We may have found the plugin problem and it was not related to 10428.. Our authentication problems appear to be coming from 10396 where it is setting dom =kb_smb_domain(); from another plugin that "learned" the domain the user is in. This does not allow us to provide local system credentials.
This was confirmed by manually setting dom = ""; in that plugin to force it not to use the domain learned from kb_smb_domain();. Seems like this script cannot possibly take into account the domain provided in the scan. Danny -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Pouvesle Sent: Tuesday, March 07, 2006 8:12 PM To: [email protected] Subject: Re: Plugin 10428 dependency On Tue, 2006-03-07 at 15:59 -0600, Mallory, Danny wrote: > Anyone else seem to have issues with this plugin being a dependency > for some other authenticated based test? This plugin seems a bit weird > and backwards in that it test for full access, but only reports if > none is achieved. If this plugin is sucessful (access was not > achieved) then it is reported, and the other scripts depending on it > don't run. > > This script seems a bit confusing at best :) This plugin checks if you have a full read access to the registry. If it is not the case we try to avoid doing registry based checks because it may produce false positives. For example, Windows security hotfixes are in 2 different locations: SOFTWARE\Microsoft\Updates SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix One location can only be read with full access (checked by plugin 10428) and sometimes patches are only present in this one. So if this plugin reports that it was not possible to fully read the registry with the account you used, you should change your account. If you want to use credential checks under windows you need an administrator account : http://www.nessus.org/documentation/nessus_credential_checks.pdf Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
