You could enable the smb scanning options and put in a valid uid/password for your group.
I can't recall how specific the reports get, but if you're authorized you'll get a nice sized report of shares/users/resources that Windows coughs up to Nessus. This is pretty configurable. This may cause false positives in the sense that you will get intimate looks at the registry, that other users on your network don't see, of course. It will also give you the unique ability to see many more Windows specific vulnerabilities, as well, though. You can always use different Nessus accounts for scanning with different levels of privilege to get the multiple perspectives. Check out this excellent paper on using Nessus and domain priveleges to aid in scanning: http://www.nessus.org/doc/nessus_windows_scanning.pdf -----Original Message----- From: Elijah Savage [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 7:52 PM To: [EMAIL PROTECTED] Subject: Check for Admin Access I searched the archives and I could not find where this was asked before. I will just ask the question without going in to a bunch of detail. Is there anyway for me to use Nessus to scan our entire network and see what machines our admin group has access to, basically a way to determine if the domain admin group, is in the local administrators group on the pc's? _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
