On Apr 25, 2005, at 5:45 AM, Martin wrote:
Hi Guys, I have a couple of questions for you....
I have read the documentation on setting up a domain account for
scanning windows machines, but what about machines that are not in a
domain? We have all our staff and faculty machines as members of a
domain with accounts, but our student machines are all in a local
workgroup and are not part of the domain.
All our student machines have the same local administrator account and
pwd, I tried entering this into the SMB credentials, checked that
remote registry service was running, and that the local admin group
had rights to read the registry but I seem unable to get any
information back from the scan apart from a couple of open ports,
which leads me to believe that Nessus is unable to read from the
remote registry. Any clues at to what to check for would be greatly
appreciated..
On Workgroup systems you must edit the policy to allow that
(gpedit.msc) :
Windows Settings -> Security Settings -> Local policies -> Security
Options
and change value of "Network access: Sharing and security model for
local accounts" to :
Classic - local users authenticate as themselves
Else when you try to do a remote logon your user (even if you use admin
account) will be authenticated as guest.
Also, with the Unix client it is obvious where to put any SMB
credentials, using the windows client am I correct in thinking that
under plugin preferences, there is a key for login configurations with
2 keys for SMB acct and pwd - is this the correct place for putting
the domain credentials....
Plugins -> configure plugins -> Login configurations -> SMB
account/password.
Nicolas
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
