We would like to perform Windows Authenticated Scanning on remote server (MS Windows Server 2008 standard ed. R2 x64, english ver.), but what kind of sys account should we create (local administrator, power user, user)? As for "power user" and "user" account, Im not sure if scanning under these two accounts will be regarding best practice (I have been told that we have to use only account with read rights within windows registry).
QIDs that require administrator level rights during authenticated scanning
Which Windows Login mechanisms are supported by Windows Authenticated Scanning?
Network access: Remotely accessible registry paths and subpaths
Thank you for your answer