Good Morning Paul and thank you for the information.
1. To turn off UAC completely, open up the Control Panel, select "User Accounts" and then "Turn User Account Control" to off. This is not possible, because the workstation would no longer be FDCC complient with the failure of CCE-4907-2. 2. I created the LocalAccountTokenFilterPolicy as a Dword and set the value to one. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy 3. Remote Registry Service, was set to Manual by default on my Windows Vista Business workstation , and should have started when something tried to use it. I looked at both the FDCC V1.0 Q3 2008 Group Policies for Vista and FDCC-Settings-major-version-1.0 spread sheet and the remote registry service is not defined. Starting the service and rerunning a scan for FDCC Compliance doesn't create any new failures. I set the remote registry service to automatic and rebooted the workstation. When I reran my Nessus scan had access to the registry. I still have to verify that the firewall changes don't create FDCC failures. Take Care and Have Fun --John -- "When the legend becomes fact, print the legend." -------------- Original message ---------------------- From: Paul Davis <[EMAIL PROTECTED]> > John, > > Have you enabled the "RemoteRegistry" service and followed the other steps > delineated in this blog entry? > > http://blog.tenablesecurity.com/2008/02/testing-windows.html > > If not, please try it and let me know how it works for you. > > Paul > > [EMAIL PROTECTED] wrote: > > Hello Everyone, > > > > I have a questions about Nessuses ability to scan a Vista Workstation, with > the FDCC V1.0 Q3 2008 Vista Security Settings Group Policy applied. The > settings > I would like to talk about is under Security Options \ Run all Administrators > in > Admin Approvel Mode that is enabled in FDCC V1.0 Q3 2008 Vista Security > Settings > Group Policy . The target workstation is a member of a domain, I ran a remote > Nessus scan of my Vista workstation, the scan was ran with a domain account. > > > > WIth the Run all Administrators in Admin Approvel Mode enabled, Nessus > > report > that It was able to remotely connect to the Windows registry. The only FDCC > Group Policy being applied to the target is FDCC V1.0 Q3 2008 Vista Security > Settings. > > > > CCE-4907-2 requests that Run all Administrators in Admin Approvel Mode to > > be > enabled. This setting restrict admin account so that it doesn't have full > admin > rights. > > > > Locally you can run a admin task by right clicking on the program selecting > Run as administrators, then selecting allow. > > > > Remotely, the Nessus scan reported that it didn't have access to the > > registry > and I believe this is due to the User Access Control in Vista restricting > admin > priveleges. > > > > Does Tenable have any plans of action to deal with this? > > > > Thank You for the information --John > > > > > > -- > > "When the legend becomes fact, print the legend." > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > -- > Best Regards, > > Paul Davis > Research Engineer > Tenable Network Security Inc > Phone: 410.872.0555 > www.tenablesecurity.com > > Is your network TENABLE? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
