|Posted by RICHARD BEI on August 6, 2015 at 8:50 AM|
I am in cyber security amongst other things and had a very difficult time getting Nessus to enumerate the Windows 7 registry. Here is the fix:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE and then make sure DCOM is set to yes.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System add reg DWORD name is LocalAccountTokenFilterPolicy and set to "1"
Services: set the following to Automatic and started/Remote registry/DCOM/Computer browser/RPC/RPC locator/RPC endpoint mapper/WMI/WMI performance adapter/RPC endpoint mapper.
In the Group Policy window please navigate to Computer Configuration -> Administrative Templates ->
Network -> Network Connections -> Windows Firewall -> Domain Profile and open Windows Firewall:
Allow inbound file and printer sharing exception. Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.
GPO: Windows firewall: inbound and outbound allow for Public domain and private then turn off public/domain and private firewall.
Why turn off the firewall after setting the file and printer sharing? Windows firewall is very tenacious. I have always found it is 100 percent effective to make exceptions and then turn off the firewall.
Next, go to services and stop/disable Windows Defender/Windows Firewall.
Finally, Turn off User Account Control. When the Nessus scan is launched watch for the Admin$ share. If you see Nessus, then it is working. Also at command prompt run netstat -t 1. Look for port 139 and 445 to be established.
When the scan is complete and the report is generated look for these plug in id's:
10428-Microsoft Windows SMB registry Not Fully Accesible Detection
19506-Nesus Scan Information
21745-Authentication Failure-Local Checks Not Run
24786-Nessus Windows Scan Not Performed wWth Admin Privilages
26917-Microsoft Windows SMB Registry-Nessus Cannot Access The Windows Registry