To install LOGINventory you need administrative rights on a supported version of Windows (7 SP1 and higher). In principle, no Windows Server operating system is required, but recommended for productive operation.
On the hardware side, we recommend at least four logical processors and at least 4 GB RAM.
LOGINventory requires an existing Microsoft Net Framework 4.52 or higher and a Microsoft SQL Server 2012 SP4 database or higher.
A preconfigured Microsoft SQL Server 2012 SP4 Express Edition is already included in the setup of LOGINventory.
Of course, you can also use existing databases that meet these minimum requirements (see Database configuration).
- Microsoft .Net Framework 4.52 compatible PC with 4 or more logical processors
- 4GB RAM
- 10 GB available hard disk space
- Windows 7 SP1 (Internet Explorer 11 or higher required)
- Windows 8.1
- Windows 10
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Microsoft .NET Framework 4.52 or later
- Microsoft Powershell 4.0 or later
- Microsoft SQL Server 2012 SP4 or later (all editions)
- LOGINventory Database (included)
Prerequisites for Acquisition
Due to the agentless mode of operation, only network devices that have implemented one of the following remotely queryable interfaces can be captured:
- Windows RPC (WMI, Remote Registry)
- SNMP v1, v2c or v3
Devices where this is not the case - e.g. Fritz!boxes, non-manageable switches, Windows Home Editions, televisions etc. - cannot be captured in this way.
- Exchange 2010, 2013, 2016, 2019 (all editions)
- Windows Server 2003 / 2008 / 2012 / 2016 / 2019 (all editions)
- Windows XP / Vista / Windows 7 / Windows 8.x / Windows 10 (Pro, Ultimate, Enterprise)
- All with SNMP v1, v2c, v3
- Linux/Unix derivatives and MacOS with SSH and Perl 5.8 or later
- VMware vCenter or ESXi v5.x and 6.x
- XenServer 4.x or later
- x86 or x64 Intel architecture for local data acquisition via LOGINfo
- Any for remote data acquisition (IP scan)
The remote scan of Windows computers is configured and executed in LOGINventory via a definition of type Asset Inventory.
Since there are no "ReadOnly-Admins" in Windows, you always have to use an account with local administrator rights on the respective computers. This is the case, for example, with a domain admin.
An account that only has WMI rights is not sufficient, because LOGINventory uses additional sources to collect a complete picture of the entire software, hardware and configuration.
The necessary APIs are not available in Windows Home Editions, in all other Windows Editions at least the service "Server" or "File and Printer Sharing" must be started and of course no firewall must hinder communication.
How to configure the firewall properly is described in detail here.
In same domain - or with Trust
The scan within the same domain or other domains with trust status (Trust) additionally requires full access to Administrative Shares (C$, Admin$, ...). Alternatively, the "Remote Registry" service must be running. Attention: This service is "Disabled" by default from Windows 10 on.
In another domain - without Trust
In principle, the scan only works across non-trusted domain boundaries if there is full access to administrative shares (C$, Admin$, ...).
If you are experiencing errors 1312 or 1326 although everything might seem to be configured correctly, make sure to check the account you are using for the service
LOGINventory8-InventoryService. The used account needs to have administrative rights on the LOGINventory machine (with password). Do not use
Local Service or
For workgroup computers - or when capturing using the local account of the remote computer (also in domains):
- UAC-Remote must be disabled, i.e. in the registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, LocalAccountTokenFilterPolicy (DWORD)must be set to 1.
- In addition, the following policy must be set (e.g. locally via GPEDIT.EXE), which is always set like this for domain members: Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options / Network Access: Sharing and Security Model for Local Accounts = Classic
- The password of the remote administrator must not be empty.
Ports and protocols used for remote scan
TCP/IP (IPv4 or IPv6) and is used for acquisition:
- ICMP Echo Request (Ping)
Client for Microsoft networks
- TCP Port 139 (NetBIOS Session Services)
- UDP Port 137 and 138 (NetBIOS Name Server, NetBIOS Datagram)
- TCP Port 445 (RPC, WMI)
UDP port 161 (SNMP)
- TCP/UDP Port 22 (SSH)
- TCP/UDP port 443 (VMware vSphere)
Recommended as access test:
C:\> NET USE * \\\RemotePc-or-IP\Admin$ /USER:Domain\AdminAccount AdminPassword
C:\> WMIC /NODE:RemotePc-or-IP /USER:Domain\AdminAccount /PASSWORD:AdminPassword CPU
No further prerequisites need to be fulfilled on the respective computer when executing the logon or startup script. The executing account must only have the right to store the .INV file created during the entry in the "data directory" of the LOGINventory computer, i.e. have write access to the share and in the file system.
We recommend: Authenticated Users (= Domain User + Domain Computers) with write permissions ("Change")
Example for a logon script call
START /B \\loginventory-server\LI8DATA\LOGINFO.EXE
Windows Offline Agent
With the Offline Agent the inventory data can be delivered via http/https to a web server as well as to a file share. Also here the used account must have write permissions on the share and in the file system of the "data directory".
