Run, type regedit, and then press Enter.
  2. Locate and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  4. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click DWORD Value.
    2. Type LocalAccountTokenFilterPolicy and then press Enter.
  5. Right-click LocalAccountTokenFilterPolicy and then click OK.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.

For more details on disabling UAC remote restrictions, see Microsoft Learn (opens in a new window)

Windows Firewall Requirements for Hardware Asset Scans

Security Controls scans for hardware assets using WMI in semisynchronous mode. This means the firewall policy only requires DCOM connections from the console machine to the target machines. Asynchronous mode, which would require reverse connections back to the console, are not used.

To scan hardware assets of a machine with Windows Firewall running, you must set that machine’s firewall to allow remote administration. You can configure the firewall via group policy or local command. The local command is:

netsh firewall set service RemoteAdmin enable

If you are unfamiliar with Windows Firewall administration, the following link may help: