Nicolas Pouvesle wrote: > You need to provide administrator rights. > > On your windows machine, Remote Registry Service must be started. > If your system is a Worgroup you must do that to : > > run gpedit.msc > > go to Computer configuration -> Windows settings -> Security settings > -> Local Policies -> Security Options > > And switch value of "Network access: Sharing and security model for > local accounts" to Classic - local users authenticate as themselves. > > If you don't do that you will try to connect as guest and you won't be > able to look into the registry. This is a very interesting statement - does this affect other Windows checks too? I am currently experiencing the problem with Nessus that our IS managers aren't willing to let me run Nessus with a Domain Amin account [in order to have Local Admin level access]. I don't blame them - in fact I said it wasn't a good idea :-) - I don't want admin passwords lying around on our 16 Nessus servers! So instead it runs with a domain "test account" specifically set up for the purpose. However, it ain't a local admin - so can't do most of the Windows tests. Does anyone know a "magic" way of pushing out some form of "add domain account XXX to local admin group" via Active Directory policies or even regedit? I for one would LOVE to know. In fact, this really deserves a HOWTO. Most sites must be wanting to run Nessus against Windows boxes, and how safely and securely set up test accounts/etc are central to how well this would work. I could even volunteer! ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Jan 06 2005 - 00:37:24 PST