Skip to main content
Skip table of contents

Authenticated Scanning Using SMB



Purpose

This document provide an overview of Windows configuration required for authenticated scans using OUTSCAN or HIAB.

Introduction

This guide provides you with a complete technical procedure for Authenticated Scanning Using SMB covering all the supported Windows targets. Each section is also available as its own separate document.

Requirement

This document has been elaborated under the assumption the reader has access to the OUTSCAN/HIAB account and Portal Interface.

If another account than Domain Administrator is used, it needs to either be a Domain User Account or a local user part of the AdministratorGroup to succeed with the authentication. If a Domain User Account is used, it need to be a member of the Administrators group, this user will run with full administrator access enabled, therefore User Account Control (UAC) does not need to be disabled. If a Local User is used ensure that the local account is included in the Administrators Group.

In order for an authenticated scan on windows to succeed, the Windows Update service (wuauserv) need to be enabled and running (it is by default). Without this service, the target cannot be queried for complete patch information which will cause reports to be incorrect.

Authenticated Scanning 

This guide consists of technical procedures to succeed with authenticated scanning for Windows targets when using OUTSCAN or HIAB.

This document covers procedure for:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows 2008 R2 Server
  • Windows 2012 R2 Server
  • Windows 2016 Server
  • Windows 2019 Server
  • Core Installation


When performing authenticated scanning against windows hosts, the scanner creates and starts a service called O24 Auth on the target machine.
This service is used to execute commands on the target and send the results back to the scanner.
Do not remove the service during scanning, it will stop and remove itself after it is done.

Authenticated Scanning Using SMB requires .NET framework version 3.5 or higher.



Windows 7 

To succeed with authenticated scanning using SMB for Windows 7 targets, follow the procedure below.

Caution

The following steps are only applicable for Windows 7 Pro or higher, NOT Windows 7 Home.

Step 1 - Enable Remote Registry

To enable Remote Registry (optional, can also be configured within the scanner):

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. Open Services by enter services.msc in the Run Prompt and click OK

    If Remote Registry is already enabled on your device, go to Step 2.


    Local Services


  3. Under Services (Local), right click Remote Registry and select Properties.

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Startup Type



Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.
  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.
  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.
  4. Click Save Changes.

    Turn on file and printer sharing


Step 3 - Administrator Rights

  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Go to the File menu of the Console window
    2. Select Add/Remove Snap-in.
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group.

    If the account is not listed under Members:

    1. Click Add
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok

Administrators group


Add Group

General


The following step are not recommended, if possible use the domain user account.


Make sure that the Windows User Account Control (UAC) is disabled.

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the run prompt enter regedit and click OK to open the Registry Editor.

  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Choose New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and choose Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System


Edit DWORD

Step 4 - Memory Leak in the Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.

  3. Locate the following registry sub key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry
  4. In the details pane, on the right-hand side, double-click DisableIdleStop.
  5. Change the value to 00000001



Windows 8.1 

Step 1 - Enable Remote Registry

To enable Remote Registry (Optional, can also be configured within the scanner):

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. Open Services by enter services.msc in the Run Prompt and click OK.

  3. Under Services (Local), right click Remote Registry and select Properties.

    If Remote Registry is already enabled on your device, skip to Step 2.

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Remote Registry Properties (Local Computer)


Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.

  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.

  3. In your current profile, Private/Guest or Public, select Turn ON file and printer sharing.
  4. Click Save Changes.

    Turn ON file and printer sharing


Step 3 - Administrator Rights

  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Click the File menu
    2. Select Add/Remove Snap-in
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group. 

    If the account is not listed under Members

    1. Click Add 
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok


    Administrators group

Add Group

General


Make sure that the Windows User Account Control (UAC) is disabled. 

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the run prompt enter regedit and click Ok to open the Registry Editor.

  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Choose New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and select Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

    Edit DWORD


Step 4 - Memory Leak in the Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.

  3. Locate the following registry sub key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry.
  4. In the details pane, on the right-hand side, double-click DisableIdleStop.
  5. Change the value to 00000001.



