Professional Documents
Culture Documents
In order to properly scan Windows machines (Including Vista and 2008 Server), please check and
perform the following:
1. Local security policy setting: "Network access: Sharing and security model for local accounts" is set
to "Guest".
Purpose: For the specified account used when scanning remotely to inherit its local permissions, this
needs to be changed to "Classic" as follows (the same can be changed similarly from the Domain
policy):
Purpose: Allows proper communication between the Retina scanner and the target host.
4. Local security policy setting: "Network access: LAN Manager authentication level" is set to "Send
NTLMv2 response only".
Purpose: The setting should match what is configured on the Retina scanner so that proper
authentication protocols are used. The option can be found as follows:
5. UAC (User Account Control) is enabled by default and can be disabled only from the registry. Please
note, this involves modifying the registry and the usual precaution about backing it up prior to
proceeding any further applies.
Purpose: In order to authenticate without UAC remotely, the below registry key must be set to
allow this. For further information visit: http://support.microsoft.com/kb/942817
Example, the following is an RTI file with included and omitted IP addresses for Retina Network.
Beginning of file--
192.168.0.1
192.168.0.10-192.168.0.20
(192.168.0.15)
desktop.domain.com
192.168.1.0/24
(192.168.1.100-192.168.1.200)
Example, the following is a TXT file with included and omitted IP addresses for Retina CS
Beginning of file--
192.168.0.1
192.168.0.10-192.168.0.20
192.168.0.15 (1)
desktop.domain.com
192.168.1.0/24
192.168.1.100-192.168.1.200 (1)
Notes:
Notes:
1. On the WSUS server where the contents are being exported from, i.e., the internet-facing WSUS
server, do the following:
a. Run the command line utility, <Drive>:\Program Files\Update Services\Tools\wsusutil.exe,
to export a .cab and .log file.
Note: In Retina CS 3.1 or higher this export can be performed using the Retina CS
Configuration Utility; under Certificate Management.
2. On the air-gapped WSUS machine overwrite or merge the WSUSContent folder from step 1b
and import the cab file using the wsusutil.exe import function, i.e., wsusutil.exe import
<packagename.cab> <logfile.log >.
3. Import the third party certificate into the air-gapped WSUS server.