Full Windows Details Without Admin Accounts
This article builds upon the previous blog post How to discover Windows Computers with non-admin Accounts!. You might be wondering, what’s new or different that makes this worth reading? Lets’ see how to get full Windows details without admin accounts.
Full Windows Details Without Admin Accounts
There are notable improvements to the JDisc Discovery Zero-Footprint Agent worth mentioning, including:
- Consistent executable naming – no more additional naming elements appended
- Automatically granting required privileges
- Install or deploy the agent using logon as user
Hopefully, something here catches your interest or addresses issues you’ve encountered in the past.
Consistent Executable Naming
Previously, the executable names (rsysexecagent32.exe and rsysexecagent64.exe) had additional naming elements appended—a random 32-bit hexadecimal number—to streamline the agent installation and update process on remote Windows computers. While this approach was convenient for the JDisc Discovery program codebase, it led to challenges in configuring antivirus and intrusion detection software filter definitions.
The installation and update process now creates a dedicated subdirectory (a random 32-bit hexadecimal number) on remote Windows computers to store the JDisc Discovery Zero-Footprint Agent executables (rsysexecagent32.exe and rsysexecagent64.exe). This simplifies the configuration of antivirus and intrusion detection software filter definitions.
Automatically Granting Required Privileges
Users or user groups granted the privilege to run programs with elevated permissions must also have access to the remote Windows computers being discovered.
"Access this computer from the network" (SeNetworkLogonRight)
If you opt to run the agent under a user account other than the default local system user, these privileges are assigned to the user (Logon As User) operating the JDisc Discovery Zero-Footprint Agent service.
"Log on as service" (SeServiceLogonRight) "Act as part of the operating system" (SeTcbPrivilege) "Replace a process-level token" (SeAssignPrimaryTokenPrivilege) "Impersonate a client after authentication" (SeImpersonatePrivilege)
You might be wondering how to configure the Logon As User setting when installing or deploying the JDisc Discovery Zero-Footprint Agent service.
Install or Deploy the Agent using Logon As User
By default, the JDisc Discovery Zero Footprint Agent service runs as local system user. While this setup is convenient since the local system user is always available, it also grants the service unnecessary privileges on the local computer. This is where the Logon As User feature becomes valuable, allowing the agent to run with minimized security and privilege exposure. Running rsysexecagent32.exe or rsysexecagent64.exe with the -help option displays all available command line options.
The -LogonAsUser and -LogonAsUserPassword options are new, enabling the configuration of the JDisc Discovery Zero-Footprint Agent service to run under a user account other than the local system. Use the -LogonAsUser sub-option for the -install and -deploy commands to setup the JDisc Discovery Zero Footprint Agent service to run under a different user than the system account. If you select a Group Managed Service Account (gMSA) for domain joined computers, no password is needed. You can omit the -LogonAsUserPassword sub-option, as Windows and Active Directory automatically manage the gMSAs’ password.
Please note: If you enter a standard (non-gMSA) user and password to install the service, the installation process will attempt to log in using the provided credentials to verify their validity!
Now, let’s explore an example of how the JDisc Discovery Zero-Footprint Agent service is deployed while utilizing nearly all available security options.
The installation (deployment) process automatically grants the necessary privileges to the privilege elevation user (“JDISC-INTERNAL\KannNix”) and Logon As User (“JDISC-INTERNAL\msa-Discover$”) but also adds the Logon As User (“JDISC-INTERNAL\msa-Discover$”) account to the local Administrators group, if it’s not yet a member.
As a side note, when you locate the installation directory of the JDisc Discovery Zero-Footprint Agent in the screenshot above, you’ll notice the changes in file naming and the install directory.
If you’re looking for more detailed information, you can find a comprehensive overview of the JDisc Discovery Zero-Footprint Agent in the JDisc Discovery Security Guide.
I hope you appreciate the new security features and enhancements of the JDisc Discovery Zero-Footprint Agent. If you have suggestions, feature requests, or need assistance, feel free to reach out. The JDisc team is always here to help!
Cheers Thomas
