Escolar Documentos
Profissional Documentos
Cultura Documentos
com
1/58
www.lansweeper.com
Prerequisites
Web server:
Windows 2000 or higher with Internet Information services installed or the Lansweeper build-in web server.
The dotnet framework 2.0 installed (latest service pack).
Database server:
Windows 2000 or higher (32 and 64 bit)
SQL server 2000 SP4 or higher (or the free SQL express)
Clients:
Windows 2000 and above (Windows 9x clients are not supported)
Windows home versions are not supported.
Event log scanning is not supported on windows 2000.
In this example the web console, database and service are installed on the same machine.
Website: http://www.lansweeper.com
Support: http://www.lansweeper.com/forum
Skype : Lansweeper
2/58
www.lansweeper.com
Set the SQL server Browser to automatic and start it (if not already started)
Restart the SQL service.
3/58
www.lansweeper.com
Installing Lansweeper
4/58
www.lansweeper.com
You can choose to install Database, Service and Website on different servers if you want; in this example we are going to install
everything on one server.
Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When
connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not
allow remote connections.
5/58
www.lansweeper.com
The user running the service must have administrative privileges on all clients being scanned by lansweeper.
Workgroup:
Domain:
6/58
www.lansweeper.com
If IIS is installed, the installer will suggest using IIS as a web server.
If you are already using any web applications on the server we recommend creating a new website on a new port.
If IIS is not installed you can choose the lansweeper build-in web server.
7/58
www.lansweeper.com
When setup completes you will be able to subscribe to our newsletter to get news about updates, patches & tutorials.
(Not required but recommended)
8/58
www.lansweeper.com
Surf to your server where the Lansweeper service is running (not the website) http://servername:9524
If there are any errors, the errorlog.txt file is in your service folder:
9/58
www.lansweeper.com
You can use integrated authentication or you can connect with a username and password:
Username: lansweeperuser
Default password: mysecretpassword0*
You can change the default password of the SQL user later if you want.
Important!
If you change the password of “lansweeperuser” you also need to edit the following files to reflect the changes:
…\lansweeper\service\Lansweeperservice.exe.config
…\lansweeper\website\Web.config
10/58
www.lansweeper.com
Configuring all scanning options.
If you have the enterprise version you can select the server you want to
configure.
The premium version will have only one scanning server.
11/58
www.lansweeper.com
• Listen port
This is the TCP port used by lansweeper to listen for incoming lsclient requests. It is also used to host the scanning
queue and server status.
Changing this value requires a service restart.
• Computer threads
The amount of simultaneous scans lansweeper performs, on dedicated multi processor machines you can set this value
higher (up to 80-90).
Changing this value requires a service restart.
• IP threads
The amount of simultaneous IP addresses scanned by IP range scanning. It is recommended to keep this value low to
save processor resources.
Changing this value requires a service restart.
• By default the event log scanning only scans errors and warnings, if you need additional information scanned, you can
enable these events.
Changes become active after max. 15 minutes.
Reporting tips:
Track administrator logons.
Track group membership changes.
Track almost full disk warnings.
• If you want to use e-mail alerts it’s important to specify an e-mail relay server in your configuration.
How to define which reports and alerts to e-mail is shown later in the documentation.
12/58
www.lansweeper.com
Active scanning allows you to scan multiple domain and selected OU’s
without the need to install any client on the workstations.
Active scanning is a “set it and forget it” option, it will query your
domain controllers to find out recently connected workstations and
servers. It is recommended if you have an active directory domain.
Lansweeper queries all domain controllers in the domain for new logged on computers, this process is repeated every 15
minutes. New computers found are added to the scanning queue maximum once every 8 hours.
When you start or restart the service, active scanning looks for computers logged on in the last 14 days. If a computer is
currently offline it will give an RPC error (which can be safely ignored)
Lansweeper queries the computers visible in the specified workgroup in the network neighborhood; this process is repeated
every 15 minutes. New computers found are added to the scanning queue maximum once every 8 hours.
13/58
www.lansweeper.com
IP range scanning can discover network devices in your network which have the SNMP, SSH, HTTP, HTTPS, FTP, SMTP, SIP,
Telnet or Jet direct protocol enabled.
• Time-Out
Pinging the target IP address times out in X seconds. In high traffic networks it is recommended to increase this value.
• Don’t ping
When enabled: All IP addresses will be scanned regardless of the ping result (slower)
• No windows
When enabled: Windows machines will be ignored by the IP range scan (recommended)
• Credentials
Clicking this button bring up the credentials screen for this range.
Each ip range can have different credentials.
• Default domain
When “No windows” is unchecked, the credentials of this domain will be used first. (You can specify up to three domain
or workgroup names)
• SSH credentials
These credentials are used to logon onto Linux,Unix,Mac,… machines.
