PDQ Inventory requires an administrator account in order to scan computers. PDQ Inventory can store multiple sets of credentials which can then be used by different computers.
This graphic shows the different components of PDQ Inventory and which credentials are used when.
Console - Current User
The console runs with the credentials of the user currently logged into the console computer. Most importantly, this user needs read/write access to the database, which is, by default, limited to the local administrators group.
Service - Service User
This user account is used for the Windows service which is the actual process that executes scans. Like the console user it needs to be able to read and write the database. It can be the same user as the console, but it can be a different account. This account needs to have the Log on as a service privilege so it may need to be a special user created for the purpose as some organizations prevent normal users from having this privilege.
Connection - Scan User
The scan user is the one selected for the target computer (or the default user if one hasn't been selected). It is this account which is used to connect to the target computer and copy over the necessary files and start the remote service. This user must have administrative rights on the target computer, which are needed to copy files to the ADMIN$ share and create and start the remote service. It can be a user account local to the target computer (see below) or a domain user if using Active Directory.
Remote Service - Local System
The remote service is the process that performs the actual scan on the target computer. The Local System account is used for the scan as it has all of the necessary rights to read the computer's inventory.
Default Credentials
One set of credentials will be set as default (the first credentials entered will be default). These credentials will be used when none are specified. For example, if there the credentials used by a schedule are deleted then that schedule will fall back to using the default credentials.
Local Accounts
PDQ Inventory can use local (non-Active Directory) accounts for authentication. Credentials are considered to be local if they have no domain or if they have a domain that starts with a period (.) This will allow for the saving of multiple local accounts with the same name.
Example: The top three localadmin accounts can all have different passwords.
See Also