Enterprise Reporter 3.2.1 - Installation and Deployment Guide

Table 10. Credential Use and Required Permissions
Credentials	Used For	Permissions Needed
Logged in user	Installing the components of Enterprise Reporter	Administrator access on the local computer.
	Creating the Enterprise Reporter database, roles and logins on the SQL Server® (unless SQL credentials are provided)	Must have the right to create databases, logins and groups.
	Creating the security groups	Depends on the type of groups that are chosen, but must have the right to create groups in the chosen environment.
	Securing the Configuration Manager and the Report Manager. The logged in user is added to the Reporter_Discovery_Admins, Reporter_Reporting_Admins, Reporter_Reporting_Operators, and Reporter_Discovery_Nodes security groups as an administrator for both consoles when installing the server.
Service Account Supplied during installation	Installing and running the Enterprise Reporter server	Login as service right is conferred on the service account by the logged in credentials during installation.
	Connecting to the Enterprise Reporter database (unless SQL permissions are provided)	Read and write permissions are automatically granted during database creation.
	Securing the Configuration Manager and Report Manager. The service account is automatically added to the Reporter_Discovery_Admins, Reporter_Reporting_Admins, Reporter_Reporting_Operators, and Reporter_Discovery_Nodes security groups when installing the server.
Optional SQL credentials Supplied during installation	Can be used to create the Enterprise Reporter database	Must have the right to create databases, logins and groups.
Optional SQL credentials Supplied during installation	If supplied, are used to connect the database by the Enterprise Reporter server.	Read and write permissions are automatically granted during database creation.

Port Requirements

For the Enterprise Reporter components to communicate, some ports must be open.

•

The default port used for communication between the server and the consoles is 7738. This port is also used by the nodes to access the server. The port is configured during installation of the server, and is required in the connection dialog box for both the Configuration Manager and the Report Manager.

You can view the port currently in use on the System | Information page in the Configuration Manager, and the System Information tab in the Report Manager.

•

The default port used for communication from the Enterprise Reporter server to the nodes is port 7737. This port may be configured during installation.

This figure outlines the ports used by the Enterprise Reporter components.

Figure 3. Ports used by Enterprise Reporter components.

*For more information on ports used when creating a discovery, see Table 11.

**For more information on ports used during data collections, see Table 12.

This table outlines the ports used by all of the Enterprise Reporter components.

Table 11. Ports used by Enterprise Reporter components
			Configuration Manager¹	Report Manager	SQL Server	ER Server	ER Nodes
Application	Port	Type	Components
FTP	20, 21	TCP		X
SMTP	25	TCP	X	X		X
WINS / NetBiOS Name Resolution	42	TCP UDP				X
DNS FQDN Resolution	53	TCP UDP	X	X		X
Kerberos	88	TCP UDP	X			X
RPC Service & Endpoint Mapper / WMI	135	TCP UDP	X
NetBIOS Name Service	137	UDP				X
NetBIOS Datagram (browsing)	138	UDP	X
LDAP	389	TCP UDP	X
SQL	1433	TCP		X	X	X	X
SQL Server Browser Service	1434	TCP UDP	X	X
Enterprise Reporter Node	7737	TCP				X	X
Enterprise Reporter Server	7738	TCP	X	X		X	X

For the Configuration Manager, also include the ports listed in Table 12.

This table outlines the ports used by all of the Enterprise Reporter discoveries.

Table 12. Ports used by Enterprise Reporter discoveries
			Active Directory	Azure Active Directory	Azure Resource	Computer	Exchange	Exchange Online	File Storage Analysis	NTFS	OneDrive	Registry	SQL Server
Application	Port	Type	Discoveries
WINS / NetBiOS Name Resolution	42	TCP UDP	X			X	X		X	X		X	X
DNS FQDN Resolution	53	TCP UDP	X			X	X		X	X		X	X
HTTP	80	TCP		X	X		X*	X			X		X
Kerberos	88	TCP UDP	X			X	X*		X	X		X	X
RPC Service & Endpoint Mapper / WMI	135	TCP UDP				X	X**		X	X		X	X
NetBIOS Name Service	137	UDP	X			X	X		X	X		X	X
Remote Registry	139	TCP				X	X		X	X		X
ICMP						X			X	X		X	X
LDAP	389	TCP UDP	X			X	X		X	X		X	X
HTTPS	443	TCP UDP		X	X						X		X
SMB / Remote Registry	445	TCP	X			X			X	X		X	X
LDAP Secure	636	TCP	X
DCOM on XP/2003 and below (uses an open port in this range)	1024 - 5000	TCP UDP				X	X		X	X			X
SQL	1433	TCP	X	X	X	X	X	X	X	X	X	X	X
SQL Server Browser Service	1434	UDP											X
LDAP GC	3268	TCP	X				X
WinRM	5985 5986	TCP UDP						X					X
Exchange PowerShell	12067	TCP					X**
DCOM on Vista/2008 and above (uses an open port in this range)	49152 - 65535	TCP UDP				X	X		X	X			X

