Supplying Scan Credentials for Target Machines

Browse credentials are slightly different from the scan credentials described in this section. Browse credentials are used by servers, domains, and organizational units to enumerate machines but do not actually authenticate to the individual machines. See Adding Virtual Machines Hosted by a Server and Machine Group Dialog: Bottom Section for information on specifying browse credentials.

In addition, Security Controls also uses a scheduler credential for all tasks scheduled to be run on the console. You set this credential from the Scheduled Console Tasks dialog.

This section provides information on how to define new scan credentials and how to assign the credentials to target machines. Credentials consist of a user name and password pair used to authenticate the program to specified target machines. One credential can be associated with any number of operations or entities. The credentials are stored with strong encryption techniques and are not available to anyone except the user who provided them.

The scan credentials you supply will be used to access remote machines, perform any scans, and push any necessary files. The supplied credentials will NOT be used to:

  • Authenticate to the local (console) machine
  • Rather, the program uses the credentials of the currently logged on user to authenticate to resources on the local machine. Therefore, in order to perform tasks on the local machine, make sure you log on using an account that has administrator and local machine access rights.

  • Perform a patch deployment
  • The machine credentials that you supply are used to provide access to the remote machine and to push the necessary patch deployment files. The actual deployment, however, will be run under the remote machine's Local System account.

You use a machine group to initially assign scan credentials to target machines. You can assign credentials to individual machines, to all machines in a machine group, or both. After a machine has been scanned and is contained in Security Controls's database of managed machines, you can use the Machine Properties dialog to assign different credentials if desired.

IMPORTANT! If there are two or more administrators using Security Controls, each administrator should provide their own machine credentials. For details see Potential Issues When Using Multiple Admins.

See also:

Credential Precedence for Physical Machines and Online VMs

Credential Precedence for Offline Hosted VMs

Deploying Patches to Virtual Machines