Help: DomainScan Setup
DomainScan - Server monitoring

Setup is divided into 4 main sections:
  • Client: Changes to this group will only affect DomainScan Client, and changes are applied instantly

  • Service: In this group, service file setup and database location is set.

  • Database: In this group, information about the mounted database is shown. Database and engine setup is also placed in this section.

  • Information: In this group, information about DomainScan can be found, as well as information from GH Software.

Client up

Behavior up

Default database

The name and location of the default database

Mount automatically
If checked, then the default database will be mounted automatically when DomainScan Client is started.

Note: It's highly recommended not to disable these options

Synchronize automatically
If enabled, then DomainScan Client will automatically update the current view when the data from a new scan is available.

Commit pending changes
If enabled, then DomainScan Client will automatically pre-commit pending changes, so that the interface reflects the most current information. It is not recommended to uncheck this option.

Default paths
This option is only in effect if an offline database is mounted. In that case, DomainScan will not be able to identify where per-device files and log files are located.
When this option is enabled, DomainScan will then presume that all files are located in the same folder as the database.

Detect database location automatically
If the database is located on a remote server then enter the name of the server in the box, and click on Detect. DomainScan will then try to fetch the database location and name of the database and insert the name as the default database.


Start with Windows
Enable this option to start DomainScan when you log onto Windows.

Start with Setup Wizard
If enabled, then the Setup Wizard will be launched when DomainScan is started.

Tray icon

Show tray icon
If enabled, then this icon will be shown in the system tray.

Minimize to tray
If enabled, then DomainScan will minimize to the tray, and not the task bar.

Show a message if Events are detected
If enabled, then a balloon will be shown if events are detected.

User interface up


Background color
If a filter is active, then the background color will be painted with this color instead of the normal white color.
Incidentally, when white is selected as background color, then DomainScan will no longer notify if a filter is active.

Don’t change the background color, if only obsolete members are hidden.
If set, then the background color will not change if it’s only obsolete devices / users that are omitted from the view in the main window.

Regression line in Trend Graphs
If this option is enabled, then the trend graphs in the main Window will be set to show a regression line, which can be used to visually see how the current trend is.

Week numbers in calenders
If enabled, then all date pickers throughout DomainScan will show week numbers

Device and user tracking and audit

Days to show by default
Set the number of days that the timelines must show by default. The default value is 7 days.

Main window

Remember window size
If checked, then DomainScan will remember the size of the main dialog.

Show details in Dashboard
If selected, then the Dashboard will show details about devices and users.

Format device and user backgrounds
If selected, then the background will be drawn with different colors. If disabled, then the background will only be white.

Highlight servers
If selected, then all servers will be shown with bold text for easier detection of servers.

Show balloon tips
When this option is disabled, DomainScan will not show a popup balloon tip when a device, user, monitor or news item is selected in the main window.

When the option is enabled, DomainScan will show a balloon tip with information about the selected item – unless the overview panel is active, as the information is also shown here.

Show balloon tips instead of normal tips
Uncheck this option to disable the popup balloon in the main window. If the option is disabled, then a normal ‘Hint’ message will be shown instead.


Days to show by default
Set the number of days that the Information panel must show by default. The default value is 7 days.

Field chooser up

Here one can select the columns that are to be shown in the device and user windows in the main dialog.

In Field chooser one can select whether to alter device or user columns.

If either of the buttons are clicked, the selection list will be reset. Nothing will be saved unless Apply is clicked.

The selection list contains two lists: Available and Selected.

Available items are the one that are not shown in the main dialog, but one can add items by either double-clicking on an item or by selecting the item and afterwards pressing +.

Selected shows current columns and the order in which they are displayed. To remove an item from the list, either double click on the item, or select an item and click .

One can also change the display order. To do this, select an item, and click on Up or Down in order to reorder the item.

In the main dialog, one can also drag columns to a new position. The new position will automatically be saved.
If you hover above an item, detailed information about the item will be displayed.

Service up

Service installation up
DomainScan services

DomainScan consists of two parts, the Client and the Engine.

The Client is the graphical user interface, and the Engine is the system that monitor and scans the network.

The Engine is installed as two Windows Services, and consists of a Control engine (a watchdog service) and a Scanning engine.

The Control engine is installed with default service permissions, and is responsible for making sure that the Scanning engine is running periodically and is running correctly.

The Control engine must run all the time.

The Service engine must be installed with privileges that allows for the service tointeract with the network, and, depending on the way that you intend to configure DomainScan, with privileges that allows for DomainScan to connect and extract information from remote devices via the WMI interface.

The privileges that allows for this is different for each version of Windows, but administrator privileges will always work.

One can also set privileges within DomainScan, and specify different logon settings for each domain or even each device.


For DomainScan to run correctly, DomainScan Service must be installed on one server in the network. The service must also run with privileges that at least grant read-permissions on the devices that are to be monitored, but full domain-admin permissions are recommended.

To install the service, enter username and password and press Install. The status of the operation will be showed in the above 2 panels

If no username is set, then the service will be installed with the default service credentials login (most likely Local System).
However, this login cannot be used across the network as these credentials will not work on remote devices.

Therefore, one must assign a username that can be used to access remote computers.

One can also assign individual login accounts in Security, but it is recommended that the service runs with credentials that make it possible for DomainScan to access remote device without having to negotiate an alternative login.


In case that DomainScan is to be removed from the server, then it is important to remember that the service must be installed prior to running the uninstall file to make sure that the uninstall process runs correctly.

Settings up

Connect as

By default, DomainScan will use the security settings that the service is started with – i.e. the value set in Run as in Service setup. However, if DomainScan must use another setting to connect to remote devices, then a connection can be selected here.

If a Connect as is specified, then DomainScan will most likely fail to monitor the host server because WMI does not allow for alternative login credentials on the local device.

Note: The use of an alternative logon credentials is not used when DomainScan is searching the registry for the current user (see User detection fix in Advanced Options)

Scan interval

Set the time of rest between network scans. By default, the idle time is 5 minutes, but any number between 1 and 45 can be used.

Please note that the absolute scan interval is the idle time + the time a full scan takes, which will vary during the day, and this interval cannot be set.


DomainScan Service is monitored by a watchdog service (DomainScan Control Service) that monitors the state of the service, and is capable of terminating the service if it becomes unresponsive.

By default, the watchdog service will terminate DomainScan 5 minutes after its last tick (which is executed often during the scan).
However, on “difficult” networks (slow networks, networks with a complex topology, etc.), then 5 minutes may be too low, and one can increase the time that DomainScan is allowed to be unresponsive.

Trend Graph

If enabled, then the Trend graph file will be written with information about the number of devices, computers, users and more, which can be used to track network usage during time.

Log settings up

Event logs

Enable event log (_events.csv)
If set, then all events and notifications will be written to a common CSV formatted event file. The event file will be placed in the log folder.

Enable per-device folders and logging (Events.csv in device specific folder): If enabled, then all events and notifications will also be written to a device specific event file. This file will be placed in [Other files]\Devices\[Device name].

The CSV format allows for the file to be exported to a number of 3rd party tools. For instance Excel will be able to open it with minimal conversion (data to rows).

See the document on the GH Software website for format specifications.

Service log

Enable service log file
Enable this option to write log information to a separate log file. The log file will have the same name as the database, but with a .log suffix instead of a .gdb suffix.

Add time stamp for each log entry
If enabled, then each entry in the log will be prefixed with a timestamp that corresponds to the time when the entry was created.

Log level
A number between 1 and 9.
Level 9 is the level where most information will be written, and is not recommended unless runtime-problems are detected that needs to be solved. By default level 3 is selected, which will write basic runtime information.

Discovery up

Discovery methods

To gather device names on the network DomainScan can use multiple input interfaces, and all interfaces are enabled by default.

Probe all devices in each scan cycle
If this option is enabled DomainScan will try to scan every known device in each scan cycle, even devices that are not otherwise listed as online.

This option makes DomainScan less dependable on the Windows network browser service, which in turn may lead to better network monitoring, due to the fact that DomainScan will discover more devices correctly.

The downside of this option is that it may lead to longer scan times.

Obsolete devices are excluded from this option.

Windows Network
The interface that will query the host server for a list of known computers and devices.

Information, that is returned from this interface, will contain device names, domain and workgroup names for all devices that publishes itself to the network via the lan-manager protocol (used by all Windows versions).

