Just thought I would let everyone on the list know that Foundstone and Eeye both have really nice docs on how to do scans and get the same results without admin rights by settings corrects perms on registry keys and allowing access to C$ / IPC$ / etc.
ISS, get on the ball, y'all. -- sk00t On Wed, 21 Dec 2005, sk00t wrote: > I have been researching the need for an account with administrative rights > for running scans of Windows boxes. Our NT administrators are uncomfortable > with this, and I think understandably so. If someone came to me and said they > needed a service account with admin access to all boxes on the domain for > their application to run, I would tell them it's a really bad idea, so it > reflects poorly on us when the security team is asking for this, doesn't it? > > Has anyone found a better way to do this? With Nessus (ahem), I have been > able to create a non-admin account with interactive login disabled and just > rights to specific registry keys to perform scans for patches. Can I do the > same, or something similar for Scanner? > > To me this is a much better way to do this, because it's more suited to > leaving the account enable for automated scans. > > Any thoughts from the group? > > > Thanks! > > > -- sk00t > _______________________________________________ ISSForum mailing list ISSForum@iss.net TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
