Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

It is possible to set up SMB authentication from OUTSCAN and HIAB in three ways. 

  • Per target
  • Per target group
  • Per scan policy

Per Target

SMB authentication per target can be set in Main Menu > Netsec > Manage Targets.

To access the settings:

  1. Right click on the desired target and select Edit, it opens a Maintaining Target window.





  2. Go to the Authentication tab.
  3. Select SMB in the Authentication drop-down menu.
  4. Enter the Credentials that will be in use.
  5. Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
  6. To test if the credentials are valid, click the Test button to the right in the Test Credentials area.

Per Target Group

SMB authentication for a Target Group can be set in Main Menu > Netsec > Manage Targets.

To access the settings:

  1. Right click on the desired target group and select Set Target Authentication.



    This action displays a new window where the authentication can be set.
  2. Select SMB in the drop-down menu.
  3. Enter the credentials that will be in use for all targets in this group.
  4. Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
  5. To test if the credentials are valid, click the Test button to the right in the Test Credentials area. 

Per Scan Policy

SMB authentication can also be set when creating a Scan Policy in Scan Scheduling.

To access the settings,

  1. Go to Main Menu > Netsec > Scan Scheduling and select the Scan Policy Tab.
  2. To view the Maintaining Scanning Policy window:
    1. Click on + New policy, or
    2. Right-click on existing system policy and select Edit.

      Caution

      A system policy cannot be edited. By clicking on Edit, a copy of the template is created.
    3. In the Maintaining Scanning Policy window, select the SMB tab.




  3. Enter the credentials to be used and click Save.

    OptionDescription

    SMB domain

    The SMB domain to use when scanning the remote host. 

    SMB username

    The username to use when attempting to log on to the remote host via SMB. 

    SMB password

    The password to use when attempting to log on to the remote host via SMB. 

    SMB allow NTLMv1

    Whether to allow authentication using NTLMv1. 

    SMB allow plain-text password transmission

    Whether to allow scanning using plain-text password transmission. 

    Enable remote registry

    If this option is checked, the scanner starts the Remote Registry Service using the provided user details and once finished, disable the service again. 

    Target Credentials


    Target

    Enter a Target to test the credentials and click Test Credentials.

    Note

    There could be multiple targets with same IP/hostname which must be linked to different scanners.

    For example:

    192.168.0.1 on Scanner01
    192.168.0.1 on Scanner02

    To test the credentials on one of these targets, the scanner name should be provided along with the target to run a successful test using the format given below:

    192.168.0.1<Scanner01

    Warning

    Multiple attempts to login with the same account or on the same domain can cause account lockout and should be avoided.

Reference

Authenticated Scanning using SMB

Manage Targets