If the network is a Directory enabled network, then this list will also contain names from other networks that are trusted by the domain.
Auto rediscover
Set this option to instruct DomainScan to include online device in the next scan cycle.
By using this option, one is less dependent on the Browser service, due to the fact that DomainScan will try to scan devices that are known to be online in recent time.

A device will automatically be included for scanning for up to X minutes after it detected as online. X is set in Rediscover period option.

The rediscover option may result in a slightly longer scanning period, due to the fact that DomainScan will try to discover devices that may be offline.
Device and Computer lists
Network equipment, such as printers, switches and routers are normally not discovered by the Windows Network.
To include these devices, or devices that are to be scanned regardless of their presence in the network list, one or more device list files can be created.

For detailed usage information and details about device and computer lists, see Technote #3 on the GH Software website.

HOSTS file
When this option is enabled, then DomainScan will parse the HOSTS file for possible devices to monitor.
DomainScan will only add devices from the HOSTS file to the database if the device name is responding.

Click on Browse to open the HOSTS file.

Always detect host
When this option is enabled then DomainScan will always make sure that the host server is found during device discovery.

If the option is disabled, and no device lists are configured, then it’s up to the Windows browser service to provide the list of devices, which may not contain the host server.

Devices to ignore

The ignore list is used to define computers that DomainScan is to ignore.
Any device or domain that is in the ignore list will be completely ignored by DomainScan Service.

Access control up

DomainScan Client – Update access

By default, only the server, where DomainScan is installed will be able to alter the database setup.

DomainScan Client will automatically detect whether or not it is allowed to make changes. If it isn’t, then update functionality will be disabled, and the Client will run in read-only mode.

This is useful if DomainScan is to be used by support personnel that cannot be granted administrative rights.

An alternative way to restrict access to DomainScan, is to share the database folder, where the share access rights is limited to read-only access

Some settings are stored in the registry on the server where DomainScan Client is installed. Separate measures must be performed to assure that unwanted personnel do not have write-access to the registry.
However, if DomainScan Client isn’t allowed to make changes neither updates to the database or the registry will be performed.

It is possible to mount the database without having access to the registry. In that case, then DomainScan will mount the database in read-only mode.


By default DomainScan will deny updates from all remote devices, except for the ones that are explicitly allowed. That is, if a device manages to add data to be committed, then these changes will be discarded by DomainScan Service.

To reverse this method of update control, click on Allow, which will grant all devices commit update access, except for the devices that are added to the access list.

Kiosk options

If a remote DomainScan Client mounts a database that it doesn’t have write-access to (as set by Update access option), then DomainScan Client will run in Kiosk mode – that is, all functionality that otherwise would update the database is turned off. Furthermore, some parts of DomainScan can be hidden, as defined by the Kiosk settings.

Disable 'Service Panel'
If selected, then the Service panel in then main window will not be visible

Hide 'Advanced Options'
If selected, then the Advanced Options page in Preferences will be hidden

Hide 'Security'
If selected, then the Security page in Preferences will be hidden

Disable 'Notes'
If selected, then Device and User notes will be hidden

Disable 'Domain Report'
If selected, then the Domain Report option will be disabled

Disable 'Data analysis'
If selected, then all Data analysis reports will be disabled

Security up

In security, different login credentials can be defined, and used various places of DomainScan.

Alternative login credentials can be used globally, or for specific parts. A security object can be assigned to a device or a monitor if it requires an alternative login. A security object can also be assigned a domain, so that any member in the domain uses that alternative security object.

To define a security object, click New, and assign a name for the object.
Assign username and password and press Save to save the security object.

The password is stored by DomainScan and is encrypted.

A security object that is in use cannot be deleted.

Edit logins

Enter the username and password, which will be used to connect to devices.

Optionally, one can assign a Security name, which is an optional option that can be used if needed.

If one uses administrator to connect to both a mail server and file server, but with two different passwords, then one can easily differentiate between these two logins by assigning a Security name the two logins – for instance “Mail server” and “File server”.

Use for WMI: Select this option, if the security login can be used for WMI connections.
Use for SNMP: Select this option, if the security login can be used for SNMP connections.
Use for SMTP: Select this option, if the security login can be used to connect to a mail server.

Disable: If this option is selected, then DomainScan will not use this security login.

