WinXP and win2k3 won't let you authenticate with local admin over a network.
Jk Sent from Jim's iPhone On Mar 4, 2009, at 12:00 PM, "nessus-requ...@list.nessus.org" <nessus-requ...@list.nessus.org > wrote: > Send Nessus mailing list submissions to > nessus@list.nessus.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.nessus.org/mailman/listinfo/nessus > or, via email, send a message with subject or body 'help' to > nessus-requ...@list.nessus.org > > You can reach the person managing the list at > nessus-ow...@list.nessus.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Nessus digest..." > > > Today's Topics: > > 1. RE: Unable to get Nessus to run local checks on Windows > servers (Jones, David H) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 3 Mar 2009 11:07:48 -0600 > From: "Jones, David H" <jones.davi...@principal.com> > Subject: RE: Unable to get Nessus to run local checks on Windows > servers > To: "Hart, Lee Anne (AHRQ/IOD)" <leeanne.h...@ahrq.hhs.gov>, > "nessus@list.nessus.org" <nessus@list.nessus.org> > Message-ID: > > <18e3472326219848899e4980bfe573b32b820...@pfgdsmmbx001.principalusa.corp.principal.com > > > > > Content-Type: text/plain; charset="us-ascii" > > Some time near the end of 2008, it seems that Microsoft "patched" > something that changed the behavior of SMB access to remote > registries. The team that handles Windows/AD at the company I'm at > spent about a week trying to figure out what the issue was. We also > used to use a local admin account and connect remotely to servers, > but it no longer works. It seems that in an AD environment, one > must use an AD account to access remote registries. > > We eventually moved down the path of having a domain account created > for nessus to use, and when a scan is needed, a server admin will > drop the AD account in to the local admin group. This solved our > access/scanning issue, but it doesn't make ad-hoc scanning any > easier. However, it was a suitable compromise between complete > failure, and a full admin level AD account. > > There's more info out there in the exact technical details, but I > dealt with this last several months ago, and all that info has > fallen out of RAM. > > Hope that helps at least. > > > > > David Jones > Principal Financial Group > I/S Information Security > 711 High Street > Des Moines, IA 50392-0257 > > Email: jones.davi...@principal.com > Phone: 515.362.2224 > > -----Original Message----- > From: nessus-boun...@list.nessus.org [mailto:nessus-boun...@list.nessus.org > ] On Behalf Of Hart, Lee Anne (AHRQ/IOD) > Sent: Thursday, February 19, 2009 10:00 AM > To: nessus@list.nessus.org > Subject: Unable to get Nessus to run local checks on Windows servers > > Hello, > > > > I'm having trouble determining why the SMB credentials I've > configured are not able to login and run the local checks on our > Windows 2003 SP 2 servers. I can login using the same credentials > over remote desktop but the Nessus scans gets locked out. I have > ensured the user name and password is correct and that the account > is part of the local admin group. We do not control the domain so I > cannot get a domain account. Will a local admin account work? > > > > Thanks, > > Lee Anne > > > > -----Message Disclaimer----- > > This e-mail message is intended only for the use of the individual or > entity to which it is addressed, and may contain information that is > privileged, confidential and exempt from disclosure under applicable > law. > If you are not the intended recipient, any dissemination, > distribution or > copying of this communication is strictly prohibited. If you have > received this communication in error, please notify us immediately by > reply email to conn...@principal.com and delete or destroy all > copies of > the original message and attachments thereto. Email sent to or from > the > Principal Financial Group or any of its member companies may be > retained > as required by law or regulation. > > Nothing in this message is intended to constitute an Electronic > signature > for purposes of the Uniform Electronic Transactions Act (UETA) or the > Electronic Signatures in Global and National Commerce Act ("E-Sign") > unless a specific statement to the contrary is included in this > message. > > While this communication may be used to promote or market a > transaction > or an idea that is discussed in the publication, it is intended to > provide > general information about the subject matter covered and is provided > with > the understanding that The Principal is not rendering legal, > accounting, > or tax advice. It is not a marketed opinion and may not be used to > avoid > penalties under the Internal Revenue Code. You should consult with > appropriate counsel or other advisors on all matters pertaining to > legal, > tax, or accounting obligations and requirements. > > > > ------------------------------ > > _______________________________________________ > Nessus mailing list > Nessus@list.nessus.org > http://mail.nessus.org/mailman/listinfo/nessus > > End of Nessus Digest, Vol 65, Issue 1 > ************************************* _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus