Hi Jason,
Being able to log into a host with full privileges and then launch some
services is an interesting request. We've avoided it because Nessus is
an auditing tool and not a management tool. We did not want to walk down
the path of launching services, making registry changes, installing
patches, .etc.
WMI and registry access is needed for some checks, but patch auditing
uses SMB access. Depending on the check, WMI and registry access might
not be needed - certainly not 99% of the Windows checks.
Was it not possible these computers were up to date?
Were these computers Windows XP and not Windows XP Pro?
Ron Gula
Tenable Network Security
Jason Haar wrote:
> Hi there
>
> We recently acquired a company and used Nessus to do an initial
> vulnerability assessment - to ensure the site is in good shape. It
> failed to discover much at all - even thought it ran with Domain Admin
> privs.
>
> Ends up none of their PCs have either WMI or Remote Registry services
> enabled - which these days knocks 99% of nessus's checks on the head?
>
> Now I know the Nessus docs say that these services have to be enabled,
> but that means AD Policies, and for smaller sites that's actually a bit
> difficult ("AD policies? What does 'AD' stand for?").
>
> Could Nessus look at the option of attempting to remotely start those
> services if they are not running? Easier said than done I know, but it
> never hurts to ask. The reality is that we used to have (>1 year ago)
> great success at running Nessus against such sites with nothing but
> Domain Admin privs, but these days that doesn't appear to be enough.
>
> Thanks
>
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
