Mailing List Archive

reading specific registry values on remote computers with Domain Admin priveleges
I was wondering if it was possible to use Nessus to test a remote
computer's registry settings for specified settings (0 or 1) or some
arbitrary value and return false if not set to the specified value?

One of the things I'm not clear about is if having Domain Admin privs
would be sufficient to read a remote registry in the first place or
would I have to specifically enable remote registry access too.

I've got a series of registry keys I need to read (test) for
specified settings.

Is there an existing plugin anyone would suggest I look at as a
starting point?

Jim
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: reading specific registry values on remote computers with Domain Admin priveleges [ In reply to ]
Most of the windows patch checks are registry checks, actually. IIRC. Take a
look at one of those for an example. That's one great thing about Nessus
over the other competitors, even since it went closed source. I use another
product at work that doesn't keep the plugins in the clear, and it drives me
crazy trying to track down which plugin is doing what on my net.

If you have domain admin privs on the machine, you should be able to log on
and see the registry. I would try checking a machine that is a known
quantity and using your credentials and see what you get. If you take a look
in the logs, it'll warn you if it was unable to log into the machine...
it'll say something about unable to log in, ignoring the local checks.

On 10/14/06, James Kelly <macubergeek@comcast.net> wrote:
>
> I was wondering if it was possible to use Nessus to test a remote
> computer's registry settings for specified settings (0 or 1) or some
> arbitrary value and return false if not set to the specified value?
>
> One of the things I'm not clear about is if having Domain Admin privs
> would be sufficient to read a remote registry in the first place or
> would I have to specifically enable remote registry access too.
>
> I've got a series of registry keys I need to read (test) for
> specified settings.
>
> Is there an existing plugin anyone would suggest I look at as a
> starting point?
>
> Jim
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>



--
Doug Nordwall
Unix, Network, and Security Administrator
Noise proves nothing. Often a hen who has merely laid an egg cackles as if
she laid an asteroid. -- Mark Twain