Host Requirements for Windows 7, 8, 10

These host requirements apply to non-domain (local) authenticated scanning only.

 


Windows Firewall Settings

For each target host, there are certain Windows Firewall settings that must be enabled.

Step 1: Allow "File and Print Sharing" traffic

Activate firewall rules that are relevant to non-domain profiles in order to allow traffic for File and Print Sharing.

1) Go to the Control Panel Home window.

2) Under System and Security > Windows Firewall, click the link "Allow a program through Windows Firewall".

3) Select the "File and Print Sharing" check box then Click OK.

Hosts with Windows 10, follow these steps:

1) Go to Control Panel Home window (Start > Windows System folder > Control Panel), 2) Under System and Security > Windows Firewall, click the link "Allow an app or feature through Windows Firewall". 3) Select the "File and Printer Sharing check box and click OK.

Step 2: Allow scanner appliance traffic

By default, a non-domain network profile system does not allow traffic from outside its own local subnet even when a firewall rule has been activated. You must change the scope of the firewall rule to include the IP address or subnet of the scanner appliance.

1) Go to the "Windows Firewall with Advanced Security" program located in Start > Control Panel > System and Security > Administrative Tools. If the host has Windows 10 then go to the "Windows Firewall with Advanced Security" program located in Start > Windows System folder > Control Panel > System and Security > Windows Firewall > Advanced Setting.

2) Click Inbound Rules.

3) For each entry in the "File and Printer Sharing" group with a green check mark follow these steps: a) Right-click on the entry and select Properties, b) Select the Scope tab, and c) Select "Any IP address" or click the Add button to add the IP address (or subnet) for the scanner appliance that has been configured to scan the target host. Then click OK.

 


Enable File Sharing

File sharing must be turned on for each target host following these steps: 1) Go to the Control Panel Home window, 2) Under Network and Internet > HomeGroup, click the link "Change advanced sharing settings" and 3) Change sharing options for the current network profile. For a non-domain target, select "Home or Work". For a domain target, select "Domain". Make sure these settings are correct: File sharing is On and Public folder sharing is Off.

 


Enable Remote Registry Service

The scanning engine must be able to access the system registry to perform Windows trusted scanning. To allow the scanning engine access to the system registry, the Remote Registry service must be started. Go to Control Panel > Control Panel Home > System And Maintenance > Administrative Tools > Services and start the Remote Registry Service. You could set it to Automatic to make sure it starts automatically at reboot.

 


Enable Server Service (Windows 8)

On Windows 8 systems, the Server Service must also be started. By default, this is started and set to Automatic. Please verify that this true for your particular version and configuration. You can check by going to Control Panel > Control Panel Home > System And Maintenance > Administrative Tools > Services. Start the Server Service if it is not already started.

 


Configure User Access Control (UAC)

Do I need to configure UAC? Yes. There are 2 methods you can use: 1) change Remote UAC settings, or 2) disable UAC policy.

Method 1: Change Remote UAC settings

1) Launch Registry Editor (regedit.exe) in "Run as administrator" mode and grant Admin Approval, if requested

2) Navigate to HKEY_LOCAL_MACHINE hive

3) Open SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System key

4) Create a new DWORD (32-bit) value with these properties:

Name: LocalAccountTokenFilterPolicy
Value: 1

5) Close Registry Editor

Warning: The value data types of DWORD (32-bit) and QWORD (64-bit) are located next to each other in the data type selection menu on 64-bit Windows versions. It may be easy to mistake one for another and select the incorrect data type. The required value data type must be DWORD (32-bit). Selecting QWORD (64-bit) and setting it to 1 will not enable Remove UAC.

The requirement to reboot the system or restart the Server service is questionable. Despite what some documents recommend, our tests have shown that disabling Remote UAC in the registry takes effect immediately and remote access to ADMIN$ is granted during the scan.

Method 2: Disable UAC policy

Follow these steps: 1) Open the Control Panel, 2) Click "Add or remove user accounts", 3) Select a user account, 4) Under the account, click the link "Go to the main User Accounts Page", 5) On the page "Make changes to your user account", click "Change security settings", 6) On the page "Turn on User Account Control (UAC) to make your computer more secure", de-select (clear) the check box "Use User Account Control (UAC) to help protect your computer" and click OK, and 7) Reboot your computer.

For hosts with Windows 10, follow these steps:

1) Open Control Panel, 2) Click User Accounts, 3) Click on Change User Account Control settings, and 4) Change to Never notify.