Thought I would throw this out there quick...I am currently investigating why I am not seeing any vulnerabilities when I do a scan of Windows 2008 servers. The authenication record is successful, but it is not showing any vulnerabilities.
I do suspect a security setting somewhere, but currently I am unable to find that setting, and looking at the event logs does not seem to point me to anything particular. The local firewall on the servers has been disabled.
Does anybody have any ideas?
thanks in advance...
If you check the "Trusted Scanning for Windows" document there is a list of QID's you can run a report on that should give an idea of what is failing.
You can find the document in QualysGuard under Help -> Resources -> Tips and Techniques
Thanks pfox, that document will help alot, after further investigation, it appears that the local administrator group does not have the power it once had, so I found the group that now does and am working to get the qualys account added to that group.
In addition to the document that pfox related to - I have run into similiar issues when you are trying to run authenticated scans on Windows 2008 when you're not using the built in administrator account. UAC needs to be turned off for that account. Once they are disabled, you can then go back and turn them on individually (odd, I know).
To turn off UAC: Control Panel -> User Accounts -> Turn User Account Control (on or off)
To turn back the default UAC controls manually: Administrative Tools -> Local Security Policy -> Local Policy -> Security Options
This is covered for Vista hosts on page 11 in the aforementioned document.
I hope this helps.