I will try the 2nd options on specific machines and if it works i will do it on several subnet and disable the network scan, only use previously discovered devices. Is it correct?
Another thing is, do i need to key in the admin credential on password management since the agent is already deployed, only need to enable the application usage tracking options ?
No, you shouldn't need anything extra. The installed agent should (on Windows) already be running in local system context. Credentials in the Password Manager are only used for remote acitvities, not for agents fully installed.