Credential Precedence for Offline Hosted Virtual Machines

Initiating actions from the Agentless Operation page, from a machine group, or from a favorite

The Agentless Operation page, machine groups and favorites can be used to initiate patch scans, asset scans, power management actions, and to execute scripts. When performing these actions, Security Controls will attempt to authenticate to each offline hosted virtual machine using the browse credentials.

Initiating actions from Machine View or Scan View

When initiating a scan, a patch deployment or a power management action from Machine View or Scan View, the credentials that will be used to authenticate to an offline virtual machine depends on the power state of the machine when it was initially scanned.

If a machine was originally scanned in offline mode

The program will attempt to authenticate using the browse credentials.

If a machine was originally scanned in online mode

The program will attempt to authenticate using a variety of credentials and will do so using the following strategy:

  1. Try using any manually or automatically assigned managed machine credentials (see the Assigning Credentials to Virtual Machines section in Supplying Credentials for Machines.
  2. If the following are available, try to authenticate using the credential with the highest precedence, where the precedence order is as follows:
    • (a) The administrator credential from the machine group. If the administrator credential exists but fails, the default credentials will not be tried.
    • (b) Default Credentials (used if the scan credentials are invalid or missing (for example, if an agent performed the scan rather than the console))
  3. If the credentials used above do not work, then Integrated Windows Authentication (the credentials of the person currently logged on to the program) will be used.
  4. Integrated credentials will not work for deployments to offline virtual machines or for rescans.

If none of these credentials work then the action will fail.

See also:

Deploying Patches to Virtual Machines