Hi there. I have been using Nessus for quite some time now. Recently I went through the article :"Utilizing Domain Credentials to Enhance Nessus Scans" (Nessus' website)
I carried out all those steps on a Windows Server 2003 (domain controller) (creating a nessustest user in Nessus Test Account and giving it READ access to the registry key: HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg I put the SMB login name: nessustest and the corresponding password in Nessus 2.0.8. All plugins were selected. Now when I run the test, I get Success Event IDs 680, 576, 540 and 538 in the Event Log. The user is able to log in successfully (as reported by Event Viewer) However, I get no information about my registry in the report. On closer examination of the log: nessusd.messages, I have found many places where it says key xxx is missing, e.g. key SMB/test_domain is missing, SMB/domain_sid is missing, SMB/registry_access is missing, SMB/registry_full_access is missing. My question is why is Nessus unable to access the registry when I have given the right credentials. I even tried with Domain Admin Rights, but the result is the same. I even tried giving full access to winreg key to nessustest/Nessus Test Account. The result is always the same (with login credentials and without it). I even tried it against a Windows 2000 server (Domain Controller) and Windows XP Professional. If someone has successfully been able to audit the registry, please let me know. Also, the Windows Server 2003 was out-of-the box. No hardening done. Also, Remote Registry service is Automatic and Started. Am I missing something? Regards Sunil Vakharia sun AT rocketnet DOT org
