I was hoping to hear something from Tenable on the issue of scanning a FDCC Compliant Vista workstation. I've supported and recommended Nessus over the years, and I would be disappointed if I would have to stop using it.
Take Care --John -- "When the legend becomes fact, print the legend." -------------- Original message ---------------------- From: [EMAIL PROTECTED] > Good Morning everyone, The third step in the blog states "Prohibit use of > Internet connection firewall on your DNS domain. This setting should either > be > "Disabled" or "Not Configured". > http://blog.tenablesecurity.com/2008/02/testing-windows.html > > The problem is FDCC Requires the setting to be Enabled, changing the setting > would cause the workstation to fails FDCC com pliancy because it would fail > the > check for CCE-241 http://nvd.nist.gov/fdcc/download_fdcc.cfm > > > With the potential for my client to have thousands of Vista workstations, and > the requirement to be fully FDCC compliant. I'm not sure how any remote > vulnerability assessment software can be used without moving to a agent based > scanner. > > This is only my two shiny centavos --John van Meter > > -- > "When the legend becomes fact, print the legend." > > > -------------- Original message ---------------------- > From: Paul Davis <[EMAIL PROTECTED]> > > Thanks for the update John! Are you good to go now? > > > > Paul > > > > [EMAIL PROTECTED] wrote: > > > Good Morning Paul and thank you for the information. > > > > > > > > > 1. To turn off UAC completely, open up the Control Panel, select "User > > Accounts" and then "Turn User Account Control" to off. This is not > > possible, > > because the workstation would no longer be FDCC complient with the failure > > of > > CCE-4907-2. > > > > > > 2. I created the LocalAccountTokenFilterPolicy as a Dword and set the > > > value > > to one. > > > > > > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountToken > > FilterPolicy > > > > > > 3. Remote Registry Service, was set to Manual by default on my Windows > > > Vista > > Business workstation , and should have started when something tried to use > > it. > > > > > > I looked at both the FDCC V1.0 Q3 2008 Group Policies for Vista and > > FDCC-Settings-major-version-1.0 spread sheet and the remote registry > > service > is > > not defined. Starting the service and rerunning a scan for FDCC Compliance > > doesn't create any new failures. > > > > > > I set the remote registry service to automatic and rebooted the > > > workstation. > > When I reran my Nessus scan had access to the registry. > > > > > > I still have to verify that the firewall changes don't create FDCC > > > failures. > > > > > > Take Care and Have Fun --John > > > > > > > > > > > > > > > > > > -- > > > "When the legend becomes fact, print the legend." > > > > > > > > > -------------- Original message ---------------------- > > > From: Paul Davis <[EMAIL PROTECTED]> > > >> John, > > >> > > >> Have you enabled the "RemoteRegistry" service and followed the other > > >> steps > > >> delineated in this blog entry? > > >> > > >> http://blog.tenablesecurity.com/2008/02/testing-windows.html > > >> > > >> If not, please try it and let me know how it works for you. > > >> > > >> Paul > > >> > > >> [EMAIL PROTECTED] wrote: > > >>> Hello Everyone, > > >>> > > >>> I have a questions about Nessuses ability to scan a Vista Workstation, > with > > >> the FDCC V1.0 Q3 2008 Vista Security Settings Group Policy applied. The > > settings > > >> I would like to talk about is under Security Options \ Run all > Administrators > > in > > >> Admin Approvel Mode that is enabled in FDCC V1.0 Q3 2008 Vista Security > > Settings > > >> Group Policy . The target workstation is a member of a domain, I ran a > remote > > >> Nessus scan of my Vista workstation, the scan was ran with a domain > account. > > >>> WIth the Run all Administrators in Admin Approvel Mode enabled, Nessus > > report > > >> that It was able to remotely connect to the Windows registry. The only > > >> FDCC > > >> Group Policy being applied to the target is FDCC V1.0 Q3 2008 Vista > Security > > >> Settings. > > >>> CCE-4907-2 requests that Run all Administrators in Admin Approvel Mode > > >>> to > be > > >> enabled. This setting restrict admin account so that it doesn't have > > >> full > > admin > > >> rights. > > >>> Locally you can run a admin task by right clicking on the program > selecting > > >> Run as administrators, then selecting allow. > > >>> Remotely, the Nessus scan reported that it didn't have access to the > > registry > > >> and I believe this is due to the User Access Control in Vista > > >> restricting > > admin > > >> priveleges. > > >>> Does Tenable have any plans of action to deal with this? > > >>> > > >>> Thank You for the information --John > > >>> > > >>> > > >>> -- > > >>> "When the legend becomes fact, print the legend." > > >>> _______________________________________________ > > >>> Nessus mailing list > > >>> [email protected] > > >>> http://mail.nessus.org/mailman/listinfo/nessus > > >>> > > >> -- > > >> Best Regards, > > >> > > >> Paul Davis > > >> Research Engineer > > >> Tenable Network Security Inc > > >> Phone: 410.872.0555 > > >> www.tenablesecurity.com > > >> > > >> Is your network TENABLE? > > > > > > > > > > -- > > Best Regards, > > > > Paul Davis > > Research Engineer > > Tenable Network Security Inc > > Phone: 410.872.0555 > > www.tenablesecurity.com > > > > Is your network TENABLE? > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
