Log in

How can we help?

  1. Atera Support
  2. Atera MSP
  3. Add-Ons and Integrations
Help Center
    Was this helpful?
    1 out of 1 found this helpful

    Network Discovery: Optimal network settings

    We recommend proactively configuring your target networks with the following network settings, for optimum Network Discovery results. If you've already tried Network Discovery but had trouble connecting, or retrieving device information, please review the information below. 

     

    Domain environment checklist

    This checklist details the recommended network settings for Windows domain environments. Share this with your IT administrator and request that they configure your network's domain controller as follows:

    Note: We recommend enabling WinRM for WMI monitoring (via DC Group Policy) so you can get the most out of the Network Discovery feature. In particular, enabling WinRM will allow for seamless, remote agent installation within Network Discovery.

     

    GPO configuration for Windows Firewall (Inbound Rules)

    Allow Windows Management Instrumentation (WMI) service to operate through Windows
    Firewall. This includes the following rules:

    • Windows Management Instrumentation (ASync-In)
    • Windows Management Instrumentation (WMI-In)
    • Windows Management Instrumentation (DCOM-In)

    1. On the domain controller, go to Group Policy Management and edit the Default Domain Policy.

    mceclip2.png

    2. Under Computer Configuration, navigate to Policies > Windows settings > Security settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound rules > right-click and select New rule.

    mceclip3.png

    3. Under the Rule Type window, select Predefined: Windows Management Instrumentation (WMI). Then click Next.

    mceclip19.png

    4. Under Rules, select all three. Then click Next:

    mceclip5.png

    5. On the next page, select Allow the Connection, then click on Finish.

    mceclip7.png

     

    Domain configuration

    Allow ICMP (Internet Control Message Protocol) to operate through Windows Firewall.
    Note: ICMP requests are used to detect active devices to scan.

    1. Go to Group Policy Management and edit the Default Domain Policy.

    mceclip2.png

    2. Under Computer Configuration, navigate to Policies > Windows settings > Security settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound rules > right-click and select New rule.

    mceclip3.png

    3. In the Rule Type window, select Custom. Then click Next.

    mceclip8.png

    4. In the Program window, select All programs. Then click Next.

    mceclip9.png

    Note: In order to use This program path, you will need to whitelist all of the .exe files from all Atera's packages (these can be found under C:\Program Files\ATERA Networks\AteraAgent\Packages).

    5. Select ICMPv4 as the Protocol type. Then click Next.

    mceclip10.png

    6. Under the Scope window, select Any IP address for both sections. Then click Next.

    mceclip11.png

    7. Under Action, select Allow the connection. Then click Next.

    mceclip12.png

    8. Under Profile, select the relevant option according to the endpoints' network (select as many as required). Then click Next.

    mceclip13.png

    9. Add a name and a description. Then click Finish.

    mceclip14.png

    You're done! This is what the ICMP & WMI rules should look like.

    mceclip15.png

     

    GPO Configuration for Windows Services

    The following four services need to be set up on Automatic startup:

    • Remote procedure call (RPC)
    • Remote Registry
    • Windows Management Instrumental 
    • Windows update

    1. On the domain controller, go to Group Policy Management and edit the Default Domain Policy.

    mceclip2.png

    2. Under Computer Configuration navigate to Policies > Windows Settings > Security Settings > System Services.

    mceclip15.png

    3. Right-click on each service > Properties > Check Define this policy settings > Automatic > click OK.

    mceclip18.png

    mceclip16.png

     

    Third-Party Firewalls

    Make sure third-party firewalls are disabled or configured similarly to Windows Firewall as above.
    Note: By default, the computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates, the Group Policy for the computer is always updated when the system starts. Therefore, you will need to allow the GPO to update, then you can run a scanning through Network Discovery.

     

    SNMP Checklist (for retrieval of SNMP devices and monitoring setup)

    • Ensure Remote Registry can operate through Windows Firewall, and that third-party firewalls are disabled or configured similarly to Windows Firewall.
    • Ensure the desired monitoring agent is online.
    • Ensure the SNMP device hostname/IP address is correct.
    • Ensure the ports are open.

    Note: If an SNMP device that you want to monitor does not use SNMP v1 and "Public" as the Community String, the device will appear as a Workstation instead of an SNMP device in the Network Discovery scan.

     

     

     

    Still have a question? Contact us
    Alina Anton

    Related articles