What are the options for Windows Discovery?

This page outlines the various options available for discovering Windows operating systems using vScope. While the best option depends on your organization’s specific needs, for optimal security, control, and transparency in discovering your Windows environment, we typically recommend utilizing PowerShell and Just Enough Administration (JEA). Our pre-configured JEA template profile includes all the necessary permissions for vScope to gather comprehensive data while adhering to the principle of least privilege. This approach allows you to grant vScope precisely the access it needs without exposing your environment to unnecessary risks.

Alternatively, if your environment does not require JEA or features such as custom PowerShell scripts and Windows Registry Keys, you can utilize WinRM and/or WMI for Windows Discovery.

Note

Regardless of the access control method you choose, you can be confident that vScope securely manages credentials. Passwords are always encrypted and stored on-premises in your data center, ensuring the confidentiality and integrity of your sensitive information.

Frequently Used Methods for Windows Discovery

Below is an overview of common methods for managing access control for Windows Discovery within vScope. You can select one or multiple methods based on your organization’s requirements.

Access Control Method	Description	Supported Technologies	Pros	Cons
Local Administrator	Local admin account on each server. Consider Setting up permissions via GPO	WMI, WinRM, PowerShell	Simple initial setup (small environments), broad local read access	Difficult to manage at scale, high local security risk, doesn’t align with least privilege
Group Managed Service Account (gMSA)	Managed domain account for services	PowerShell	Secure password management for service accounts	Requires explicit permission configuration for discovery
Domain Administrator	Domain-wide administrative account	WMI, WinRM, PowerShell	Broad domain access, simple initial setup for wide discovery	Violates least privilege
Just Enough Administration (JEA)	Delegated admin via PowerShell with restricted privileges. Learn more about JEA when setting up Windows (PowerShell)	PowerShell	Granular control over permissions, adheres to least privilege, enhanced security and transparency, vScope provides a template	Requires understanding of PowerShell and JEA configuration