Specifying Systems Discovery Actions

You can specify additional actions you would like Privileged Access Service to perform as part of the systems discovery job. For example, you can specify the Windows services you want discovered and other set related actions. These actions apply to both port scanning and Active Directory discovery.

To specify the actions:

  1. Click Discovery > Systems and Accounts > Profiles.

  2. Select the profile for which you want to specify the actions.

  3. Click the Actions tab.

  4. Select the Discover Local Windows and Unix Accounts check box to have Privileged Access Service discover local accounts for Windows and Unix systems.

  5. Enabling this check box allows Privileged Access Service to use SSH to log in to a Unix system and discover local accounts. For Windows systems, enabling this check box allows us to use an API call to identify the local accounts and determine if they are privileged account or not.

  6. After enabling this check box, you can select the following additional actions:

  7. Action Description
    Manage discovered accounts (domain joined systems only) Specify that discovered accounts are automatically taken under management. The account system must be domain joined and the domain must have a configured domain administrative account in the domains Advanced tab.
    Add discovered Windows privileged local accounts to set This action is specific to Windows accounts. Privileged accounts for Windows systems means they are a member of the local administrator group.Specify the account set to which you want to add the discovered systems without known credentials. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding System Sets to create a system set. Permissions for these sets must be specified before running the discovery job.
    Add other discovered local accounts to set Specify the account set to which you want to add the discovered systems. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding System Sets to create a system set. Permissions for these sets must be specified before running the discovery job.
    Limit local account discovery to specific account names You can select a particular system type. If left empty, discovery will operate on all local accounts. A comma or semicolon separated list of account names can be entered for a system type.

  8. Select the Discover Windows Services you want discovered.

  9. The default is to discover services, scheduled tasks, and IIS application pools.

  10. Enable the Additional Actions you want taken as part of this discovery job.

  11. Action Description
    Add discovery account as a system local account The local discovery account used to probe the system is added to the system as a local account.
    Add discovered systems to set Specify the system set to which you want to add the discovered systems. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding System Sets to create a system set. Permissions for these sets must be specified before running the discovery job.
    Add systems without known credentials to set Specify the system set to which you want to add the discovered systems without known credentials. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding System Sets to create a system set. Permissions for these sets must be specified before running the discovery job.
    Add discovered accounts to set Specify the account set to which you want to add the discovered accounts. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding Account Sets to create an account set. Permissions for these sets must be specified before running the discovery job.
    Add discovered services to set Specify the service set to which you want to add the discovered services. Sets are logical groupings of items (systems, databases, etc.) that allow you to specify additional access to the discovered systems and accounts. For example, you can further grant access to discovered systems using the set-level permissions. You must first create a set before you can use it here. See Adding Service Sets to create a service set. Permissions for these sets must be specified before running the discovery job.

  12. Select the option to Apply Actions to the specified actions to newly discovered systems only or both new and existing systems.

  13. Click Save.