Enable Windows Logins for Local and Remote Audits

The most important aspect of Windows credentials is that the account used to perform the checks needs privileges to access all required files and registry entries which, often, means administrative privileges. If you do not provide Tenable Nessus with credentials for an administrative account, at best, you can use it to perform registry checks for the patches. While this is still a valid method to find installed patches, it is incompatible with some third-party patch management tools that may neglect to set the key in the policy. If Tenable Nessus has administrative privileges, it checks the version of the dynamic-link library (.dll) on the remote host, which is considerably more accurate.

The following bullets describe how to configure a domain or local account to use for Windows credentialed checks, depending on your needs.

Configure Windows

Once you create an appropriate account for credentialed checks, there are several Windows configuration options that you must enable or disable before scanning (for more information, see Credentialed Checks on Windows):