Ray, What steps other than disabling the firewall and enabling remote desktop were taken on this system? There's a blog entry for scanning Windows Vista systems for FDCC Compliance which details steps to enable policy compliance scanning on systems with Security Center such as Vista (or 2008).
I am currently successfully scanning a Windows 2008 system for audit compliance, and IIRC, I configured it using the steps in this blog entry: http://blog.tenablesecurity.com/2008/02/testing-windows.html Paul Ray Van Dolson wrote: > On Fri, Nov 07, 2008 at 06:29:45AM -0800, Paul Davis wrote: >> Ray, >> >> How is the following configuration set on your Windows 2008 system: >> >> Control Panel (Classic View) => System => Remote settings (upper left >> hand corner). It should be set to: "Allow connections from computers >> running any version of Remote Desktop". >> >> Let me know if this helps. >> >> Paul >> > > Thanks Paul. This is how it was already set. I have no problems > connecting via Remote Desktop as the 'nessus' user account that was set > up in this case either. > > It seems the SMB connection is what isn't working. > > Also have opened a support request with you guys. > > Thanks for the response! > > Ray > >> Ray Van Dolson wrote: >>> Hi all, I'm trying to run a credentialed scan against a Windows Server >>> 2008 machine from a box running Nessus 3.2.1. I initially was doing >>> this from NessusClient, but am testing with nasl as follows: >>> >>> ./nasl -T /tmp/hi.log -X -t 10.49.102.75 \ >>> /opt/nessus/lib/nessus/plugins/compliance_check.nbin >>> >>> Then providing a valid SMB account as prompted. >>> >>> The problem is that none of the credentialed checks appear to be >>> succeeding. I have verified that the account supplied is in the local >>> Administrators group, and I can remote desktop into the machine as that >>> user just fine. >>> >>> Output from the nasl command is as follows: >>> >>> There was an error during compliance check initialization. Nessus returned >>> the following error message : >>> Some errors occurred when attempting to perform the compliance checks : >>> can't initialize the audit engine: AUDIT_ERROR_NO_SOCKET: an error >>> happened while opening a socket >>> >>> I did a tcpdump while running the above command and noticed that >>> Windows responds with a 'reset' packet in response to Nessus' initial >>> packet to port 445 -- almost like a firewall. However, the firewall is >>> disabled on this machine. >>> >>> Also, I am unable to connect to the default shares on the machine using >>> smbclient (C$, ADMIN$). I get the following error there: >>> >>> $ smbclient //STDBSTG/C$ -I 10.49.102.175 -U nessus >>> Password: >>> Domain=[STDBSTG] OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack >>> 1] Server=[Windows Server (R) 2008 Enterprise 6.0] >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> >>> Perhaps this is related. >>> >>> Anyone have any suggestions? I figure this must be some security >>> setting in 2008... >>> >>> Thanks, >>> Ray > -- Best Regards, Paul Davis Research Engineer Tenable Network Security Inc Phone: 410.872.0555 x245 www.tenablesecurity.com Is your network TENABLE? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