The security object can be tested against any known device. To do this, select the security object, and then select the device name in the list.

Mail server up

In this panel, a default email server can be defined. Server settings are used by email responses.

Mail server (SMTP)

The name of a SMTP capable mail server.

The port to connect to. By standard, port 25 is assigned to SMTP services, but in case another port is set, then set the appropriate number here.

Sender address
The email address of the sender.

Sender name (optional)
By default, DomainScan will identify itself as DomainScan in emails. However, one can alter this identification string here.

Connect as
If the mail server requires authentication, then assign the appropriate Security object to the server, and DomainScan will authenticate itself against the mail server.

To test that the server settings are valid, enter the name of a receiver and type something in the subject field (some mail servers may require that the subject field is not empty), and click Test

SMTP related settings

Bundle messages
If enabled, then DomainScan will bundle all messages that are to be sent to email receivers, which means that one response will only send a single mail, possible with information about multiple events, instead of a mail for each event that triggers an email-response.

Send daily 'heartbeat' message to
If this field is set then DomainScan will, once a day, issue a 'heartbeat' message that indicates that DomainScan is running correctly.

The heartbeat message will be sent just after the time that is specified in the hrs field. I.e., if it is set to 6, then DomainScan will issue the message at the first scan cycle that occur after 6.

Upon task deadline; send nagging mail
If a task deadline has been reached, and the deadline is assigned to a user, then DomainScan will send a mail to the user each day at the specified time.

The mail will be resend each day until the task deadline has been cleared, or the email option for the task has been disabled.

Mail queue folder
If one wishes to save all outgoing mails that are created by DomainScan, then one can specify a queue folder.

DomainScan will then save all successfully sent mail in a \success subfolder, and all messages that could not be delivered to a \failure subfolder.

Attempt sending for # minutes
Select the period for which DomainScan must try to send mails that could not be delivered the first time.

For this functionality to work, one must specify a mail queue folder, where DomainScan will store unsent mails temporarily in the Queue subfolder until the mail is either sent or aborted.

Advanced options up

Worker threads

Worker thread timeout (sec)
Set the time that a worker thread can use to scan a device. The time is the basic time, and if an audit is to be collected or if one or more monitors are enabled for the device, then the time will be extended.

The extension is as follows:
  • Server audit: 1 minute added
  • Processes, services, hot fixes: 30 seconds.
  • Monitors: 10 sec per monitor.

If a lot of timeouts are seen on the network, then increase the timeout value. However this will also increase the overall scan time for the entire network.

Concurrent worker thread
To scan a device, DomainScan launches a worker thread that performs monitoring tasks.By default only 2 threads are enabled, but up to 128 threads can be used concurrently.

Allow multithreaded preprocessing
When enabled then Windows network discovery will be multithreaded, which means that the host will search for devices in multiple domains at the same time.
This may reduce the total scan cycle time with as much as 50% (especially in environments with a lot of workgroups).


Disable scanning for installed programs
If this option is set, then DomainScan will not scan for installed programs during audit operations, regardless of other settings.

Ignore ‘ghost’ users on Windows NT 4
The WMI interface on NT4 devices contains a bug that causes the caller to be identified as the current user, if no user is logged into the NT device.

Limit scan to machine domain
If this option is enabled, then DomainScan will only monitor the same domain as the host server is a member of, and all other domains will be ignored.

DomainScan connects as domain\\admin but no one is logged into the device. Therefore, the WMI interface may return ‘admin’ as the current user.

This option will cause DomainScan to ignore a local username, if the username is identical to the name that DomainScan use.

Monitor the number of User sessions.
If needed, then DomainScan can monitor the number of user sessions on a device. Server audit must also be enabled on devices where this monitor must work.
User sessions are the total number of users that using a device – either by being logged onto the console on the device, or by being connected to the device remotely.

User detection fix
The WMI interface contains another bug that was not corrected before Windows XP. The bug causes that users, without administrative rights, were not detected by the WMI interface.

To correct this bug, DomainScan can be set to scan the device for a user using an alternative method. The method bypasses the WMI interface, and will normally resolve the correct username, unless the device is a terminal server capable device.

Use LAN manager to detect computers and servers.
The LAN manager interface, that is a part of the Microsoft network standard, provides a number of flags that identifies the role of a device. This list of roles can be read even if a device is otherwise locked down security-wise.
If this option is enabled, then DomainScan will use these flags, if available for the device, to detect whether or not a device is a computer or server.

Allow recover from critical database stops
When the host server is restarted, DomainScan is forced to quit, maybe even abruptly. There is a small chance that this may occur while updating database headers after a scan cycle.
This is considered a critical stop because it can result in a scan cycle being lost. Thus there is a theoretical risk that the database may be corrupted.
With this option, DomainScan will restore automatically, otherwise DomainScan will refuse to start.
For security reasons this option will only work if backup is enabled.

Submit errors to GH Software
In case that DomainScan Engine experiences a problem, then the error code will be sent to GH Software when this option is enabled.
The information that is sent to GH Software is only used internally by GH Software to gain knowledge about the real-life DomainScan quality.

TCP and Ping settings

Prefer IPv6 over IPv4
If set, then DomainScan will try to resolve network names via the IPv6 protocol before trying the IPv4 protocol. Otherwise, IPv4 will be tried first.
One may experience a slightly longer scan if DomainScan tries the lesser used protocol first.

By default, a ping request will have a timeout period of 1 second and the ping will be retried once in case that the first ping did time out.

Database up

Information up

This panel shows more details about the current database.

In Utilization (Always / Today) the number of computers, network devices and users are shown. The text to the left shows statistics for today, and the numbers are cleared by midnight. The select list is never cleared and shows the extreme value for each one hour interval.

These numbers are cumulative numbers for all domains. See Domain settings for domain specific usage numbers.

Location and backup up

Only the local DomainScan Client can change the database location.
For all remote DomainScan Client’s, this panel will be read-only.
Furthermore, this panel will be disabled, if DomainScan Client cannot connect to registry on the server.

Database files

Database store
The directory where the database store is located.

DomainScan supports online database file moving, so that it is possible to move the database without reinstalling or reconfiguring DomainScan. The database will be moved by DomainScan Engine at the beginning of next scan, and all necessary changes will be created manually.

The database name can only be set with the Setup Wizard.

Log files
The directory where the log file is located.

The base directory where per-device folders are created as sub directories.

Organize and manage documentation

One can also use this folder structure to place custom files, such as setup details, documentation, specifications etc. about the various devices and users.

Use main directory
If checked, then the log file / other files will be located in the same directory as the database file. This is the default behavior.


It is highly recommended that a backup strategy is implemented in case of critical errors, so that the database can be restored from an earlier backup.

DomainScan performs the backup operation at midnight.

Enable daily backup
Check this to enable backup. The backup is performed at the first scan after midnight each day. Database files, per-device folders and registry settings will all be backed up

The path where the backup is placed.

Backup to 'date' folders
If enabled (the default), then DomainScan will create a subdirectory to the backup location folder, and place the backup in this directory. This means that it is possible to go back to a specific date if needed.
The backup-database file can also be mounted directly by DomainScan if needed.


If the backup is to be placed in d:\backup, and the subdirectory option is enabled, then backup from January 1st and 2nd will be placed in d:\backup\2006-01-01 and d:\backup\2006-01-02.

Note: The naming convention follows the ISO 8601 standard

Compress backup folder
If checked, then DomainScan will try to enable file-system compression on the backup folder. The operation is supported on NTFS formatted disk partitions.

Skip service log file
If checked, then DomainScan will omit to backup the log file. Recovery is still possible because DomainScan does not rely on the log file.
Note: The event file will still be backed up if this option is enabled

Truncate service and global event log after backup
If checked, then DomainScan will delete and recreate the service and global event log file (but not per-device event files) after a successful backup.

Information up

About up

This section shows information about the current version of DomainScan. The section also contains useful links for support and documentation.

DomainScan iConnect up

The Online section is a component that can retrieve news and update information from the GH Software Website


To turn the component off, uncheck this option.

Check for updates
If checked, then DomainScan will periodically check for updates in intervals that are set in the interval list.

Allow statistics to be collected
If set, then DomainScan will send usage statistics to GH Software when checking for updates.
The information that is sent to GH Software is only used internally by GH Software to gain knowledge about the real-life DomainScan quality.

  2003 - 2019 GH Software aka GHIT ApS. Contact