It is recommended that you verify the functionality of the new account from a remote host before using the account for Windows authenticated scanning (RPC).
The scanning engine requires access to the network share and the registry to perform authenticated scanning of Windows hosts.
Note: It may take several hours before Group Policy changes take effect.
-
- Run the following command from the scan node to verify connectivity to the target system that you are trying to scan:
telnet TARGET_IP 135
telnet TARGET_IP 445
When a connection is made, you can send any information and the connection will be closed.
-
- Test access to the Remote Registry service.
Before testing access to the Remote Registry service, ensure that you have already tested the access to the network shares. Run the following PowerShell script to test the Remote Registry access:
$Target = “IP_ADDRESS”
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’, $Target)
$RegKey= $Reg.OpenSubKey(“SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion”)
$Result = $RegKey.GetValue(“ProductName”)
echo $Result
If the test was successful, the command should return the operating system name.
-
- Test the authenticated scan.
When the authenticated scan has finished, it is possible to check if authentication was successful or not by reviewing the informational finding named Microsoft Windows authentication succeeded/failed. The Findings field displays useful information if the authentication failed.
Known issues:
- Scanning for Windows updates fails on Windows 10 (versions 1703, 1709 and 1803) – Due to a bug related to accessing WMI remotely in these versions of Windows 10, scanning for Windows updates may fail. It results in the Microsoft Windows authentication failed (1013914) finding in the System Scan report and Access is denied (0x80070005) errors in the System Scan log file. To solve the issue, install the recent cumulative update on the target machine. The issue is not present in the earlier and later versions of Windows 10.