Windows 10

To succeed with authenticated scanning using SMB for Windows 10 and Windows 2019 Server targets, follow the steps given below:

The following steps are only applicable for Windows 10 Pro or higher, NOT Windows 10 Home.


Step 1 - Enable Remote Registry

To enable Remote Registry (Optional, can also be configured within the scanner)

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. To open Services, enter services.msc in the Run Prompt and press OK.

  3. Under Services (Local), right click Remote Registry and select Properties.

    If Remote Registry is already enabled on your device, skip to Step 2

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Remote Registry Properties (Local Computer)


Step 2 - File and Printer Sharing

To turn ON File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center in the search field to open the Network and Sharing Center.

  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.

  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.
  4. Click Save Changes.

    Turn on file and printer sharing


Step 3 - Administrator Rights

  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Click the File menu
    2. Select Add/Remove Snap-in
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group

    If the account is not listed under Members

    1. Click Add 
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok

Administrators group

Add Group

General


The following steps are not recommended, if possible use the domain user account.


Make sure that the Windows User Account Control (UAC) is disabled.

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the run prompt enter regedit and click OK to open the Registry Editor.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Choose New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and select Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

Edit DWORD


Step 4 - Memory Leak in the Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.
  3. Locate the following registry sub key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry.
  4. In the details pane, on the right-hand side, double-click DisableIdleStop.
  5. Change the value to 00000001.



Windows 2008 R2 Server

To succeed with authenticated scanning using SMB for Windows 2008 R2 Server targets, follow the steps given below. 

Step 1 - Enable Remote Registry

To enable Remote Registry (Optional, can also be configured within the scanner)

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. Open Services by enter services.msc in the Run Prompt and click OK.

  3. Under Services (Local), right click Remote Registry and select Properties.

    If Remote Registry is already enabled on your device, skip to Step 2

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Remote Registry Properties (Local Computer)


Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.

  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.

  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.

  4. Click Save Changes.

    Turn on file and printer sharing


Step 3 - Administrator Rights

  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Click the File menu
    2. Select Add/Remove Snap-in
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group.

    If the account is not listed under Members

    1. Click Add 
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok

Administrators group

 

Add Group

General

The following step are not recommended, if possible use the domain user account.

  

Make sure that the Windows User Account Control (UAC) is disabled.

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt, enter regedit and click OK to open the Registry Editor.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Select New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and select Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Step 4 - Inbound File and Printer Sharing Exception

To allow Inbound File and Printer Sharing Exception

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. To open the Group Policy Object Editor, enter gpedit.msc in the Run Prompt and click OK. 
  3. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile.
  4. Under Standard Profile, right click Windows Firewall: Allow inbound file and printer sharing exception and select Edit.
  5. Select Enabled.
  6. Click Ok.



Windows 2012 R2 Server

To succeed with authenticated scanning using SMB for Windows 2012 R2 Server targets, follow the steps given below: 

Step 1 - Enable Remote Registry

To enable Remote Registry (Optional, can also be configured within the scanner)

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. Open Services by enter services.msc in the Run Prompt and click OK.
  3. Under Services (Local), right click Remote Registry and select Properties.
  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Remote Registry Properties (Local Computer)
Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.
  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.
  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.
  4. Click Save Changes.

    Turn on file and printer sharing


Step 3 - Administrator Rights
  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Click the File menu
    2. Select Add/Remove Snap-in
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group.

    If the account is not listed under Members

    1. Click Add 
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok


Administrators group


 

Add Group

General


The following step are not recommended, if possible use the domain user account.

   

Make sure that the Windows User Account Control (UAC) is disabled.

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt, enter regedit and click OK to open the Registry Editor.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Select New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and select Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

     
    Edit DWORD
Step 4 - Inbound File and Printer Sharing Exception

To allow Inbound File and Printer Sharing Exception

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. To open the Group Policy Object Editor, enter gpedit.msc in the Run Promptand click OK.
  3. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile.
  4. Under Standard Profile, right click Windows Firewall: Allow inbound file and printer sharing exception and select Edit.
  5. Select Enabled.
  6. Click Ok

Step 5 - Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.
  3. Locate the following registry sub key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry
  4. In the details pane, on the right-hand side, double-click DisableIdleStop.
  5. Change the value to 00000001.



