Before applying changes, F-Secure recommends that you discuss all potential changes with your network administrator.
The following summarizes the requirements for enabling WinRM authenticated scanning for Windows:
- If a Linux scan node is in use, a user account must meet the following requirement:
- Local user account added to the Administrators group
- If a Windows scan node is in use, there are two options for user accounts:
- An Active Directory user account added to the Administrators group
- Local user account added to the Administrators group
- Target host configuration requirements:
- WinRM service is running and WinRM HTTP or HTTPS listener is created
Note: When a scan node that is deployed on Linux is in use, we highly recommend that you use the HTTPS option only because of known authentication issues for unencrypted connections between Linux and Windows.
- Operating systems with Windows Firewall with Advanced Security component installed (introduced in Windows Vista), where a firewall exception for WinRM traffic is enabled
- Basic authentication allowed on the WinRM service (for scan nodes deployed on Linux only)
- WinRM service is running and WinRM HTTP or HTTPS listener is created
- Scan node configuration requirements:
- For HTTP protocol only: target host is added to the TrustedHosts list
Note: When a Windows Updates database file is used for scanning, the scan node will copy the database file to the %SystemRoot%\Temp\MBSA\Cache\ folder during the scan and delete it once the scan has completed (for scan nodes deployed on Windows only).
Most of the configuration commands require a PowerShell console run with administrative privileges.