Windows proxy deployment

For detailed discovery of the Windows part of the target environment, BMC Discovery uses a Windows proxy, a discovery proxy that can be installed on any suitable Windows computer in the target environment. There are two Windows proxy types available, which you can select depending on whether credential, workgroup, or active directory security is used. The preferred approach is to use the active directory proxy installed as a service that is set to run as the discovery user. In this manner, a Windows administrator can set the user name and password, and it never has to be known or entered by a BMC Discovery administrator. In the case of the credential Windows proxy, user names and passwords for discovery are entered directly into the appliance UI.

The Windows proxy can be a physical or virtual server, and it can use an existing infrastructure server.

The following table provides information about the compatibility between Windows proxy types and versions, and the operating systems that the Windows proxy runs on for BMC Discovery.

Windows Proxy Type

Earliest Compatible Windows Proxy Version

Windows Proxy Available for Supported Operating System

Credential Windows proxy

11.0 — no actions required.

Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows 2012 R2
Windows 2012

Active Directory Windows proxy

11.0 — no actions required.

21.05 — for PowerShell support. See Windows proxies and PowerShell discovery.

Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows 2012 R2
Windows 2012


The Workgroup Windows proxy is no longer supported. Running the Active Directory Windows proxy under a Workgroup account provides exactly the same functionality as the old Workgroup Windows proxy.

Network ports used for discovery communications

Minimum host specification

The following are the minimum recommended specifications for the Windows proxy host:



Operating System

As stated in tables above


2GHz Intel Pentium® 4 CPU 512k Cache (or equivalent from other manufacturer)



Hard disk


To avoid any impact during resource-intensive periods of discovery, we recommend not to install the Windows proxy on any host supporting other business services. This is true even if the minimum Windows proxy specification is exceeded, since the Windows proxy will attempt to use what resources are available, in order to optimize scan throughput.

Windows discovery communications

You should also consider the ports that will need to be opened in any firewall between the appliance and the proxy or proxies, and the proxies and target hosts.

Windows discovery metadata

Discovery metadata covers Windows as well as UNIX. This provides information about why sessions failed to be established and why scripts failed to run, including information about what credential or Windows proxy was used.

Windows proxies and PowerShell discovery 

For PowerShell discovery, the BMC Discovery version 21.05 Windows AD proxy does not issue discovery commands and return processed results. It acts as a proxy, simply forwarding the PowerShell commands to be run on the target host, and returning the raw results to the BMC Discovery appliance or BMC Discovery Outpost that initiated the scan. Where discovery is using an earlier AD proxies, and a  pattern uses a PowerShell script, the proxy attempts to run the PowerShell script using the PowerShell executable on the target.

When you use discovery in Record/Playback mode for PowerShell discovery, this is done in the 21.05 Windows AD proxy.

Was this page helpful? Yes No Submitting... Thank you