WinXP and win2k3 won't let you authenticate with local admin over a
network.
Jk
Sent from Jim's iPhone
On Mar 4, 2009, at 12:00 PM, "nessus-request@list.nessus.org" <nessus-request@list.nessus.org
> wrote:
> Send Nessus mailing list submissions to
> nessus@list.nessus.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.nessus.org/mailman/listinfo/nessus
> or, via email, send a message with subject or body 'help' to
> nessus-request@list.nessus.org
>
> You can reach the person managing the list at
> nessus-owner@list.nessus.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nessus digest..."
>
>
> Today's Topics:
>
> 1. RE: Unable to get Nessus to run local checks on Windows
> servers (Jones, David H)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 3 Mar 2009 11:07:48 -0600
> From: "Jones, David H" <Jones.David.H@principal.com>
> Subject: RE: Unable to get Nessus to run local checks on Windows
> servers
> To: "Hart, Lee Anne (AHRQ/IOD)" <LeeAnne.Hart@AHRQ.hhs.gov>,
> "nessus@list.nessus.org" <nessus@list.nessus.org>
> Message-ID:
> <18E3472326219848899E4980BFE573B32B820E10@PFGDSMMBX001.principalusa.corp.principal.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Some time near the end of 2008, it seems that Microsoft "patched"
> something that changed the behavior of SMB access to remote
> registries. The team that handles Windows/AD at the company I'm at
> spent about a week trying to figure out what the issue was. We also
> used to use a local admin account and connect remotely to servers,
> but it no longer works. It seems that in an AD environment, one
> must use an AD account to access remote registries.
>
> We eventually moved down the path of having a domain account created
> for nessus to use, and when a scan is needed, a server admin will
> drop the AD account in to the local admin group. This solved our
> access/scanning issue, but it doesn't make ad-hoc scanning any
> easier. However, it was a suitable compromise between complete
> failure, and a full admin level AD account.
>
> There's more info out there in the exact technical details, but I
> dealt with this last several months ago, and all that info has
> fallen out of RAM.
>
> Hope that helps at least.
>
>
>
>
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
>
> Email: jones.david.h@principal.com
> Phone: 515.362.2224
>
> -----Original Message-----
> From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org
> ] On Behalf Of Hart, Lee Anne (AHRQ/IOD)
> Sent: Thursday, February 19, 2009 10:00 AM
> To: nessus@list.nessus.org
> Subject: Unable to get Nessus to run local checks on Windows servers
>
> Hello,
>
>
>
> I'm having trouble determining why the SMB credentials I've
> configured are not able to login and run the local checks on our
> Windows 2003 SP 2 servers. I can login using the same credentials
> over remote desktop but the Nessus scans gets locked out. I have
> ensured the user name and password is correct and that the account
> is part of the local admin group. We do not control the domain so I
> cannot get a domain account. Will a local admin account work?
>
>
>
> Thanks,
>
> Lee Anne
>
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable
> law.
> If you are not the intended recipient, any dissemination,
> distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect@principal.com and delete or destroy all
> copies of
> the original message and attachments thereto. Email sent to or from
> the
> Principal Financial Group or any of its member companies may be
> retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic
> signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this
> message.
>
> While this communication may be used to promote or market a
> transaction
> or an idea that is discussed in the publication, it is intended to
> provide
> general information about the subject matter covered and is provided
> with
> the understanding that The Principal is not rendering legal,
> accounting,
> or tax advice. It is not a marketed opinion and may not be used to
> avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to
> legal,
> tax, or accounting obligations and requirements.
>
>
>
> ------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
> End of Nessus Digest, Vol 65, Issue 1
> *************************************
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
network.
Jk
Sent from Jim's iPhone
On Mar 4, 2009, at 12:00 PM, "nessus-request@list.nessus.org" <nessus-request@list.nessus.org
> wrote:
> Send Nessus mailing list submissions to
> nessus@list.nessus.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.nessus.org/mailman/listinfo/nessus
> or, via email, send a message with subject or body 'help' to
> nessus-request@list.nessus.org
>
> You can reach the person managing the list at
> nessus-owner@list.nessus.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nessus digest..."
>
>
> Today's Topics:
>
> 1. RE: Unable to get Nessus to run local checks on Windows
> servers (Jones, David H)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 3 Mar 2009 11:07:48 -0600
> From: "Jones, David H" <Jones.David.H@principal.com>
> Subject: RE: Unable to get Nessus to run local checks on Windows
> servers
> To: "Hart, Lee Anne (AHRQ/IOD)" <LeeAnne.Hart@AHRQ.hhs.gov>,
> "nessus@list.nessus.org" <nessus@list.nessus.org>
> Message-ID:
> <18E3472326219848899E4980BFE573B32B820E10@PFGDSMMBX001.principalusa.corp.principal.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Some time near the end of 2008, it seems that Microsoft "patched"
> something that changed the behavior of SMB access to remote
> registries. The team that handles Windows/AD at the company I'm at
> spent about a week trying to figure out what the issue was. We also
> used to use a local admin account and connect remotely to servers,
> but it no longer works. It seems that in an AD environment, one
> must use an AD account to access remote registries.
>
> We eventually moved down the path of having a domain account created
> for nessus to use, and when a scan is needed, a server admin will
> drop the AD account in to the local admin group. This solved our
> access/scanning issue, but it doesn't make ad-hoc scanning any
> easier. However, it was a suitable compromise between complete
> failure, and a full admin level AD account.
>
> There's more info out there in the exact technical details, but I
> dealt with this last several months ago, and all that info has
> fallen out of RAM.
>
> Hope that helps at least.
>
>
>
>
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
>
> Email: jones.david.h@principal.com
> Phone: 515.362.2224
>
> -----Original Message-----
> From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org
> ] On Behalf Of Hart, Lee Anne (AHRQ/IOD)
> Sent: Thursday, February 19, 2009 10:00 AM
> To: nessus@list.nessus.org
> Subject: Unable to get Nessus to run local checks on Windows servers
>
> Hello,
>
>
>
> I'm having trouble determining why the SMB credentials I've
> configured are not able to login and run the local checks on our
> Windows 2003 SP 2 servers. I can login using the same credentials
> over remote desktop but the Nessus scans gets locked out. I have
> ensured the user name and password is correct and that the account
> is part of the local admin group. We do not control the domain so I
> cannot get a domain account. Will a local admin account work?
>
>
>
> Thanks,
>
> Lee Anne
>
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable
> law.
> If you are not the intended recipient, any dissemination,
> distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect@principal.com and delete or destroy all
> copies of
> the original message and attachments thereto. Email sent to or from
> the
> Principal Financial Group or any of its member companies may be
> retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic
> signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this
> message.
>
> While this communication may be used to promote or market a
> transaction
> or an idea that is discussed in the publication, it is intended to
> provide
> general information about the subject matter covered and is provided
> with
> the understanding that The Principal is not rendering legal,
> accounting,
> or tax advice. It is not a marketed opinion and may not be used to
> avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to
> legal,
> tax, or accounting obligations and requirements.
>
>
>
> ------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
> End of Nessus Digest, Vol 65, Issue 1
> *************************************
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus