none
Admin User credential used for scanning w MAP - creates user profile on all target machines? RRS feed

  • Question

  • Hello

    Is it correct that the Admin Credential that is used to scan with will also create a User Profile on all the Servers/Clients that is being inventoried?

    Please confirm.

    Some organization see that as a threat because they create a specific user for this purpose only.

    Thanks.

    Jacob

    Tuesday, June 14, 2016 7:33 AM

All replies

  • No it does not create a profile.

    The usernames and passwords usually provided are administrator - domain-authenticated - credentials that have local computer administrative rights.

    List of credentials to use: 
    http://social.technet.microsoft.com/wiki/contents/articles/17807.credentials-for-map.aspx


    Here is another text portion form the FAQ to reinforce the security of credentials if someone is questioning it:

    Q: What does the MAP Toolkit do with administrative credentials used to collect inventory?

    A: MAP never persists security credentials to disk. The credentials you provide are encrypted using the DPAPI  and maintained only in memory. Credentials in memory are disposed of when the inventory completes. For each machine that MAP attempts to connect to, the credentials are passed to the connection method being used, at which point the credentials are securely handled by the remote operating system that is being interrogated. Credentials are never logged or written to the database or any other file.



    Wednesday, June 15, 2016 2:04 PM