The best practice Group Policy settings for authenticated scanning of Windows systems are described in this section. Please consult your network administrator before making any changes to the Group Policy, as changes may have an adverse impact on your network operations, depending on your network configuration and security policy. Note that detailed documentation for many […]
This step can be skipped if you are using a domain account (recommended) or a built-in local administrator account to authenticate to Windows systems. This step is only required if F-Secure Elements Vulnerability Management is configured to use a local user account and added to the local administrator’s group. To disable the Admin Approval Mode, do […]
To create a new domain account, you may use the command given here, which must be executed using administrator credentials. Log in as an administrator and open a command prompt with administrative privileges. Adjust the following command so it fits your organization and execute it: dsadd user “cn=radar_account,cn=users,dc=ORGANIZATION,dc=COM” -samid \ radar_account -upn [email protected] -pwd PASSWORD […]
Before applying changes, F-Secure recommends that you discuss all potential changes to the Group Policy with your network administrator. For more information about Group Policy, refer to your Microsoft documentation on Group Policy deployment. The following summarizes the requirements for enabling authenticated scanning for Windows: A user account must meet one of the following requirements: […]
It is recommended that you verify the functionality of the new account from a remote host before using the account for Windows authenticated scanning. Note: Run the commands described in steps 1 – 5 directly on the target machine. This verifies that Windows Remote Management (WinRM) is configured properly on that machine and has sufficient permissions […]
If the computer does not use a publicly signed certificate, you need to perform some additional steps. If you are using a Windows version older than Windows 8/Windows Server 2012, you need to create a certificate on a separate, newer computer and then export the certificate to a file. Use the following commands to do […]
After creating the dedicated WinRM user account for Elements Vulnerability Management, you need to configure the WinRM service on the machine where you want to run it. To set up the remote management configuration on a computer that uses a publicly signed certificate: Run the following command: Set-WSManQuickConfig -UseSSL -Force Note: When the computer is on […]
For larger domain environments, we recommend that you configure the WinRM service via Group Policy. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that are […]
You can configure the WinRM service used for authenticated scanning to handle network traffic over HTTP. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that […]
We recommend that you create a dedicated user account for Elements Vulnerability Management with access to WinRM. To create a new user account: Go to Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Users. Add a new user account. Add the new user account to the Administrators group. Source : Official F-Secure Brand Editor by : BEST Antivirus KBS Team