Using MS Baseline Security Analyzer v1.2

[leeym]

I'm using MS Baseline Security Analyzer v1.2, and am scanning the IP address of a specific machine. The resulting message is "User is not an administrator on the scanned machine."

How is this possible if I'm logged into that machine as an Administrator. I've double checked the priviledges and everything is ok. Am I missing something?

Also, if I'm to scan an entire domain, or a wide range of IP's, must the user always be logged in as an Admin? If so, won't network admins have to run around all night logging into each machine so it be scanned for vulnerabilities?

Thanks

 

[spyordie007]

I'm using MS Baseline Security Analyzer v1.2, and am scanning the IP address of a specific machine. The resulting message is "User is not an administrator on the scanned machine."

How is this possible if I'm logged into that machine as an Administrator. I've double checked the priviledges and everything is ok. Am I missing something?

What is the machine that you're scanning (Workstation, Server, etc.) and what are its roles (i.e. if it's a server is it a DC)?

Also what account are you running MBSA with and what privilages does it have over the machine you are scanning (not the account that's logged into the machine you're scanning, but the one that's actually running MBSA)?

Also, if I'm to scan an entire domain, or a wide range of IP's, must the user always be logged in as an Admin? If so, won't network admins have to run around all night logging into each machine so it be scanned for vulnerabilities?

The account running MBSA must have administrative privilages over the target machine, it doesnt matter who is logged in to that machine locally.

The reason the account running MBSA needs administrative privilages is because it needs access to a number of the files and registry keys on the target machine(s) otherwise it cant review file versions.

 

[leeym]

Great questions:

1. I'm scanning another workstation in the same Workgroup. It's not a server, and it's not a DC.
2. I'm running MBSA from another workstation with Admin priviledges. Remember, I'm operating in a workgroup, not domain environment.

Thoughts?

 

[spyordie007]

yes, just as the error states the account on the machine you are located does not have administrative privilages on the machine you are scanning.

 

[leeym]

Is there any way to do so from one workstation to another in a Workgroup environment?

Thanks

 

[spyordie007]

yes, use an account on the machine you are scanning from that has the same username and password as an account that has administrative privilages on the machine you are scanning (i.e. Administrator).

 

[leeym]

Done.

However, I'm getting ths same error message. I followed your instructions exactly. Thoughts?