Permissions needed to inventory Windows systems

Performing the in-depth and enriched inventory needs the right level of permissions in order to report on certain Windows operating system attributes.

An inherent constraint of Microsoft Windows operating systems is that local Administrator privileges are required in order to read certain inventory attributes - there is simply no way around this: in order to perform inventory of a Windows based system then a credential with Administrator privileges on the target machine is required.

When inventory is being performed, system privileges are required as certain Windows operating system commands and API’s such as PowerShell and WMI require this level of access.

Active Directory Domain Credential

One approach is to use an AD domain credential that has Administrator privileges on the target machines. This can be a user account that is a member of the Local Administrators Group. The user account can be directly added or be a member of a Global Group that has been added to the Local Administrators Group. A Domain Admin account can also be used.

If Active Directory Domain credentials are not appropriate for your organisation, then a Local user account can be considered.

Local Credential

An alternative to AD Domain credential is to use a credential that has local Administrator privileges on the target machine.