Server Inventory : without installing "Service" only SNMP Possible ?

[mviel]

hi , 

is it possible to scan Servers just by the SNMP without installing "the Service" ?  

In our enviroment we had some Problems with the "service" Installation of other Software, and as your Product support SNMP Scan, we have the question if then the Service Installation is still necessary ? 

Regards

[Support]

Hello,

Though it is possible to scan Windows systems via SNMP, we have not worked out this approach too deeply. You can enable "Full SNMP scan" in "Options - SNMP", scan the system, and then you will be able to see all collected information in "Viewer & reports - SNMP tree", but it won't be broken down by categories as if it was scanned with our agent (service) or even agent-free (via WMI). Such asset (scanned via SNMP) won't be treated as Windows system by the program, it will be treated as a generic network device.

We have not been reported any problems with scanning servers with our agent (service), so it is safe to use such scan option.

[mviel]

Hi Zak, 

actually we are looking for an Agent-free( no Service installed ) solution for the Server enviroment and and Agent ( Service ) approach on the Workstation site .  

Maybe you point me to the " ...  agent-free (via WMI). " Approach you mentioned above , as I tried some in the Setting on the Trial Version but the Info tells me "Service install" on every approach , so maybe you can assist me ? 

Thanks for the fast response

[Support]

Unfortunately it is not possible to use agent and agent-free approaches at the same time on different target machines. For example, to use only agent (service) scan, you would go to "Options - Scanner" and enable the option "Disable the RPC protocol for scanning of Windows computers". To use only agent-free (WMI) scan, you would need to rename or remove the file "tniwinagent.exe" in the program's installation directory. But it's not possible to use both these approaches simultaneously, or specify which one should be used on which computers. Perhaps we can add such possibility in the future.

Take note that the agent-free WMI scan collects more information than the SNMP scan (besides the fact that SNMP-collected information is not structured), and the agent (service) scan collects more information than the agent-free WMI scan (like disk drives S.M.A.R.T. data, memory modules SPD data, etc). So the agent scan is recommended, and should not cause any problems.

[mviel]

Hi, 

thanks for the Feedback 

I disabled the "Disable the RPC protocol for scanning of Windows computers" and renamed the "tniwinagent.exe" File, now I get an Error Code "Scan Failed: SMB "tniwinagent.exe" is missing , maybe i have to disable another Option Scanner ? 

If that is the wrong Place to ask such question , please advice me 😉

Regards

[Support]

I just mentioned that it is not possible to use both these approaches at once, so why do you try to do this? It will not work, it will not be able to scan Windows at all.

You should EITHER check the option to disable RPC protocol (which actually disables the agent-free scan and thus makes it use agent service scan only), OR rename tniwinagent.exe so that the program could not use the agent service scan. But not both.

[mikeh]

I have a questions relating to the service install that mviel is talking about. I've noticed that when I run a scan on my networked computers it always says "Installing service" and then scans the computer after the service is installed. I'd like to know where this service is installed on my networked computers and if the service is removed or un-installed after the scan is finished? I thought that most of the data being added to TNI was being pulled via WMI, but on the computers that its not I'm basically installing spyware or malware on my own machines, at least that's what it feels like.

[Support]

mikeh,

There is an answer to your question in the documentation:

https://docs.softinventive.com/tni/techpaper/scanning-microsoft-windows-assets/

Quote

Remote scanning via SMB protocol

How it works

1. Executable tniwinagent.exe (agent) is uploaded to the administrator share admin$ on the remote computer.
2. TNI main unit connects to the Service manager on the target PC, installs the agent as a service and starts it.
3. The agent gathers data and saves it into a compressed file. Then it stops.
4. Main unit imports the resulting file into the storage.
5. Agent service is uninstalled, executable is deleted.

 

No trace of scanning is found on the target PC after the scan is finished.

Agent-free scan method (RPC protocol) uses only WMI, while agent scan method (SMB protocol) uses WMI, Windows API, and a temporarily installed driver to collect most detailed and accurate information that is not possible to collect using WMI only. Besides, agent method generates less network traffic, apart from uploading the agent itself. However, we are going to add an option to keep the agent on remote computers to save traffic on subsequent scans.

[mviel]

Hi Zak, 

I try to get that "Agent Free scan method" working pointed out by you   , but even after "renaming" the tniwinagent.exe so it is not usable , I receive an Error concerning that given "EXE", so I would think I still have some options on which should be disabled. 

Is there a "best practices" or "HOW TO" so I can do it step by step . ( That is a must have feature for us, as there are strong "NO-GO" for the Service Installation on Production Servers ) 

Regards

[Support]

Hi mviel,

As specified before, unfortunately there is no predesigned way to disable SMB scan (agent/service) on specific computers or even completely. So the only way is to delete or rename the "tniwinagent.exe" file in the TNI installation directory. After this you will receive a warning (not an error) in the scanner log that this file is missing and that the program falls back to the RPC method. This message does not prevent the program to scan by RPC, it is by design. But make sure that the option "Disable RPC protocol for scanning of Windows systems" is unchecked in "Options - Scanner", otherwise you are technically disabling both methods and it will not scan Windows at all.

[mviel]

Hi Zak, 

we are doing another Test, as we read that there is also some way to query the Information via WMI , instead of the client . 

From the Whitepaper :  https://docs.softinventive.com/tni/techpaper/

3.2. Agent-free method

When using this method of connection, TNI connects directly to the WMI service via RPC protocol. All

information is gathered remotely and no files are uploaded to the remote computers.

 

How do we configure it in the current Software release ? 

[Alex]

On 2/22/2016 at 5:02 PM, mviel said:

Hi Zak, 

we are doing another Test, as we read that there is also some way to query the Information via WMI , instead of the client . 

From the Whitepaper :  https://docs.softinventive.com/tni/techpaper/

3.2. Agent-free method

When using this method of connection, TNI connects directly to the WMI service via RPC protocol. All

information is gathered remotely and no files are uploaded to the remote computers.

 

How do we configure it in the current Software release ? 

Hi mviel,

Thanks for your message.

You still need to rename the tniwinagent.exe file in the TNI installation folder to force the agentless (RPC) scanning.