The definition type "Microsoft Exchange Inventory" is used in the Remote Scanner to inventory a complete Exchange organization. The account used requires membership in the role "View-Only Organization Management" or "Organization Management" in the Exchange organization. As the source, you only need to select one Exchange Server from the suggested list, the one with the highest version, but no Edge role. At the same time, the account on the Exchange Server computer - as always with Windows - must have local administrator rights.
VMware vSphere, ESXi
For VMware ESXi and vCenter there is the definition type "VMware vSphere Inventory" in LOGINventory.
The used account only needs "read only" rights.
Typically, when you capture ESXi or vCenter, the Job Monitor will display a "Warning: Invalid SSL Certificate" message if you are using SelfSigned certificates automatically created by VMware and have not yet used a trusted certificate authority. This warning does not affect the inventory.
An account with administrator rights on the XenServer is also required here.
To access the XenApp data on a corresponding Windows server, the account used in the "XenApp Inventory" method must have administrator rights on both Windows and XenApp.
Unix, Linux, MacOS
The acquisition of these systems via "Asset Inventory" is done via a Secure Shell connection, which transfers the acquisition script and the result data.
The prerequisites for this are general:
- Installation/activation of the SSH daemon (including share of port 22)
- Account with "root" rights (only with this account hardware information can be read)
- Program package Perl (from version 5.8)
Necessary existing commands:
which perl chmod cp gzip mkdir mv rm rmdir tar cut date head last uname
The authentication of the user for SSH is done alternatively by user name and password or by user name and key file as well as passphrase. On some systems the password authentication must be enabled separately, the authentication via key file with passphrase is in principle always possible.
Mac with OS X
The SSH daemon is activated by default. In
/etc/ssh/sshd_config the entry for
PasswordAuthentication must be activated and set to the value
yes. After a change a restart of the system or a restart of the daemon is not necessary.
The following actions must be performed to enable SSH:
- Firewall / Service / Share SSH daemon
For the password authentication the entry
must be changed in
PasswordAuthentication no -> yes
After a change a restart of the system or a restart of the daemon is necessary.
The activation of the SSH daemon must be done explicitly as follows:
sudo apt-get install openssh-server
Password authentication is activated by default here.
Red Hat Linux, CentOS
The SSH daemon and password authentication are activated by default.
The SSH daemon and password authentication are already activated by default. To use the user ID "root", however, the configuration of the SSH daemon must be adapted:
- In the file
/etc/ssh/sshd_configthe entry for
PermitRootLoginmust be set to
- In the file
/etc/default/loginthe entry for
CONSOLEmust be commented out:
- In the file
;type=rolemust be removed from the 'root' entry. This can be done with the following command:
rolemod -K type=normal root.
- Now you have to restart the SSH daemon:
svcadm restart svc:/network/ssh:default.
Troubleshooting Scanning Unix, MacOS and Linux
If the acquisition of these devices is not successful and the reasons are unknown, a dialog box can be used to search for errors. This window can be opened by selecting the Custom action "SSH Test" in the Failed Inventory
node for a failed asset or by selecting "SSH Troubleshooting" in the Job Monitor. The window can also be opened directly with the command
In the dialog that opens, different user names, passwords, key files, ports, timeouts, etc. can be tested. The messages show directly to what extent the inventory is successful with these values and parameters. If the inventory was successful, the result code 20300 is output.
Printers, Routers, Switches
These devices are usually captured via Asset Inventory using SNMP v1, v2c or v3. The SNMP v1/v2c API is standard in Windows and works without further configuration steps. Most printers have a SNMP v1/v2c ReadOnly community string "public" preset, which can be used to easily read the configuration.
This is usually not the case with routers and switches and must then be configured manually. We recommend using different community strings to select specific device types when capturing data. The default view (should be the OID 1) and the IP of the permitted management station(s), i.e. the LOGINventory computer (0.0.0.0 = all computers) may also have to be adapted.
If SNMP v3 is to be used, a NetSNMP Credentials user account can be used.
During the installation of LOGINventory different services are installed, which offer different functionalities.
|LOGINventory8 Inventory Service||This service starts the agentless acquisition of the devices. Among other things, it ensures that the inventory is carried out even if LOGINventory is not started.|
|LOGINventory8 Data Service||This service monitors the data directory and processes all .inv files stored there. This service must therefore run so that all newly recorded devices are also entered into the database and are thus available for evaluations. If several clients have been created, this service also monitors the different data directories and enters the data into the correct database.|
|LOGINventory8 Automation Service||This service performs all tasks and notifications, ensuring that emails are sent and exports and reports are stored in pre-defined locations.|
|SQL Server (LOGINVENTORY)||This service provides the SQL Server instance for LOGINventory.|
If several clients are created, additional instances of the LOGINventory8 Inventory Service and LOGINventory8 Automation Service services are also created, each of which applies to one client. They manage the recording and execution of the tasks accordingly.
