2 Replies Latest reply on Mar 15, 2011 5:22 PM by historicalshavlikcustomer

    Is anyone having issues with Windows XP and asset scans?

    Master

      When we do hardware asset scans of systems on our network we get results for every version of Windows except XP.  This includes successful scans for Server 2003 R2, Server 2008, Server 2008 R2, Windows Vista, and Windows 7.  The Windows 7 and Vista machines are on the same network as our Windows XP machines.  We even took one XP workstation and removed Symantec antivirus and firewall from it; the workstation also had the Windows firewall turned off.  As far as documentation goes our XP workstations meet all of the requirements provided by Shavlik to scan.  Can anyone help?

       

      Thanks,

      JH

        • 1. Re: Is anyone having issues with Windows XP and asset scans?
          Master


          Hello,

          You mentioned you did check the requirements. I have posted them below just in case where you were viewing the requirements they varied, also for others reviewing this posting.

          It depending on how this is failing. With certain hardware configurations have been reported to possibly cause less data to come back from the hardware asset scans. (Certain vendors can disable what hardware is reported to the operating system, and this can vary even just on version of the same hardware, at this time we do not have a listing of these items.)

          Is this failing with an error during scanning at this time and not reporting any results?

          Thank you.


          Asset Management Scan Requirements

          Before attempting an asset scan, please confirm that you meet the following requirements:

                        • An asset management license key must be available.
                        • The Windows Management Instrumentation (WMI) service must be enabled and
                             accessible on the target machines.
                        • TCP port 135 must be configured on your organization's firewall to allow the WMI
                             protocol.
                        • Credentials must be provided for the target machines. You cannot perform scans using
                             your current logon credentials. See Supplying Credentials for details.
                        • For target machines using Windows operating systems that employ the use of User
                             Account Control (this includes Windows Vista or later and Windows Server 2008 or later),
                             you must either:
                                        o Join the machines to a domain and then perform the scan using domain
                                              administrator credentials, or
                                        o If you are not using the true administrator account on the target machines you
                                             must disable User Account Control (UAC) remote restrictions on the machines.
                                             To do this:
                                                                1. Click Start, click Run, type regedit, and then press Enter.
                                                                2. Locate and then click the following registry subkey:
                                                                       HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV
                                                                       ersionPoliciesSystem
                                                                3. If the LocalAccountTokenFilterPolicy registry entry does not exist,
                                                                       follow these steps:
                                                                                                        a. On the Edit menu, point to New, and then click DWORD Value.
                                                                                                        b. Type LocalAccountTokenFilterPolicy and then press Enter.
                                                                4. Right-click LocalAccountTokenFilterPolicy and then click OK.
                                                                5. In the Value data box, type 1, and then click OK.
                                                                6. Exit Registry Editor.
                                                            For more details on disabling UAC remote restrictions, see
                                                               http://support.microsoft.com/kb/951016

          Windows Firewall Requirements for Hardware Asset Scans

          NetChk Protect scans for hardware assets using WMI in semisynchronous mode. This means the
          firewall policy only requires DCOM connections from the console machine to the target machines.
          Asynchronous mode, which would require reverse connections back to the console, are not used.

          To scan hardware assets of a machine with Windows Firewall running, you must set that
          machine’s firewall to allow remote administration. You can configure the firewall via group policy
          or local command. The local command is:
          netsh firewall set service RemoteAdmin

          If you are unfamiliar with Windows Firewall administration, the following links may help:
          http://support.microsoft.com/kb/875605
          http://msdn.microsoft.com/en-us/library/aa389286(VS.85).aspx
          • 2. Re: Is anyone having issues with Windows XP and asset scans?
            Master

            I think I have found the problem.  Since putting in this question I have reconvened with my firewall team, and it seems that for some reason the RPC calls are acting differently from XP machines than all of the other Windows machines.  My firewall guy apparently has to implement a hotfix to get everything working like it should on the firewall end.  Until then he has just opened up all RPC high ports, which has resolved the issue.

            FYI for those who don’t know, when Shavlik does a hardware asset scan it uses WMI.  WMI initiates over port 135 but then gets assigned a dynamic high port through RPC from the destination workstation.

             

            Thanks,

            JH