To discover these machines you must enable SSH on them.
It is recommended to use IP range scanning only for devices (check the “No windows” check box)
Linux,unix,mac computers are considered “devices” in Lansweeper.
14/58
www.lansweeper.com
Use this scanning option to incrementally update your server’s eventlog and generate the necessary alerts in time.
There is no client or extra software needed on your computers for this feature.
In most scanning options the computers are scanned every day or every couple of days.
Most users want to have the event logs of important servers scanned faster (every hour) to generate e-mail alerts.
Eventlog scanning scans only the eventlog and ignores the other scanning wait time settings. It can be used in combination
with all the other scanning options.
• Recurring
Scanning occurs every xx minutes or hours (use in combination with M/H)
• M/H
M: The scanning occurs every xx minutes.
H: The scanning occurs every xx hours.
• Scan
Computer: scan one single computer by name.
ADSI path: scan all computers in an active directory container (recursive)
• Target
Computername (NetBIOS name) if you choose “Computer”
path name if you choose “ADSI path”
ADSI paths are scanned recursively.
• Domain
NetBIOS domain name of the computers being scanned (needed to select the proper credentials)
At the scheduled time the computers will be added to the scanning queue, the actual scan time depends on the size of the
queue at that time.
15/58
www.lansweeper.com
Scheduled scanning allows for scanning computers, complete domains or OU’s at scheduled time intervals.
• Scan
Computer: scan one single computer by name.
ADSI path: scan all computers in an active directory container (recursive)
• Target
Computername (NetBIOS name) if you choose “Computer”
Path name if you choose “ADSI path”
ADSI paths are scanned recursively.
• Domain
NetBIOS domain name of the computers being scanned (needed to select the proper credentials)
At the scheduled time the computers will be added to the scanning queue, the actual scan time depends on the size of the
queue at that time.
16/58
www.lansweeper.com
Although the name would suggest otherwise lsclient.exe is no real client or agent.
Basically it just sends a message to the server “hello, I’m here, scan me on this IP Address” and stops working.
The service queue’s this request and starts scanning the client when ready.
/scanonip is a new option. You can use it if you have vpn clients and want to scan them on the IP address they currently have
without the need to have DNS updated.
17/58
www.lansweeper.com
%logonserver%\netlogon\lsclient.exe myserver
18/58
www.lansweeper.com
Deploying lsclient by using a GPO
Make sure that you use a logon script instead of a startup script because this is running in the context of the user.
A sample vbs script that runs the lsclient hidden could look like this:
19/58
www.lansweeper.com
On this page you can specify alternate credentials to scan other domains or workgroups.
If you want to use credentials from a computer that cannot be verified (example: a DMZ standalone computer or workgroup)
you can check the box “Don’t try to authenticate username\password”
If you need alternate credentials for workgroups you need to specify the user as ”.\username”
When scanning workgroups you need a common username/password combination that has administrative privileges on all
workgroup computers.
20/58
www.lansweeper.com
You can connect from the server to one of the clients to check if the WMI settings and access permissions are ok.
The test checks if WMI access and registry access using WMI is possible.
• Windows firewall or other firewall blocking access. (99% the cause of the
problem)
• Dns problem: Dns points to a wrong IP address.
• WMI and Dcom are not enabled on the client.
(in a default windows installation this is enabled)
• Access denied: the server user does not have administrative permissions
on the client.
If you have checked our knowledgebase and didn’t find an answer, please visit our
support forum http://www.lansweeper.com/forum
21/58
www.lansweeper.com
This table defines which items are updated when a computer is scanned.
If a computer is scanned for the first time, all items with a waittime higher than -1 are scanned.
Examples:
• Cdrom = 60
When the computer is scanned, cdrom information is scanned if it wasn’t scanned in the last 60 days.
• Codec = -1
When the computer is scanned, codec information is never scanned.
• Files = 0
When the computer is scanned, file information is scanned each time.
• Network = 1
When the computer is scanned, network information is scanned if it wasn’t scanned in the last 24 hours.
22/58
www.lansweeper.com
If you wish to exclude some computers from scanning you can add them to this list.
To exclude all computers starting with “lan-“ you can use “lan-%”
23/58
www.lansweeper.com
3 types of keys are currently supported: Plain text, Microsoft and Adobe.
Do not add any registry locations for Microsoft office products, these will be scanned automatically.
Known issues:
• Key’s for Office versions 2000 and below are not available (they are not stored on the computer)
• Microsoft MAK keys cannot be recovered (they are not stored on the computer)
24/58
www.lansweeper.com
You can add your website to the trusted sites for security reasons.
25/58
www.lansweeper.com
You can disable/enable the plugin afterwards from the Firefox menu/tools/add-ons.
26/58
www.lansweeper.com
Select all the computers in the grid (ctrl & shift) for multiple selections.