Windows 2016 Server

To succeed with authenticated scanning using SMB for Windows 2016 Server targets, follow the procedure given below: 

Step 1 - Enable Remote Registry

To enable Remote Registry (Optional, can also be configured within the scanner)

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. Open Services by enter services.msc in the Run Prompt and click OK.

  3. Under Services (Local), right click Remote Registry and select Properties.

    If Remote Registry is already enabled on your device, skip to Step 2.

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    Remote Registry Properties (Local Computer)


Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.
  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.
  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.
  4. Click Save Changes.

    Turn on file and printer sharing


Step 3 - Administrator Rights
  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.

    If Local Users and Groups is not listed:

    1. Click the File menu
    2. Select Add/Remove Snap-in
    3. Select Local Users and Groups
    4. Click Add
    5. Select Local Computer
    6. Click Finish
    7. Click Ok

  3. Enter the Groups folder and double click the Administrators group.

    If the account is not listed under Members

    1. Click Add 
    2. Enter the name of the already created account that you wish to add
    3. Click Check Names
    4. Click Ok
    5. Click Ok

Administrators group

Add Group

General


The following steps are not recommended, if possible use the domain user account.

 Make sure that Windows User Account Control (UAC) is disabled.  

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt, enter regedit and click OK to open the Registry Editor.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.
  4. Right click the System Folder.
  5. Select New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.
  6. Right click the newly created DWORD and select Modify.
  7. In the Edit Window set Value Data to 1.
  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System


Edit DWORD


Step 4 - File and Printer Sharing Exception

To allow Inbound File and Printer Sharing Exception

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. To open the Group Policy Object Editor, enter gpedit.msc in the Run Prompt and click OK.
  3. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile.
  4. Under Standard Profile, right click Windows Firewall: Allow inbound file and printer sharing exception and select Edit.
  5. Select Enabled.
  6. Click Ok.

Step 5 - Memory Leak in the Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.
  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.
  3. Locate the following registry sub key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry
  4. In the details pane, on the right-hand side, double-click DisableIdleStop.
  5. Change the value to 00000001.



Windows 2019 Server

The set up for authenticated scanning for Windows 2019 Server targets using OUTSCAN or HIAB are the same as for Authenticated Scanning Using SMB#Windows 10.

To setup, see Authenticated Scanning Using SMB#Windows 10 section in this document.


Core Installation

To succeed with authenticated scanning using SMB for Core Installations of Windows, there are five steps that you need to follow.

Note

PSH-commands does not work if one of the following registry keys are set to 1.
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled.
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy.
The difference is that the top registry key is available on newer targets, and the bottom on older, see https://support.microsoft.com/en-us/help/811833/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashi for more information.

Step 1 - Enable Remote Registry

Enable Remote Registry (optional, can also be configured within the scanner)

  1. Go to Start and enter cmd in the search field to open the Command Prompt.
  2. Start the Powershell by enter powershell in Command Prompt.

    Powershell


  3. In Powershell, enter Get-Service RemoteRegistry to verify the status of the service.

    Get-Service RemoteRegistry


  4. If the service is not running, enter Start-Service -name RemoteRegistry
  5. To set the service to run automatically, enter Set-Service RemoteRegistry –startuptype automatic.
  6. To view the information and status of all services, enter Get-WmiObject win32_service | Select Name, DisplayName, State, StartMode | Sort Name.

    Get-WmiObject win32_service


    The service should now be running

 

Step 2 - File and Printer Sharing

To turn on the File and Printer Sharing:

  1. Go to Start and enter cmd in the search field to open the Command Prompt.
  2. Start the Powershell by enter powershell in Command Prompt.
  3. In Powershell, enter netsh advfirewall firewall set rule group= ”File and Printer Sharing” new enable=Yes to turn on File and Printer Sharing.