Windows Firewall Configuration
Basic prerequisite for the acquisition of remote Windows computers: The service "Server" ("LanmanServer") must be running and access to administrative shares (e.g. IPC$, Admin$, C$) must be given.
If there are problems with the acquisition, we recommend to switch off the firewall temporarily in the active profile on a computer to be scanned and then run the scan again. You can disable the Windows Firewall from the Control Panel.
If the problem with the capture is then solved, the firewall should be configured accordingly for all computers.
Group policies can be used to deactivate the firewall in the domain network for all computers.
On all computers to be scanned, corresponding rules can be defined (manually or via group policies) that allow the connections required for the scan from the LOGINventory server (or for the entire server subnet).
This rule can be stored by opening the Advanced firewall settings:
- Define New Incoming Rule
- Select Custom; Next
- Select All programs; Next
- Protocol type: Select Any; Next
- For which local IP addresses does this rule apply? Any IP address (default)
- For which remote IP addresses does this rule apply? These IP addresses: here you enter the address (or subnet) of the LOGINventory computer, e.g.: 192.168.169.170 or 192.168.169
- Select Allow connection.
- In the next step check the Domain profile box
- Finally, a name must be specified for the rule, e.g: allow LOGINventory
Of course, you can also define this as a group policy in the domain. To do this, you must first have a domain controller, for example:
- Open Group Policy Management
- Navigate to the desired OU
- Create and link a Group Policy object here (name e.g. "Firewall") and then edit it:
- Navigate to Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall / Windows Firewall / Incoming Rules and select New Rule.
The further procedure then corresponds to the procedure described at the beginning of this chapter.
As a fallback method, if administrative shares are not available, data can also be collected via the remote registry. The service "RemoteRegistry" must be set to Automatic or Manual for the Start type.
This can also be done centrally via group policies under Computer Configuration -> Windows Settings -> Security Settings -> System Services.
This method requires a functioning trust between the computer to be scanned and the LOGINventory computer.
Log Files and Event Viewer
The individual modules of LOGINventory8 write log information into the directory
The LOGINventory Event Viewer can be started via the
LOGINventory Data Service icon in the task bar and via the LOGINventory ribbon menu under Extras. This also contains information about the program flow of LOGINventory and can provide valuable conclusions about error sources.
Structure of .inv Files
The recorded data of an asset is saved in .inv files and then entered into the stored database. A .inv file is basically an encrypted .xml file. These files can also be created by yourself to write data in LOGINventory with an external tool, for example. You can create a .xml file and rename it to .inv, e.g.
test.inv. When this file is moved to the Data Directory, it is automatically added to the database and a new asset is created in LOGINventory.
A .inv file can look like the following as an example.
<?xml version="1.0" encoding="utf-8"?> <Inventory xmlns="http://www.loginventory.com/schemas/LOGINventory/data" Version="8.0" Agent="Notepad" Account="Domain\user" Timestamp="2018-11-09T13:47:23Z" Duration="1000" > <Device xmlns="http://www.loginventory.com/schemas/LOGINventory/data/8.0/LogInfo"> <NAME>MyAsset8</NAME> <ARCHIVED></ARCHIVED> <DeviceInfo> <SERIALNUMBER>CZ3233TEYP</SERIALNUMBER> <ASSETTAG>Asset-CZ3233TEYP</ASSETTAG> </DeviceInfo> <NETWORK ADAPTER> <INTERFACEINDEX>1</INTERFACEINDEX> <NAME>NIC8</NAME> <IP>220.127.116.11</IP> <MAC>A0:05:CA:33:A8:AD</MAC> </NETWORK ADAPTER> <OperatingSystem> <NAME>Unknown OS</NAME> <Version>6.3</Version> </OperatingSystem> </Device> </Inventory>
Backup / Restore
In general, we always recommend to install LOGINventory on a Windows Server operating system and to use the normal daily data backup here as well. In exceptional cases, however, the installation can also be performed on a desktop operating system; however, no data backup mechanism is normally available for these. For such exceptional cases, where no backup procedure is available at all, we provide two batch files:
Restore-LIV.bat. These files are located in the subfolder "Resources" in the LOGINventory installation directory. With the help of these files, a simple data backup of the LOGINventory database, configuration and scan definitions can be performed if the following requirements are met:
- The supplied local database is used in the instance "LOGINventory".
- The name of the database is LOGINventory8.
- The executing user is a local administrator.
file will then do the following:
- Query the directory to which you want to back up;
- The central configuration files
Scandb.sdfare copied to the above directory;
- The "LOGINventory8" database from the "LOGINVENTORY" instance is saved in the above directory.
file then executes the following:
- Query the directory in which the backed up data is stored;
- The central configuration files
Scandb.sdfare copied back from the above directory;
- The "LOGINventory8" database from the "LOGINVENTORY" instance is restored from the above directory.