Supported OS:
- Windows 10
- Windows 8
- Windows 8.1
- Windows 7
- Windows 2008
- Windows 2008 R2
- Windows 2012
- Windows 2012 R2
- Windows 2016
- Windows 2019
- Prerequisite: .Net Framework 4.6 or above
User Requirements for installing:
Role required for installing is administrator user or user from Domain administrator group. The probe can be installed in any location in the machine and requires Administrator access privilege to scan the network devices seamlessly. The Administrator user should have the following permission:
- It should have Full Control permission on the folder where the Probe is going to be installed.
- Able to create, delete, start and stop the service. The probe will create a service name called FreshServiceScan, and it will start and stop when needed.
Local System Account permissions:
The probe will have a UI and a background service called FreshServiceScan, It will run by the Local System Account. So the Local System Account should have the following permissions:
- It should have Full Control over the folder where the Probe is going to be installed.
- Able to create, delete, start and stop the service.
By default, these permissions will be there for the Administrator account and Local System Account, So if there is any access denied issue while installing the probe, we might have to check for these permissions.
Files and Folders permission:
As mentioned above, the Folder in which the Discovery Probe is going to be installed should have the following read, write and execute privileges for the Local System Account and Administrator account. The permission looks like this:
Steps to do that:
- Right-click on the folder where the probe is going to be installed and navigate to Properties.
- Select the Security tab, and click Edit to change permissions.
- Then Add the required user Account if not present and Click OK.
If the above permissions are missing, then the Probe cannot start the system service FreshServiceScan while freshly installing the Probe or while the auto-update.
FreshServiceScan Service settings and recommendations:
- The FreshServiceScan should run as a Local System Account
- The FreshServiceScan's Startup type should be automatic, Since the probe will perform scans via this service, if the background service is stopped by any chance, the scans will not happen.
FreshServiceScan Permission issues:
In some environments, if the Local System Account doesn't have permission to access the remote machine that is going to be scanned.
- How do we find this issue?
- If a machine can be scanned from the probe window directly (individual DeviceScan) but fails to scan via IP Range/Domain scan and throws an Access Denied error. This is the issue that needs to be fixed.
- If a machine can be scanned from the probe window directly (individual DeviceScan) but fails to scan via IP Range/Domain scan and throws an Access Denied error. This is the issue that needs to be fixed.
- Solution:
- As a workaround, configure an Administrator account in the FreshServiceScan so that the account will have permission on the remote machine. That will solve the issue, but upon auto upgrade, the account will be automatically changed to a Local System Account.
- So our recommendation is to give the remote access permission for the Local System Account to fix this permanently.
- As a workaround, configure an Administrator account in the FreshServiceScan so that the account will have permission on the remote machine. That will solve the issue, but upon auto upgrade, the account will be automatically changed to a Local System Account.
Firewall / Network Access:
Windows agent will communicate with the freshservice to sync the discovered data and update the version.
So the URL that needs to be exempted in the firewall are:
- The freshservice URL: <account name>.freshservice.com
- fstools.freshservice.com - this will be used while auto-update.
