The following are the minimum requirements for Windows credentials:
- The Remote Registry service must be enabled on the target.
- File & Printer Sharing must be enabled in the target's network configuration.
- An SMB account must be used that has local administrator rights on the target.
Note: A domain account can be used as long as that account is a local administrator on the devices being scanned. - TCP ports 139 and 445 must be open between the scanner and the target.
- Ensure that there are no security policies are in place that blocks access to these services. This includes:
- Windows Security Policies
- Antivirus or Endpoint Security rules
- IPS/IDS
- The default administrative shares must be enabled. These shares include:
- IPC$
- ADMIN$
Note: Windows 10 has the ADMIN$ disabled by default. - C$
- The setting that controls this is AutoShareServer (Windows Server) or AutoShareWks (Windows Workstation) which must be set to 1.
For all other OS's, these shares are enabled by default and can cause other issues if disabled. For more information, see http://support.microsoft.com/kb/842715/en-us