Skip to main content
All CollectionsVulnerability Management
Authenticated Scan User Requirements
Authenticated Scan User Requirements

It is recommended to also perform Authenticated Scans to gather more information. Read more on how to create the right users.

Updated over 10 months ago

Windows scan with Domain User

Any user or admin can be used to perform an authenticated scan. More permissions means more information which can be gathered. However, this may complicate security.

This instruction guides you in creating an user with permissions to perform an authenticated scan with security in mind.

Create Security Group

  1. Add a new group in your Active Directory named "SecurityHive Vulnerability Scan".

  2. Select the following values:

    1. Scope: Global

    2. Type: Security

  3. Add the account you would like to use to the SecurityHive Vulnerability Scan group.

Create Group Policy

  1. Create a new Group Policy Object named "SecurityHive Vulnerability GPO".

Add group to GPO

  1. Right-click on SecurityHive Vulnerability GPO and select Edit.

  2. Expand Computer configuration > Policies > Windows Settings > Security Settings > Restricted Groups.

  3. Add a group by browsing and entering "SecurityHive Vulnerability Scan".

  4. Click Check Names and continue.

  5. Add the Administrators group to "This group is a member of:" and click OK.

Allow WMI

  1. Right-click SecurityHive Vulnerability GPO and click Edit.

  2. Expand Computer configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules.

  3. Add a new rule with the "Predefined" option and select "Windows Management Instrumentation (WMI)" and click Next.

  4. Select the following boxes:

    1. Windows Management Instrumentation (ASync-In)

    2. Windows Management Instrumentation (WMI-In)

    3. Windows Management Instrumentation (DCOM-In)

  5. Click Next and Finish.

Link GPO

  1. Right-click the domain or OU and select "Link an Existing GPO". Select the SecurityHive Vulnerability GPO.

Configure Windows

  1. Under Windows Firewall > Windows Firewall Settings, enable File and Printer Sharing.

  2. Use gpedit.msc to start the GPO Editor. Open Local Computer Policy > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile > Windows Firewall : Allow Inbound file and printer exception, and enable it.

  3. Navigate to Local Computer Policy > Administrative Templates > Network > Network Connections > Prohobit use of Internet connection firewall on your DNS domain and make sure it is set to either Disabled or Not Configured.

  4. The Remote Registry service must be enabled (it's disabled by default). With the appropriate permissions, SecurityHive's Vulnerability Scan will try to start it while scanning.

Linux/Unix via SSH

A normal user is usually enough to perform an Authenticated Scan. The login is performed via SSH. This can be done either with passwords or a SSH key. The more permissions a user has, the more results and settings can be detected. In some cases root user access may be required.

Did this answer your question?