Disabling Two User Enumeration Settings by Default in Scan Templates

Change

We have conducted a review of our User Enumeration Settings in Scan Templates and decided to modify two default settings to reduce traffic seen by domain controllers in certain environments. Currently, the settings are set up such that each scanner interrogates Active Directory when auditing each host, thus asking the same question many times. This generates unnecessary load on Active Directory and increases the volume of results by duplicating data.

This change sets the Windows Assessment settings Request information about the SMB Domain and RID Brute Forcing to off by default in templates where these settings are currently present in Tenable's products. This should help avoid any unforeseen events for our customers.

Impact

It is recommended that customers evaluate these settings in the context of their environment and their individual requirements, and then enable the settings, if needed. This change will not affect existing scan policies.

Plugin

Plugin ID 72684 - Enumerate Users via WMI

Assessment->Windows default settings for all scan templates and all products

Target Release Date

Moved to 19 August 2019 to enable ease of change control 

__________________________________

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.