Skip to main content
Skip table of contents

Windows 7

Purpose

This document describe the set up of authenticated scanning for Windows 7 targets using OUTSCAN or HIAB.

Introduction

This guide provides you with the technical procedure to succeed with authenticated scanning for Windows 7 targets when using OUTSCAN or HIAB.

Requirement

This document has been elaborated under the assumption the reader has access to the OUTSCAN/HIAB account and Portal Interface.

If another account than Domain Administrator is used, it needs to either be a Domain User Account or a local user part of the AdministratorGroup to succeed with the authentication. If a Domain User Account is used, it need to be a member of the Administrators group, this user will run with full administrator access enabled, therefore User Account Control (UAC) does not need to be disabled. If a Local User is used ensure that the local account is included in the Administrators Group.

In order for an authenticated scan on windows to succeed, the Windows Update service (wuauserv) need to be enabled and running (it is by default). Without this service, the target cannot be queried for complete patch information which will cause reports to be incorrect.

The Authenticated Scanning Using SMB requires that .NET framework version 3.5 or higher is installed.

For this setup you need access to the OUTSCAN/HIAB account and Portal Interface.

When performing authenticated scanning against windows hosts, the scanner creates and starts a service called O24 Auth on the target machine.
This service is used to execute commands on the target and send the results back to the scanner.
Do not remove the service during scanning, it will stop and remove itself after it is done.

Set Up

To succeed with authenticated scanning using SMB for Windows 7 targets, follow the procedure below.

Caution

The following steps are only applicable for Windows 7 Pro or higher, NOT Windows 7 Home.

Step 1 - Enable Remote Registry

To enable Remote Registry (optional, can also be configured within the scanner):

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. Open Services by enter services.msc in the Run Prompt and click OK
    If Remote Registry is already enabled on your device, continue to Step 2.

    Local Services
  3. Under Services (Local), right click Remote Registry and select Properties.

  4. In Remote Registry Properties (Local Computer), change the Startup Type to Automatic and start the service.

    AuthScanSMB02.png

Step 2 - File and Printer Sharing

To turn on File and Printer Sharing:

  1. Go to Start and enter Network and Sharing Center into the search field to open Network and Sharing Center.

  2. In Network and Sharing Center, go to Change advanced sharing settings, located on the left-hand side.

  3. In your current profile, Private/Guest or Public, select Turn on file and printer sharing.

  4. Click Save Changes.

    Turn on file and printer sharing

Step 3 - Administrator Rights
  1. Go to Start and enter mmc in the search field to access Microsoft Management Console.

  2. Select Local Users and Groups, located in the left pane of the Microsoft Management Console window.
    If Local Users and Groups is not listed:

    1. Go to the File menu of the Console window.

    2. Select Add/Remove Snap-in.

    3. Select Local Users and Groups.

    4. Click Add.

    5. Select Local Computer.

    6. Click Finish.

    7. Click Ok.

  3. Enter the Groups folder and double click the Administrators group.
    If the account is not listed under Members:

    1. Click Add.

    2. Enter the name of the already created account that you wish to add.

    3. Click Check Names.

    4. Click Ok.

    5. Click Ok.

Administrators group
Add Group
General

The following step are not recommended, if possible use the domain user account.

Make sure that the Windows User Account Control (UAC) is disabled.

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the run prompt enter regedit and click OK to open the Registry Editor.

  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system.

  4. Right click the System Folder.

  5. Choose New >> DWORD (32-bit) Value and name the DWORD LocalAccountTokenFilterPolicy.

  6. Right click the newly created DWORD and choose Modify.

  7. In the Edit Window set Value Data to 1.

  8. If User Account Control is disabled, EnableLUA must be set to 0 in 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Edit DWORD
Step 4 - Memory Leak in the Remote Registry Service

To resolve the Memory Leak in the Remote Registry Service:

  1. Go to Start and enter Run in the search field to open the Run Prompt.

  2. In the Run Prompt enter regedit and click Ok to open the Registry Editor.

  3. Locate the following registry sub key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RemoteRegistry

  4. In the details pane, on the right-hand side, double-click DisableIdleStop.

  5. Change the value to 00000001




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.