I have been researching the need for an account with administrative rights for running scans of Windows boxes. Our NT administrators are uncomfortable with this, and I think understandably so. If someone came to me and said they needed a service account with admin access to all boxes on the domain for their application to run, I would tell them it's a really bad idea, so it reflects poorly on us when the security team is asking for this, doesn't it?
Has anyone found a better way to do this? With Nessus (ahem), I have been able to create a non-admin account with interactive login disabled and just rights to specific registry keys to perform scans for patches. Can I do the same, or something similar for Scanner? To me this is a much better way to do this, because it's more suited to leaving the account enable for automated scans. Any thoughts from the group? Thanks! -- sk00t _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
