Jason Haar wrote: > Hi there > > Nessus-3.2.1 doesn't appear to log the domain\username account details > on remote Windows machines. I don't know about anyone else, but we'd > love to know that - so that we can track machines back to owners. > > Can it be done? I've had a go with some WMI scripts - but no luck so far :-( >
Hi Jason, Of course, there is the chance that no-one is logged in at the remote Windows computer. If your WMI scripts work, you can turn this into a NASL by linking it with the wmi_func.nlib Nessus library. There is a blog entry (for the early beta of Nessus 3.2) that discusses how to do this: http://blog.tenablesecurity.com/2007/03/nessus_32_beta_.html You can do a WMI script to get the username with the following querry: SELECT UserName FROM Win32_ComputerSystem If you are modifying a NASL and want to look in the registry access, try looking at this key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName There are other methods most likely. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
