In the Internet Scanner product, there is a significant dependency in Windows environments on having an Admin account, in order to gain full access to the windows host.
In my experience, an admin account is used that has rights to all hosts that are being scanned, and these are scanned every night. What I've observed is that is the domain admin account has been locked out, or even is it is within the 7 day window where the user is prompted if they are going to chance the password, then the account used for scanning is not granted access to the hosts, and therefore the scanner can't access the full hosts. Effectively, the scanner is prevented from produce a viable report of the vulnerabilities because it didn't have access to the host. Has anybody identified this before? Has anyone identified a mechanism where the scanner admin is notified that the scan wouldn't have accurate vulnerability data, because it didn't have access to the windows host? I'm looking for any insights, tools, work-arounds, and procedural accommodations that would address this issue of having scans that have incomplete data, because the account used to scan didn't have access. Dan Widger Security Engr _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
