Good Morning everyone, The third step in the blog states "Prohibit use of Internet connection firewall on your DNS domain. This setting should either be "Disabled" or "Not Configured". http://blog.tenablesecurity.com/2008/02/testing-windows.html
The problem is FDCC Requires the setting to be Enabled, changing the setting would cause the workstation to fails FDCC com pliancy because it would fail the check for CCE-241 http://nvd.nist.gov/fdcc/download_fdcc.cfm With the potential for my client to have thousands of Vista workstations, and the requirement to be fully FDCC compliant. I'm not sure how any remote vulnerability assessment software can be used without moving to a agent based scanner. This is only my two shiny centavos --John van Meter -- "When the legend becomes fact, print the legend." -------------- Original message ---------------------- From: Paul Davis <[EMAIL PROTECTED]> > Thanks for the update John! Are you good to go now? > > Paul > > [EMAIL PROTECTED] wrote: > > Good Morning Paul and thank you for the information. > > > > > > 1. To turn off UAC completely, open up the Control Panel, select "User > Accounts" and then "Turn User Account Control" to off. This is not > possible, > because the workstation would no longer be FDCC complient with the failure of > CCE-4907-2. > > > > 2. I created the LocalAccountTokenFilterPolicy as a Dword and set the > > value > to one. > > > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountToken > FilterPolicy > > > > 3. Remote Registry Service, was set to Manual by default on my Windows > > Vista > Business workstation , and should have started when something tried to use > it. > > > > I looked at both the FDCC V1.0 Q3 2008 Group Policies for Vista and > FDCC-Settings-major-version-1.0 spread sheet and the remote registry service > is > not defined. Starting the service and rerunning a scan for FDCC Compliance > doesn't create any new failures. > > > > I set the remote registry service to automatic and rebooted the > > workstation. > When I reran my Nessus scan had access to the registry. > > > > I still have to verify that the firewall changes don't create FDCC failures. > > > > Take Care and Have Fun --John > > > > > > > > > > > > -- > > "When the legend becomes fact, print the legend." > > > > > > -------------- Original message ---------------------- > > From: Paul Davis <[EMAIL PROTECTED]> > >> John, > >> > >> Have you enabled the "RemoteRegistry" service and followed the other steps > >> delineated in this blog entry? > >> > >> http://blog.tenablesecurity.com/2008/02/testing-windows.html > >> > >> If not, please try it and let me know how it works for you. > >> > >> Paul > >> > >> [EMAIL PROTECTED] wrote: > >>> Hello Everyone, > >>> > >>> I have a questions about Nessuses ability to scan a Vista Workstation, > >>> with > >> the FDCC V1.0 Q3 2008 Vista Security Settings Group Policy applied. The > settings > >> I would like to talk about is under Security Options \ Run all > >> Administrators > in > >> Admin Approvel Mode that is enabled in FDCC V1.0 Q3 2008 Vista Security > Settings > >> Group Policy . The target workstation is a member of a domain, I ran a > >> remote > >> Nessus scan of my Vista workstation, the scan was ran with a domain > >> account. > >>> WIth the Run all Administrators in Admin Approvel Mode enabled, Nessus > report > >> that It was able to remotely connect to the Windows registry. The only > >> FDCC > >> Group Policy being applied to the target is FDCC V1.0 Q3 2008 Vista > >> Security > >> Settings. > >>> CCE-4907-2 requests that Run all Administrators in Admin Approvel Mode to > >>> be > >> enabled. This setting restrict admin account so that it doesn't have full > admin > >> rights. > >>> Locally you can run a admin task by right clicking on the program > >>> selecting > >> Run as administrators, then selecting allow. > >>> Remotely, the Nessus scan reported that it didn't have access to the > registry > >> and I believe this is due to the User Access Control in Vista restricting > admin > >> priveleges. > >>> Does Tenable have any plans of action to deal with this? > >>> > >>> Thank You for the information --John > >>> > >>> > >>> -- > >>> "When the legend becomes fact, print the legend." > >>> _______________________________________________ > >>> Nessus mailing list > >>> [email protected] > >>> http://mail.nessus.org/mailman/listinfo/nessus > >>> > >> -- > >> Best Regards, > >> > >> Paul Davis > >> Research Engineer > >> Tenable Network Security Inc > >> Phone: 410.872.0555 > >> www.tenablesecurity.com > >> > >> Is your network TENABLE? > > > > > > -- > Best Regards, > > Paul Davis > Research Engineer > Tenable Network Security Inc > Phone: 410.872.0555 > www.tenablesecurity.com > > Is your network TENABLE? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
