St. Bernard Software v7.01 manual Agentless Query Requirements

St. Bernard Software, Inc. ­ Protecting Your Network Investment

Agentless Query Requirements

These requirements are the result of default installations for NT4/W2K/XP. You would have to disable these services and shares, and restrict access, to fall short of the requirements. In order to install OS updates remotely you must have the access rights to remotely access and modify the registry and system files on the target systems.

Administrator Account (Domain or Local) with administrator rights on target machines

Required Services, in addition to the baseline RPC Service (Console and Target machines):

Remote Registry

Server

Netlogon

File and Print Sharing (NIC configuration)

Share Access:

Admin$ ­ enabled and accessible by UE account

IPC$ share ­ enabled and accessible by UE account

Admin shares for other drives whose installed components may be queried.

Remote Registry Access – "Full Control" permission to target machine registry.

The account used for access must have Full Control remote access to the registry of the target system. You must be able to open the remote registry of the target system in REGEDT32 on the UpdateEXPERT Console Machine. This procedure will confirm remote registry access and access to IPC$:

1)Launch REGEDT32 on the UpdateEXPERT Console Machine. Choose "Registry­Select Computer" and enter the name of the target system. In this remote registry, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

2)With the above key highlighted, choose "Security­Permissions" from the top menu. You must be a member of the group that has Full­Control access to this key and its subkeys to successfully Query a system.

Windows XP/2003 Remote Login Access policy must be set to “Classic” mode: Go to Start >

Programs > Administrative Tools > Local Security Settings > Local Policies > Security Options and click the "Network access – Sharing and Security Model for Local Accounts" item. Change the policy to the "Classic" selection. This allows a remote login to remain themselves instead of being mapped to the guest account.

Windows XP/SP2 tightens security. Please see this XP/SP2 article which tells you how to configure the firewall to allow queries (of course, you can turn off the firewall on the client side if you wish, temporarily or permanently).

For more detail on the issues above, click here.