Hello Everyone.
Perhaps someone could help me identify what I am doing wrong, or what should I check.
I have the GVM Community Edition installed standalone on a dedicate Ubuntu VM. I’m trying to set up authenticated scans for my Windows machines (both desktop and server), and I am running into tons of issues.
Every single test scan I run results in multiple errors related to Windows SMB Login, many applications are not found etc.
I went through the documentation and I think I checked all the boxes:
- Domain account has been provisioned and added to the local administrators group on my machines.
- LocalAccountTokenFilterPolicy is set to 1
- Remote registry service is running and set to automatic
- Firewall is configured to allow incoming SMB and WMI traffic
Yet when I run the tests, this is what happens
- When testing from the GVM server using
smbclient -U greenbone@domain.local -L //TARGETI can see the default ADMIN$, C$ and IPC$ shares (and other shares if created)- I am getting SMB1 errors, but that’s not surprising as it’s disabled
- On the servers I can see successful logon events for greenbone@domain.local in the Security logs, though I can’t see it on the workstation for some reason
- No errors in the SMBServer log
- Can’t see any errors in the /var/log/gvm/* logs
- The Windows 11 scan shows only two applications:
- TLS 1.2
- TLS 1.3
- The Windows Server scan shows only Microsoft applications, but does not detect anything 3rd party.
I’ve already spent too much time trying to get this to work, and I am out of ideas.
Perhaps someone could point me in the right direction?
Many thanks in advance.
Wojciech