Understanding Endpoint Security network discovery
This article explains how Control Center displays all your company's computers in Network Inventory.
Security for Endpoints includes an automatic network discovery mechanism intended to detect workgroup computers.
Security for Endpoints relies on the Microsoft Computer Browser service to perform network discovery. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed by running the net view command in a Command Prompt window.
To enable network discovery, you must have Endpoint Security already installed on at least one computer in the network. This computer will be used to scan the network.
In order to successfully discover all the computers (servers and workstations) that will be managed from Control Center, the following are required:
- Computers must be joined in a workgroup or domain and connected via an IPv4 local network. Computer Browser service does not work over IPv6 networks.
- Several computers in each LAN group (workgroup or domain) must be running the Computer Browser service. Primary Domain Controllers must also run the service.
- NetBIOS over TCP/IP (NetBT) must be enabled on computers. Local firewall must allow NetBT traffic.
- File sharing must be enabled on computers. Local firewall must allow file sharing.
- A Windows Internet Name Service (WINS) infrastructure must be set up and working properly.
For Windows Vista and later, network discovery must be turned on (Control Panel > Network and Sharing Center > Change Advanced Sharing Settings).
To be able to turn on this feature, the following services must first be started:
- DNS Client
- Function Discovery Resource Publication
- SSDP Discovery
- UPnP Device Host
- In environments with multiple domains, it is recommended to set up trust relationships between domains so that computers can access browse lists from other domains.
Computers from which Endpoint Security queries the Computer Browser service must be able to resolve NetBIOS names.
NOTE: The network discovery mechanism works for all supported operating systems, including Windows Embedded versions, provided the requirements are met.