"Configuring a Windows host for Nessus credentialed scans typically requires more effort compared to Linux systems. While Linux hosts often allow seamless authentication via SSH, Windows introduces additional layers such as authentication models, UAC restrictions, firewall configurations, and service dependencies that must be properly aligned for successful host scanning. The following configuration was performed in a laboratory setup where the Nessus scanner operated on a Kali Linux machine (192.168.50.50) and the target Windows Server was hosted at 192.168.50.10 in virtual environment."
"By default, Windows uses the Guest only model which causes all remote logins to authenticate as guests. This prevents remote vulnerability audits like nessus host scans from succeeding. To prevent this, the security model is required to change to Classic - local users authenticate as themselves. I) Open Local Security Policy (secpol.msc).II) Navigate to: Local Policies > Security Options > Network access: Sharing and security model for local accountsIII) Set the policy to Classic - local users authenticate as themselves."
Nessus credentialed scanning of Windows hosts requires additional configuration compared with Linux, including authentication model changes, UAC, firewall, and service adjustments. Laboratory setup used a Kali Linux Nessus scanner at 192.168.50.50 and a target Windows Server at 192.168.50.10 in a virtual environment. For standalone servers, create a local administrative account and change the network access policy from Guest only to Classic so local users authenticate as themselves. Enable the ADMIN$, C$, and IPC$ administrative SMB shares to permit remote access. Proper alignment of accounts, shares, and security settings enables successful credentialed vulnerability checks.
Read at Medium
Unable to calculate read time
Collection
[
|
...
]