Discovering Machines

When scanning by domain name, Security Controls does the following to discover the machines in the domain:

  • The domain controller is contacted and its list of machine accounts is enumerated. Browse credentials defined within the machine group are used for this process. If browse credentials are not provided, the credentials of the user running the scan are used.
  • You can reduce the number of machines that the program will attempt to connect to by enabling the Use only the browse list scan option.

  • Machines are also enumerated from the network browse list which is the same list of machines seen on a per domain basis when viewing the network, or similar to 'net view /domain:domainname'. No special permissions are required to enumerate machine names this way as Security Controls is using UDP port 137 (NetBIOS name service) to enumerate the browse list. If the scanning machine has just been connected to the network, it may take up to 15 minutes until the machine synchronizes with the browse master and for this list to become available to the scanning machine. The list of machines that are returned represent machines that are currently online or have been within the last 15 minutes. Machines that are 'hidden' via registry modifications won't appear as they don't propagate their machine names to the network browse list. If the scanning machine doesn't have access to the browse list, or the machines are behind filtering devices where the browse list isn't updated, etc. then no machines will appear.