4 Replies Latest reply: Aug 19, 2010 9:06 AM by jfredrickson RSS

percularity with Windows 2008

Chris Eddy

Hello all,

 

Thought I would throw this out there quick...I am currently investigating why I am not seeing any vulnerabilities when I do a scan of Windows 2008 servers.  The authenication record is successful, but it is not showing any vulnerabilities.

 

I do suspect a security setting somewhere, but currently I am unable to find that setting, and looking at the event logs does not seem to point me to anything particular.  The local firewall on the servers has been disabled.

 

Does anybody have any ideas?

 

thanks in advance...

 

chris

  • Re: percularity with Windows 2008
    Chris Eddy

    I am also seeing this on windows 2003 as well, I know we are going through a hardening process, so I suspect that is what is causing this.

     

    thanks

    chris

    • Re: percularity with Windows 2008
      Patric Fox

      If you check the "Trusted Scanning for Windows" document there is a list of QID's you can run a report on that should give an idea of what is failing.

       

      You can find the document in QualysGuard under Help -> Resources -> Tips and Techniques

      • Re: percularity with Windows 2008
        Chris Eddy

        Thanks pfox, that document will help alot, after further investigation, it appears that the local administrator group does not have the power it once had, so I found the group that now does and am working to get the qualys account added to that group.

         

        thanks again...

         

        chris

  • Re: percularity with Windows 2008
    jfredrickson

    Chris,

     

    In addition to the document that pfox related to - I have run into similiar issues when you are trying to run authenticated scans on Windows 2008 when you're not using the built in administrator account.  UAC needs to be turned off for that account.  Once they are disabled, you can then go back and turn them on individually (odd, I know).

     

    To turn off UAC:  Control Panel -> User Accounts -> Turn User Account Control (on or off)

    To turn back the default UAC controls manually:  Administrative Tools -> Local Security Policy -> Local Policy -> Security Options

     

    This is covered for Vista hosts on page 11 in the aforementioned document.

     

    I hope this helps.

     

    Thanks,

    Jon