    File and Printer Sharing


Step 3 - Administrator Rights

For the authentication to succeed the account in use needs to either be the Built in Administrator or a part of the Administrator Group

Built in Administrator

To active the built-in administrator account:

  1. Go to Start and enter cmd in the search field to open the Command Prompt.
  2. In the Command Prompt, run the command: net user administrator /active: yes

    Built in Administrator

     

Local User

Make sure the local account is included in the Administrators Group:

  1. Go to Start and enter cmd in the search field to open the Command Prompt.
  2. Start the Powershell by enter powershell in Command Prompt.

  3. In Powershell, run the command: 

    net localgroup administrator

    to list the uses within the administrator group.

  4. If the user is not included, run the command:

    net localgroup administrators “<username>” /add

    to add the user.

    Local User


Step 4 - File and Printer Sharing

To allow Inbound File and Printer Sharing Exception

  1. Go to Start and enter cmd in the search field to open the Command Prompt.

  2. In Command Prompt run the command:

    REG add  "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint” /v Enabled /t REG_DWORD /d 1 /f


    REG add

Step 5 - Memory Leak in the Remote Registry

Resolving the Memory Leak in the Remote Registry Service

  1. Go to Start and enter cmd in the search field to open the Command Prompt.
  2. Start the Powershell by enter powershell in Command Prompt.
  3. In Powershell, enter regedit to access the Registry Editor.
  4. Locate the following registry sub key:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry.
  5. In the details pane to the right, double-click DisableIdleStop.
  6. Change the value to 00000001.
  7. Click Ok.


Authenticated Scanning using OUTSCAN/HIAB

It is possible to set up SMB Authentication from OUTSCAN and HIAB in three ways. 

  • Per target
  • Per target group
  • Per scan policy

Per Target

SMB authentication per target can be set in Main Menu > Netsec > Manage Targets.

To access the settings:

  1. Right click on the desired target and select Edit, it opens a Maintaining Target window.

    Edit


    Maintaining Target


  2. Go to the Authentication tab.
  3. Select SMB in the Authentication drop-down menu.
  4. Enter the Credentials that will be in use.
  5. Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
  6. To test if the credentials are valid, click the Test button to the right in the Test Credentials area.

Per Target Group

SMB authentication for a Target Group can be set in Main Menu > Netsec > Manage Targets.

To access the settings:

  1. Right click on the desired target group and select Set Target Authentication.

    Set Target Authentication


    This action displays a new window where the authentication can be set.
    Authentication
  2. Select SMB in the drop-down menu.
  3. Enter the credentials that will be in use for all targets in this group.
  4. Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
  5. To test if the credentials are valid, click the Test button to the right in the Test Credentials area. 

Per Scan Policy

SMB authentication can also be set when creating a Scan Policy in Scan Scheduling.

To access the settings,

  1. Go to Main Menu > Netsec > Scan Scheduling and select the Scan Policy Tab.
  2. To view the Maintaining Scanning Policy window:
    1. Click on + New policy, or

    2. Right-click on existing system policy and select Edit.

      Caution

      A system policy cannot be edited. By clicking on Edit, a copy of the template is created.
    3. In the Maintaining Scanning Policy window, select the SMB tab.

      Maintaining Scanning Policy


      SMB


  3. Enter the credentials to be used and click Save.

    OptionDescription

    SMB domain

    		The SMB domain to use when scanning the remote host. 

    SMB username

    The username to use when attempting to log on to the remote host via SMB. 

    SMB password

    The password to use when attempting to log on to the remote host via SMB. 

    SMB allow NTLMv1

    Whether to allow authentication using NTLMv1. 

    SMB allow plain-text password transmission

    Whether to allow scanning using plain-text password transmission. 

    Enable remote registry

    If this option is checked, the scanner starts the Remote Registry Service using the provided user details and once finished, disable the service again. 

    Target Credentials


    Target

    Enter a Target to test the credentials and click Test Credentials.

    Note

    There could be multiple targets with same IP/hostname which must be linked to different scanners.

    For example:

    192.168.0.1 on Scanner01
    192.168.0.1 on Scanner02

    To test the credentials on one of these targets, the scanner name should be provided along with the target to run a successful test using the format given below:

    192.168.0.1<Scanner01

    Warning

    Multiple attempts to login with the same account or on the same domain can cause account lockout and should be avoided.





Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close