Merge pull request #899 from ritza-co/1033-windows

Nadia-JSch · web-flow · commit 7f9320f85594 · 2025-08-25T17:12:57.000+02:00
1033: non-admin user permission; windows-and-hyper-v-auto-discovery
diff --git a/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx b/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx
@@ -10,7 +10,7 @@ Device42 discovery uses multiple protocols to communicate with the target device
 
 ## Prerequisites
 
-When using WMI, you need to install Windows Discovery Service (WDS) and connect to your Remote Collectors (RCs) before setting up your Windows discovery job. For WDS installation instructions and information, visit the [Windows Discovery Service Installation](/getstarted/installation/windows-discovery-service-installation.mdx) documentation.
+When using WMI, you need to install the Windows Discovery Service (WDS) and connect to your Remote Collectors (RCs) before setting up your Windows discovery job. For WDS installation instructions and information, visit the [Windows Discovery Service Installation](/getstarted/installation/windows-discovery-service-installation.mdx) documentation.
 
 ### WinRM Network Requirements
 
@@ -374,7 +374,7 @@ If you discover servers that do not belong to a domain, your User Account Contro
 
 ### Windows ADM Minimum Permissions
 
-There are two options for configuring ADM permissions. The first option uses local administrative permissions and the `IPC$` and `ADMIN$` shares. The second option lets users configure their own shares.
+There are two options for configuring ADM permissions for admin users. The first option uses local administrative permissions and the `IPC$` and `ADMIN$` shares. The second option lets users configure their own shares.
 
 For the local administrator method:
 
@@ -398,6 +398,20 @@ sources={{
 }}
 />
 
+While it's best to use an admin account for complete discovery, you can try the following workaround to grant a non-admin user permission for service discovery. 
+
+Use the `sc.exe sdset scmanager` command to grant `SC_MANAGER_CONNECT` permission to the user:
+
+- First, [find the SID](https://www.ninjaone.com/blog/how-to-find-user-security-identifier/) of the non-admin user account that you want to grant permission. 
+
+- Next, as an admin user, add the non-admin user's SID to the following command and execute it in PowerShell:
+
+    ```bash
+    sc.exe sdset scmanager "D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)(A;;CCLCRPRC;;;SID_OF_DISCOVERY_USER)"
+    ```
+
+- Then try running the discovery process again as the non-admin user.
+
 ### Port Matrix
 
 | Ports    | Protocol | Application Protocol      | Notes                                                                   |
