Executing the checks via OpenVAS-ClientWindows Local Security ChecksPreparing the OpenVAS ServerPreparing the Microsoft Windows target

Preparing the Microsoft Windows target

The WLSC implementation has been tested on the following Microsoft Windows Operating Systems:

Probably the WLSC is also compatible with other Microsoft Operating Systems. Once the SMB Port of a Windows target is accessible, the Operating System (OS) and SAMBA Version could be detected immediately and will be reported. For deeper tests the following steps are required:

You need the Windows credentials for an administrative user. Usually this is the user name (Default is "Administrator") and the correct password for this user. There is no default password, this has been defined before during the Windows installation process.

These credentials are entered in the OpenVAS-Client GUI as SMB Credentials and are used on every host in the target list.

If you plan to scan a whole Windows Domain, you can enter the Domain-Administrative user and password instead of the target host credentials.

Make sure the Windows-(personal) Firewall is disabled for the OpenVAS Server host, or a correct rule for the Test-Network is entered.

If the target machine runs a Windows Version that was released after Windows 98 and you use a recent (>=2.0.4) version of the client, you can use the installer generated by the OpenVAS LSC Credentials Manager. Therefore you have to have the tool 'nsis' installed on the system that runs the client. The location of the installer can be found by opening the "OpenVAS LSC Credentials Manager" from the menu item in the "Extras" menu and selecting the account that you want to install.

The installer will create the user and provide it with administrator rights.

Copy the resulting executable to the target machine and execute it with administrator privileges. To remove the user, execute the uninstaller which should be located on the Desktop in that user's account. Note that this will delete the test- users home directory as well.

Additional Note for Windows XP

For Windows XP it is important that "Easy Filesharing" is switched off. To disable this, the Windows Click-Path is: Windows Explorer/Tools/Folder Options/View (see screenshot below).

Without this setting, "smbclient" is not able to retrieve files from the Windows System shares (C$,D$...).


Executing the checks via OpenVAS-ClientWindows Local Security ChecksPreparing the OpenVAS ServerPreparing the Microsoft Windows target