“Delete”: This will delete the computer details and all related information from your database.
“Rescan”: Rescans the selected computers (wait time applies)
“Full Rescan”: Rescans the selected computers (wait time does not apply)
“Refresh”: Refreshes the grid with updated information from the database.
You can use filters and custom sorting to select the computers you want.
27/58
www.lansweeper.com
With the dropdown box you can select from all the available reports in the database.
Sort order = the lower the number, the higher the report will be displayed in the interface
Priority 1 : High priority
Priority 2 : Important
Priority 3 : Informational
Color = show in red if the report contains items
Show % = shows the percentage of computers contained in this report
28/58
www.lansweeper.com
Creating custom reports
In this example we will create a sample report, basic SQL knowledge is required.
We want to display all software found in our network from the publisher “Apple Inc.”
Drag the 2 needed table “tblcomputer” and “tblsoftware” to the query builder and select the needed fields.
29/58
www.lansweeper.com
Don’t use any special characters in the View Name, it is unique and used for internal storage.
Our report is now available and can be exported to Excel, Csv, XML, …
You can change the date format used on the web pages on the “home” configuration screen.
30/58
www.lansweeper.com
If you want to include user details, add the table to the report, link it on both username and userdomain and make sure to
“select all rows from tblcomputers”, this will also include computers in the report with empty usernames.
31/58
www.lansweeper.com
Information about all WMI classes and fields can be found on this link:
http://msdn.microsoft.com/en-us/library/aa394084%28v=VS.85%29.aspx
Each field from the WMI class maps to a field in the database table.
32/58
www.lansweeper.com
PARALLELPORT tblParallelPort Win32_ParallelPort class scanning
PCMCIA tblPCMCIAController Win32_PCMCIAController class scanning
POINTING tblPointingDevice Win32_PointingDevice class scanning
PORTABLEBATTERY tblPortableBattery Win32_PortableBattery class scanning
PORTCONNECTOR tblPortConnector Win32_PortConnector class scanning
POTSMODEM tblPOTSModem Win32_POTSModem class scanning
PRINTERS tblPrinters Win32_Printer class scanning
PROCESS tblProcesses win32_process class scanning
PROCESSOR tblPROCESSOR Win32_Processor class scanning
PROXY tblProxy Win32_Proxy class scanning
QUICKFIX tblQuickFixEngineering Win32_QuickFixEngineering class scanning
REGISTRY tblRegistry Custom registry keys scanning
SCSI tblScsicontroller Win32_SCSIController class scanning
SERIALNUMBER tblSerialnumber Software license key scanning
SERIALPORT tblSerialPort Win32_SerialPort class scanning
SERVICES tblServices Win32_Service class scanning
SHARES tblShares Win32_Share class scanning
SOFTWARE tblSoftware Installed software scanning
SOUND tblSoundDevice Win32_SoundDevice class scanning
SYSTEMENCLOSURE tblSystemEnclosure Win32_SystemEnclosure class scanning
TAPE tblTapeDrive Win32_TapeDrive class scanning
USBCONTROLLER tblUsbcontroller Win32_USBController class scanning
USERS tblUsers Win32_UserAccount class scanning
USERSINGROUP tblUsersInGroup Users that belong to NT group scanning
VIDEOCONTROLLER tblVideoController Win32_VideoController class scanning
33/58
www.lansweeper.com
One mail group can contain multiple e-mail addresses if you separate them with a “;”
When this is done we can select the reports we want to e-mail and we can choose the mail group we want to send to.
Selected reports will be mailed each night if they contain any results.
34/58
www.lansweeper.com
If you want to receive e-mail alerts if an error happens on one of your servers you can use the eventlog alerts.
This is best used in combination with scheduled eventlog scanning.
You can specify multiple alerts each with their own mail group and filters.
• Operator
Use the “like” operator to search for partial matches.
• Eventtype
1: error
2: warning
3: Information
4: Security Audit Success
5: Security Audit Failure
35/58
www.lansweeper.com
Ignoring eventlog events.
If you want to ignore recurring warnings then you can create a filter for them.
36/58
www.lansweeper.com
On the left you see all the software found in your network.
If you want to track license usage of a software item, you can select it and add it to the list of tracked software.
In the details you can select multiple versions and products for one license type.
You can use the wildcard ‘%’ in the version to specify multiple versions.
The total calculation and missing licenses can be found on the web page:
37/58
www.lansweeper.com
On the left you see all the windows operating systems found in your network.
If you want to track license usage of an operating system, you can select it and add it to the list of tracked Operating systems.
# Purchased : amount of licenses that you purchased for this operating system.
# Price : price for one license.
The total calculation and missing licenses can be found on the web page:
38/58
www.lansweeper.com
Implementing custom actions
Actions are run locally on the computer where you browse to the lansweeper web interface.
