The best practice Group Policy settings for authenticated scanning of Windows systems are described in this section. Please consult your network administrator before making any changes to the Group Policy, as changes may have an adverse impact on your network operations, depending on your network configuration and security policy. Note that detailed documentation for many […]
Articles Tagged: F-Secure
Disable Admin Approval Mode (F-Secure)
This step can be skipped if you are using a domain account (recommended) or a built-in local administrator account to authenticate to Windows systems. This step is only required if F-Secure Elements Vulnerability Management is configured to use a local user account and added to the local administrator’s group. To disable the Admin Approval Mode, do […]
Create a Windows domain account (F-Secure)
To create a new domain account, you may use the command given here, which must be executed using administrator credentials. Log in as an administrator and open a command prompt with administrative privileges. Adjust the following command so it fits your organization and execute it: dsadd user “cn=radar_account,cn=users,dc=ORGANIZATION,dc=COM” -samid \ radar_account -upn [email protected] -pwd PASSWORD […]
Configuring Windows authenticated scanning (RPC) (F-Secure)
Before applying changes, F-Secure recommends that you discuss all potential changes to the Group Policy with your network administrator. For more information about Group Policy, refer to your Microsoft documentation on Group Policy deployment. The following summarizes the requirements for enabling authenticated scanning for Windows: A user account must meet one of the following requirements: […]
Configuring the WinRM service to use HTTPS without a publicly signed certificate (F-Secure)
If the computer does not use a publicly signed certificate, you need to perform some additional steps. If you are using a Windows version older than Windows 8/Windows Server 2012, you need to create a certificate on a separate, newer computer and then export the certificate to a file. Use the following commands to do […]
Configuring the WinRM service to use HTTPS with a publicly signed certificate (F-Secure)
After creating the dedicated WinRM user account for Elements Vulnerability Management, you need to configure the WinRM service on the machine where you want to run it. To set up the remote management configuration on a computer that uses a publicly signed certificate: Run the following command: Set-WSManQuickConfig -UseSSL -Force Note: When the computer is on […]
Configuring the WinRM service to use HTTP through GPO (F-Secure)
For larger domain environments, we recommend that you configure the WinRM service via Group Policy. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that are […]
Configuring the WinRM service to use HTTP on individual hosts (F-Secure)
You can configure the WinRM service used for authenticated scanning to handle network traffic over HTTP. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that […]
Create a dedicated user account (F-Secure)
We recommend that you create a dedicated user account for Elements Vulnerability Management with access to WinRM. To create a new user account: Go to Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Users. Add a new user account. Add the new user account to the Administrators group. Source : Official F-Secure Brand Editor by : BEST Antivirus KBS Team
Updating PowerShell (F-Secure)
The configuration requires PowerShell version 5.0 or newer, although we recommend updating PowerShell to the latest version. To check the PowerShell version and update it: Open a PowerShell console with administrative privileges. Run the following command to check the installed version of PowerShell: Get-Host | Select-Object Version If necessary, download the required version of PowerShell […]