Unfortunately mark, you are in error. You have to check the box for the
account to designated a verified account, otherwise it will be considered
unverified. Please review the interface and you will see the format.
Cheers,
-- L�
Lynn E. Lowrie
X 63032
GO ISS!!
---
"You do not really understand something
unless you can explain it to your grandmother."
- Albert Einstein, 1879 - 1955
---
-----Original Message-----
From: Evans, Mark (FSO Contractor) [mailto:[EMAIL PROTECTED]
Sent: Friday, March 25, 2005 9:47 AM
To: Lowrie, Lynn (ISSAtlanta); Eric Testa; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Scanning with administrative rights
I don't agree with this assessment. Entering an account in the
Knownaccounts.bin file is "VERIFIED" account, and should be used regardless
of the account lockout policy on the target machine. Unless you
specifically disable the account checks, this account shoulld be used at all
times.
-----Original Message-----
From: Lowrie, Lynn (ISSAtlanta) [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 24, 2005 9:06 AM
To: Eric Testa; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Scanning with administrative rights
Eric,
Since the default account used by Internet Scanner 7.0 is not that of the
logged on user, but rather that of the machine that it is installed upon,
automatic authentication based on your user account is not going to be a
factor.
What you would need to do is to add an entry into your KnownAccounts.bin
file using the machinename, username, and password of the account on the
target system and then use SmartScan (Common settings / Windows Logon
Session in the policy). Keep in mind that the logic incorporated into IS7.0
is such that unless the machinename/domain name matches, the account
name/password pair will not be attempted. Also keep in mind that for
SmartScan to function, your targets lockout policy must be within the
parameters set in your policy (same section mentioned above.) and be sure to
enable the "Drop current logon session" feature so that any currently
established connections with the potential target does not interfere with
Scanner connection attempts.
Hope that helps,
-- L�
Lynn E. Lowrie
GO ISS!!
---
"You do not really understand something
unless you can explain it to your grandmother."
- Albert Einstein, 1879 - 1955
---
-----Original Message-----
From: [EMAIL PROTECTED] On Behalf Of Eric Testa
Sent: Wednesday, March 23, 2005 11:56 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Scanning with administrative rights
I am having trouble scanning and gaining administrator rights on the target
machine.
My set up is as follows:
ISS Internet Scanner 7.0 on a Windows XP machine w/SP1. I am trying to scan
a standalone NT 4.0 SP6a machine that has local user accounts. I have set
up a user account and added the user to the administrator group. The
account that I created on the target machine is identical to the user name
and password that I am logged on to the XP machine running the internet
scanner (not sure if this makes a difference). I have also imputed the user
name and password in the knowaccounts.bin file enabled the smart scan.
Every time I run the scan I run the report and under the column
administrative access is says NO.
What am I doing wrong?
Thanks
Eric
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
