- This topic has 3 replies, 3 voices, and was last updated 7 years, 1 month ago by .
- You must be logged in to reply to this topic.
I am looking to configure the Nessus scanner to scan for the below vulnerability.
Any local user should have passwordrequired “yes”
C:Net local user guest /passwordreq:yes.
Kindly suggest for the configuration part on same.
I’m not entirely clear what you’re trying to achieve here, but I assume you mean:
1. You want to audit a Windows machine to ensure that the ‘guest’ account has a password set? (btw the command is [net user guest | findstr “Password required”])
2. You want to use Nessus to perform this audit?
Is there any particular reason why Nessus is required for this?
Yeah…i want to audit through Nessus scanner…for the local user accounts like guest
usually through commandline for every local user “password required =yes” should be configured as per the security guidelines of our organization..being an administrator i need to audit through nessus tool across 20K machines.
Microsoft Baseline Security Analyzer can probably accomplish this as well. It can be used via cmdline and scripted to run on a schedule job. It can also be dumped to default reports within MBSA or you can dump it to an text file. Not sure if it is delimited since I haven’t run it in a while. Back in Nessus you can check if the account is disabled using a credentialed scan. Guest is disabled by default so if you find devices with it enabled, then you probably have a bigger problem on your hands. With the size of your network I would hope there is no legitimate need for that account to be active on local workstations. Here is an article from Tenable on properly setting up a credentialed scan: http://static.tenable.com/documentation/nessus_credential_checks.pdf
– EH-Net Live! “CISO Underrepresented“ w/ Mark Arnold and Steph Ihezukwu on Tues June 30 @ 1:00 PM US ET. Reg Open Now!
– EH-Net Live! May – Video & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.
– EH-Net Live! April – Video & Deck Available Now! for “IoT Hacking 101 – Firmware Funhouse!” w/ Village IDIOT Labs from April 23.
– EH-Net Live! March – Video & Deck Available Now! for “Deepfakes – A Technical Peek Behind the Curtain” w/ Alyssa Miller from March 31.
– EH-Net Live! January – Video & Deck Available Now! for “Shellcode for the Masses” w/ John Hammond from Jan 29.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
There are no upcoming events at this time.
Copyright ©2020 Caendra, Inc.