Wednesday, February 9, 2011

Enabling Retina to connect to a target remediated by Gold Disk

This past week, I worked with a large team to audit a very large and complex system.  The Information Assurance Manager at the site explained to us how he audited the system.  He would run Gold Disk on the machine, remediate, open a few holes, then run Retina against the target.  He then closed the holes so Gold Disk would not report the errors.  However, this presented a problem for my team and I as we could not get Retina to connect properly and report on any findings.  Here's what we did in order to open up the machines such that Retina could connect and properly scan the target:
  • Navigate to HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
  • add a key:  autoshareservices, REG_DWORD, and make the value 1.
  • Go to Start, Run, and type Services.msc
  • Restart the Server service
  • Start, or restart the Remote Registry service
Going through these simple steps enabled Retina to connect to the target and run a proper scan.

If there is a more simple solution, I would love to hear it.  Or, if I've botched this somehow, please correct me.

No comments:

Post a Comment