Assets prerequisites for agentless connections

Flows matrix

This matrix sums up the flows that may be required to monitor assets using agentless connection, based on the equipment type.

Software prerequisites

• Operating System among those covered in the list of supported operating systems
• SSH service enabled on Linux / UNIX, WinRM service enabled for Windows (PowerShell command: Enable-PSRemoting -Force), SNMPv3 enabled for network devices
• Additional requirements for Linux:
  • Valid SSH account with login/password or public/private key authentication
  • Sudoers rights WITHOUT TTY if you want to deploy security fixes with Cyberwatch (optional)
• Additional requirements for Windows:
  • Valid local or domain WinRM Administrator account, with “NEGOTIATE” authentication mode
  • The account provided MUST have administrator rights
  • The Windows Update service (wuauserv) must be activated
  • PowerShell v2 or higher must be installed, can be downloaded on the official Microsoft Update Catalog website
  • Windows Update Agent v6.1.0022.4 or higher must be installed

Windows Server 2008 assets also must support SHA-2 hash algorithms as described in the official Microsoft documentation. In summary, three updates are required:

• SHA-2 Code Signing Support, by installing KB4474419
• January 2020 (monthly rollup) update by installing KB4534310 on Windows Server 2008 R2 SP1
• SHA-2 Related Servicing Stack Updates
  • by installing KB4490628 on Windows Server 2008 R2 SP1
  • by installing KB4493730 on Windows Server 2008 SP2

Requirements for Windows Server 2012 and Windows Server 2012 R2 to enable WUA scans

To guarantee that Windows Update Agent is fully operational, Windows Server 2012 and 2012 R2 need a cumulative monthly rollup update that is equal or more recent than:

• KB4493451 for Windows Server 2012
• KB4015550 for Windows Server 2012 R2