Nelson, C.M. wrote: > Thanks for everyone's ideas so far about finding live XP SP2 hosts (that > are not on the same subnet as the scanner). > ... > It seems there is no "magic bullet" for this problem; Are you missing the obvious? When we rolled out XP SP2 on our network, we decided to use Active Directory Policies to *disable* the firewall when they were on the LAN, and it *enables* automatically when it's on any other network. That way helpdesk can terminal server in, users can create shares, etc that will work when XP-SP2 is on *our network*, and it's "firewall up" anywhere else... Works well.
[and now for the bad news. AD policies only work 99% of the time. We now have issues where some boxes firewalls don't come down when they're on the LAN. Still trying to figure that one out...] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