The actions run in the security context of the user starting the web browser.
Computer actions:
• Sort order: the lower the number, the higher the report will be displayed in the interface.
In large active directory domains it might be advisable to replace {computer} by {fqdn} to connect to the full dns name.
User actions:
39/58
www.lansweeper.com
Device actions:
You can add your own icons to the “actions” folder in the web folder.
40/58
www.lansweeper.com
• Filename
you can use 3 optional parameters : %programfiles%, %programfiles(x86)% and %windir%
if you use the %programfiles(x86)% parameter and the OS is 32 bit then the result will be the same as the
%programfiles% parameter.
• Enabled
Enable scanning of this file.
• File size, company, version and other info is scanned for this file.
Results of these file scans can be used to create custom reports using the report builder.
Examples:
Which computer doesn’t have the latest version of Firefox installed?
Which computer doesn’t have the latest version of Antivirus scanner X?
Which computer doesn’t have the needed DLL for application X?
41/58
www.lansweeper.com
Note that you cannot scan registry keys for the user that is logged on. HKEY_CURRENT_USER refers to the user performing the
scan. (the service user)
42/58
www.lansweeper.com
Add all users that are allowed to be local administrator on their computer to this list.
43/58
www.lansweeper.com
Add all approved and safe software to the list on the right.
The computer’s software web page will show the approved software with a green icon.
44/58
www.lansweeper.com
You can use the {assettag} and {model} parameter to link to computer vendors support pages.
This information is used in the support link on the actions web page.
45/58
www.lansweeper.com
If you enable snmp on your devices you can use the OID to automatically map the device to a device type and model.
If you manually change the device type of a device, make sure that you check the “lock against scanning” checkbox.
Doing this will make sure your manual changes are not overwritten by future scans.
46/58
www.lansweeper.com
The device tester is a standalone tool found in the “actions” folder (devicetester.exe)
If you have problems to scan certain devices you can use this tool to see the scanning details and test snmp, ssh, passwords, …
You can also run the device tester from the web actions.
Syntax:
Devicetester.exe {ipaddress}
47/58
www.lansweeper.com
They are used in the “IE: Unauthorised …” reports and can also be found on the computer’s configuration web page.
48/58
www.lansweeper.com
You can change the display name of the custom fields shown on the website.
Note that you will still need to use the “customX” name when you create reports.
49/58
www.lansweeper.com
If you use other anti-virus software you can add the name to this list.
50/58
www.lansweeper.com
You can define custom Locations, named “IP Location” in Lansweeper. It’s an easy way to group computers and devices
together based on IP address.
51/58
www.lansweeper.com
52/58
www.lansweeper.com
Upgrading to the premium version.
After purchase you receive a license key which you can copy/paste into
the home screen.
Start one of the premium tools from the administrator's computer (for example: remote uninstall)
Place a file "license.txt" with your license code in the same folder as the executables
("%programfiles%\lansweeper\actions" in the default setup).
53/58
www.lansweeper.com
If you want to add pictures for your users you can add them in the pictures folder of your web server:
Folder = NetBIOS name of your domain (change this to reflect the name of your domains)
Picture = username.jpg (SamAccountname)
54/58
www.lansweeper.com
Lstrigger has the same functionality as clicking “full rescan” in the web interface and is provided for backwards compatibility.
Use this tool to force/trigger remote scanning of a workstation from the command line.
Example:
lstrigger "servername" "computer" "domain"
Default port = 9524
Change “servername” to the name of the server running your lansweeper service.
When you trigger a scan all information for this computer is rescanned regardless of the waittime set.
55/58
www.lansweeper.com
Premium tool: Remote screenshot - see what’s on a remote computer screen.
You can also use this program from the command line or from the action screen.
Usage:
screengrab.exe {computer} /AP
Optional parameters:
/AP = ask permission
/NP = don’t ask permission
56/58
www.lansweeper.com
Premium tool: Remote control - Take remote control of your workstations by pushing VNC.
Remote control the screen of your workstations to give them remote support.
The free VNC service is automatically pushed to the client on first use.
You can also use this program from the command line or from the action screen.
Usage:
lsremote.exe {computer} /AP
Optional parameters:
/AP = ask permission
/NP = don’t ask permission
57/58
www.lansweeper.com
Premium tool: Remote software uninstall – list and uninstall software on remote computers.
You can also use this program from the command line or from the action screen.
Usage:
remoteuninst.exe {computer}
The only requirement is WMI and administrative rights on the remote computer.
MSI packages:
These are uninstalled by the MSIexec command.
Adding the /QN /NORESTART parameters makes the uninstall invisible to the remote users.
Other installers:
These might have optional parameters available to run the uninstall window hidden but this depends on the software vendor.
Silent uninstall is not always available for non-msi installers.
58/58