Nessus Windows Scan Not Performed with Admin Privileges

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The Nessus scan of this host may be incomplete due to insufficient
privileges provided.

Description :

The Nessus scanner testing the remote host has been given SMB
credentials to log into the remote host, however these credentials do
not have administrative privileges.

Typically, when Nessus performs a patch audit, it logs into the remote
host and reads the version of the DLLs on the remote host to determine
if a given patch has been applied or not. This is the method Microsoft
recommends to determine if a patch has been applied.

If your Nessus scanner does not have administrative privileges when
doing a scan, then Nessus has to fall back to perform a patch audit
through the registry which may lead to false positives (especially when
using third-party patch auditing tools) or to false negatives (not all
patches can be detected through the registry).

Solution :

Reconfigure your scanner to use credentials with administrative
privileges.

Risk factor :

None

Family: Settings

Nessus Plugin ID: 24786 ()

Bugtraq ID:

CVE ID: