Some time near the end of 2008, it seems that Microsoft "patched" something that changed the behavior of SMB access to remote registries. The team that handles Windows/AD at the company I'm at spent about a week trying to figure out what the issue was. We also used to use a local admin account and connect remotely to servers, but it no longer works. It seems that in an AD environment, one must use an AD account to access remote registries.
We eventually moved down the path of having a domain account created for nessus to use, and when a scan is needed, a server admin will drop the AD account in to the local admin group. This solved our access/scanning issue, but it doesn't make ad-hoc scanning any easier. However, it was a suitable compromise between complete failure, and a full admin level AD account. There's more info out there in the exact technical details, but I dealt with this last several months ago, and all that info has fallen out of RAM. Hope that helps at least. David Jones Principal Financial Group I/S Information Security 711 High Street Des Moines, IA 50392-0257 Email: jones.davi...@principal.com Phone: 515.362.2224 -----Original Message----- From: nessus-boun...@list.nessus.org [mailto:nessus-boun...@list.nessus.org] On Behalf Of Hart, Lee Anne (AHRQ/IOD) Sent: Thursday, February 19, 2009 10:00 AM To: nessus@list.nessus.org Subject: Unable to get Nessus to run local checks on Windows servers Hello, I'm having trouble determining why the SMB credentials I've configured are not able to login and run the local checks on our Windows 2003 SP 2 servers. I can login using the same credentials over remote desktop but the Nessus scans gets locked out. I have ensured the user name and password is correct and that the account is part of the local admin group. We do not control the domain so I cannot get a domain account. Will a local admin account work? Thanks, Lee Anne -----Message Disclaimer----- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to conn...@principal.com and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message. While this communication may be used to promote or market a transaction or an idea that is discussed in the publication, it is intended to provide general information about the subject matter covered and is provided with the understanding that The Principal is not rendering legal, accounting, or tax advice. It is not a marketed opinion and may not be used to avoid penalties under the Internal Revenue Code. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, or accounting obligations and requirements. _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus