Risk Intelligence Help

Scanning via Active Directory

After selecting your organization and scan type from the Scan Computers page, choose Active Directory from the Scan Delivery Method dropdown:

Step 1 Configure Distribution Point for the Command Line Executable

  1. Create a directory named iscan under C:\Windows\SYSVOL\domain\scripts on the Domain Controller.
  2. Download the command line executable for Windows and save it to the iscan directory you just created. Be sure to keep the name exactly as it is. (Ex: iscanruntime_DEMOSCAN_.exe)

Step 2 - Launch Server Manager

In most cases, this is done by simply clicking the Server Manager icon located at the far left of the task bar at the bottom of your screen.

Step 3 - Open Group Policy Management

Server 2008/2008R2

Navigate to Features > Group Policy Management.

Server 2012/2012R2

Click Tools in the upper right of the window, then click Group Policy Management.

Server 2016

Click Tools in upper right of window and select Group Policy Management:

Step 4 - Navigate to the Group Policy Object

Once inside Group Policy Management, navigate to Forest > Domains > Your Domain Name > Default Domain Policy.

Step 5 - Edit the Domain Policy

Right click on the Default Domain Policy object and select Edit.

The Group Policy Management Editor is displayed:

Step 6 - Open Scheduled Tasks

In the Group Policy Management Editor, go to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks.

Step 7 - Create a New Scheduled Task

Right click on Scheduled Tasks, click New, then select from the following options based on your Operating System:

  • For Server 2000/2003, select Schedule Task.
  • For Server 2008/2008R2 select Schedule Task (Windows Vista or later).
  • For Server 2012/2012R2/2016 select Schedule Task (At least Windows 7).

If you have multiple Operating Systems on your domain (e.g. Windows XP, Windows 7 and Windows 10) you must create separate Scheduled Tasks. One for Windows XP/Windows 7 and one for Windows 10.

Step 8 - Configure the Task (for Server 2016)

  1. On the General tab, click on the Action drop down and select Create…
  2. Add a descriptive name (this is mandatory).
  3. Add account to run task (this is mandatory).
  4. Click on the Configure for: dropdown and select the Operating System that you will deploy task to (i.e. Windows Vista or Windows Server 2008/Windows 7, Windows Server 2008R2).
  5. Click on the Triggers tab to configure the run-time/schedule of the Scheduled Task.
  6. Optionally, configure Actions, Conditions, Settings, and Common if desired.
  7. Click Apply.
  8. Click OK.
  9. The Configure Task step for both Server 2008/R2 and 2012/R2 has additional options for specific operating systems (e.g. Windows XP or Windows 7) that are not displayed here. While those tasks can be configured to work, you need to consult the provider’s website for details.

  10. The Schedule Task option available when creating a new task in step 7 is pre-configured for Server 2000/2003 and Windows XP machines. You must use Schedule Task with the option in parenthesis (e.g. Schedule Task (Windows Vista or later) to ensure the Schedule Task is configured correctly to deploy to the relevant Operating Systems on the domain (i.e. using the Configure for: dropdown (above)).

Step 9 - Schedule the Task

  1. In the Schedule tab, click on the Scheduled Task dropdown and select the option you require.
  2. Set the Start time.
  3. Add the settings you need - these vary depending on your selection in the Scheduled Task dropdown.
  4. Configure any optional settings as required.
  5. When you have finished, click OK to save your new scan task.

Step 10 - Check Scan Progress

Assuming the steps above have been completed, and your updated GPO has been pushed to all systems, then the scan should be executed at the time you specified in the task.

There may be some delay upon the first schedule of scans as the Domain Controller needs to communicate the GPO updates to each of the workstations and servers in your domain. By default, GPO refreshes occur on workstations every 90 minutes. For more information refer to this article: http://technet.microsoft.com/en-us/library/cc940895.aspx.

Manually running GPUPDATE on the Domain Controller and any target systems may speed up the GPO sync process.

To verify the scan is executing properly, log in to the Risk Intelligence Console and navigate to View and Manage - Scan Results to view your scan progress (see View Individual Device Scan Results.

Troubleshooting

If scans are not being executed at the proper times, then try the following troubleshooting steps:

  1. Make sure the path specified in the scheduled task is correct. In most cases, it should be in the format of \\server name\path\executable.
  2. Make sure the systems that have been scheduled to run the task have access to that shared location. You can do this by opening the Run menu (Start / Run, or Windows key + R), then typing in the path to that shared location (minus the file name), and hitting enter. The folder containing the executable should open.
  3. Make sure the date and time are correct on all systems.
  4. Open the Event Log on one of the target systems and look for any events related to the Task Scheduler or the scheduled scan.
  5. Open the local Task Scheduler on a target system. Click on Task Scheduler Library, then look for your scheduled scan in the middle window. If not found, then that could indicate GPO sync issues. If found, it may have a status message that could help to explain any failures.

Additional Reading

More information on GPO editing and GPO Schedule Tasks can be found in these Microsoft Articles:

http://technet.microsoft.com/en-us/library/cc770904.aspx

http://technet.microsoft.com/en-us/library/cc736591(v=ws.10).aspx