*Exchange 2010 and higher, **Exchange 2007 only

The following figures outline the ports used by the Enterprise Reporter discoveries.

Figure 4. Ports used by Active Directory collections

Figure 5. Ports used by Azure and Office 365 collections (Exchange Online, MS Teams, and OneDrive)

Figure 6. Ports used by Computer collections

Figure 7. Ports used by Exchange collections

Figure 8. Ports used by File Storage Analysis collections

Figure 9. Ports used by NTFS collections

Figure 10. Ports used by Registry collections

Figure 11. Ports used by SQL collections

Firewall Requirements

The following changes are required to be made to the Windows Firewall settings to allow Enterprise Reporter to return all available data during a discovery. Without these settings, the data returned during a discovery will be limited and the discovery will indicate the following error:

•

The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Table 13. Firewall requirements for a discovery
Operating System	Firewall Requirement
Windows 2019	Start \| Settings \| Network & Internet Select Windows Firewall Scroll down and select Allow an app through firewall Select Windows Management Instrumentation (WMI) and File and Print Sharing (if not already selected) The check box in the Domain column will be selected. Click OK.
Windows 2016	Start \| Control Panel \|System Security Select Allow an app through Windows Firewall Select Windows Management Instrumentation (WMI) and File and Print Sharing The check box in the Domain column will be selected. Click OK.
Windows 2012 and Windows 2012 R2	Start \| Control Panel \| Windows Firewall. Select Allow an app or feature through Windows Firewall. Select Windows Management Instrumentation (WMI). The check box in the Domain column will be selected. Click OK.
Windows 2008 R2	Start \| Control Panel \| System and Security \| Windows Firewall. Select Allow a program or feature through Windows Firewall. Select Windows Management Instrumentation (WMI). The check box in the Domain column will be selected. Click OK.
Windows 2008	Start \| Control Panel \| Windows Firewall. Select Allow a program through Windows Firewall. Select the Exceptions tab. Scroll down and select Windows Management Instrumentation (WMI) and click OK.
Windows 2003 and Windows 2003 R2	Run the following command-line context: netsh firewall set service type = remoteadmin mode = enable
Windows 8, Windows 8.1, and Windows 10	In the lower left hand corned of the screen right click and select Control Panel. Select System and Security \| Windows Firewall. Select Allow a program or feature through Windows Firewall. Select File and Printer Sharing and Windows Management Instrumentation (WMI). The checkbox in the Domain column will be selected. Click OK. Start the Remote Registry service and set it to Automatic. This step is required to collect data such as installed software, event logs, and security policies.
Windows 7	Start \| Control Panel \| System and Security \| Windows Firewall. Select Allow a program or feature through Windows Firewall. Select File and Printer Sharing and Windows Management Instrumentation (WMI). The checkbox in the Domain column will be selected. Click OK. Start the Remote Registry service and set it to Automatic. This step is required to collect data such as installed software, event logs, and security policies.
Windows Vista	Start \| Control Panel \| Security \| Windows Firewall. Select Allow a program or feature through Windows Firewall. Select the Exceptions tab. Select File and Printer Sharing and Windows Management Instrumentation (WMI). Click OK.
Windows XP	Start \| Control Panel \| Security Center\| Windows Firewall. Select the Exceptions tab. Select File and Printer Sharing. Click OK.

Database Requirements

The Enterprise Reporter server requires a database to store configuration specifications and the information that will be collected from your network environment. Before you install Enterprise Reporter, determine where you will set up your database. It should reside on a SQL Server® that is accessible from the computer running the Enterprise Reporter server. For more information, see SQL Server Supported Versions .

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Enterprise Reporter 3.2.1 - Installation and Deployment Guide

Minimum Permissions for Initially Installing Enterprise Reporter

Port Requirements

Firewall Requirements

Database Requirements