Nessus scan

For credential windows scan

You can enter a username, password, and optionally a domain name to use when logging into the remote hosts. Additionally, you can set the "SMB password type" field to "NTLM Hash" or "LM Hash" if you only have the password hashes of the remote host.

•If your computer is not part of a domain, you need to set the login mode to "Classic" -- see page 14 of the "Nessus Credential Checks for Unix and Windows" manual.

- http://www.tenable.com/tips/how-to-enable-credentialed-checks-on-windows

Further references - Nessus Credential Checks for Unix and Windows
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/nessus_credential_checks.pdf

I've st a policy with credentials where I've added wondows credentials
authentication method: Password
username: admin
Password: Mypass1
domain: mydomain.local
When I run this scan agains poorly patchet PC on of the results is
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check)

This looks as credentials didn't work. I want to use my domain admin password for this

See the pdf

Configuring a Domain Account for Local Audits
To create a domain account for remote host-based auditing of a Windows server, the server must first be Windows 2000 Server, Windows XP Pro, Windows 2003 or Windows 2008
Server and be part of a domain.

To configure the server to allow logins from a domain account, the “Classic” security model should be invoked. To do this, follow these steps:
1. Open “Group Policy” by clicking on “start”, click “Run”, type “gpedit.msc” and then click “OK”.
2. Select Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
3. From the list of policies open “Network access: Sharing and security model for local accounts”.
4. In this dialog, select “Classic – local users authenticate as themselves” and click “OK” to save this.

This will cause users local to the domain to authenticate as themselves, even though they are actually not really physically “local” on the particular server. Without doing this, all
remote users, even real users in the domain, will actually authenticate as a “Guest” and will likely not have enough credentials to perform a remote audit.

Configuring Windows 2008, Vista and 7

When performing authenticated scans against Windows 2008 systems, there are several configuration options that must be enabled:
1. Under Windows Firewall -> Windows Firewall Settings, “File and Printer Sharing” must be enabled.
2. Using the gpedit.msc tool (via the “Run..” prompt), invoke the Group Policy Object Editor. Navigate to Local Computer Policy -> Administrative Templates -> Network -> Network Connections - > Windows Firewall -> Standard Profile-> Windows Firewall : Allow inbound file and printer exception and enable it.
3. While in the Group Policy Object Editor, Local Computer Policy ->Administrative Templates -> Network -> Network Connections -> Prohibit use of Internet connection firewall on your DNS domain must be set to either “Disabled” or “Not Configured”.
4. Windows User Account Control (UAC) must be disabled, or a specific registry setting must be changed to allow Nessus audits. To turn off UAC completely, open the Control Panel, select “User Accounts” and then set “Turn User Account Control” to off. Alternatively, you can add a new registry key named “LocalAccountTokenFilterPolicy” and set its value to “1”. This key must be created in the registry at the following location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy. For more information on this registry setting, consult the MSDN 766945 KB.

5. The Remote Registry service must be enabled (it is disabled by default). It can be enabled for a one-time audit, or left enabled permanently if frequent audits are performed.

Thanks I've already check tlhis article and I have an admin account with all required priviledges also the firewall is disabled on the domain as I'm using HW one