Note: These requirements apply to non-domain (local) scanning only.
When preparing to run trusted scans on Windows Vista and 2008 systems, there are certain system settings that must be enabled to allow the scanners through the firewall to reach target hosts on your network. If your system is not joined to a domain, then follow the steps below to set system settings. See also Additional Requirements for Compliance and FDCC Scans.
System Settings:
Enable Remote Registry Service
For each target host, there are certain Windows Firewall settings that must be enabled. First activate firewall rules that are relevant to non-domain profiles in order to allow traffic for File and Print Sharing and Remote Administration. Then for each activated rule, add the scanner appliance IP address so that the scanner appliance traffic can reach the host.
1. Go to the Control Panel Home window.
2. Under Security, click the link "Allow a program through Windows Firewall".
3. Select the "File and Print Sharing" and "Remote Administration" check boxes.
4. Click OK.
By default, in a non-domain profile, a Windows Vista or 2008 system does not allow traffic from outside its own local subnet even when a firewall rule has been activated. For this reason, you must also provide the IP address or subnet of the scanner appliance.
1. Go to the "Windows Firewall with Advanced Security" program. This resource is located in Start > Control Panel > System and Maintenance > Administrative Tools.
2. Click Inbound Rules.
3. Follow these steps for each entry in the "File and Printer Sharing" group with a green check mark and each entry in the "Remote Administration" group with a green check mark:
• Right-click on the entry and select Properties.
• Select the "Scope" tab.
• In the "Remote IP address" section, do one of the following: 1) Select "Any IP address" or 2) Click the "Add" button to add the IP address (or subnet) for the scanner appliance that has been configured to scan the target host, and then click OK.
File sharing must be turned on for each target host. To do so, follow these steps:
1. Go to the Control Panel Home window.
2. Under Network and Internet, click the link "Set up file sharing".
3. In the Network and Sharing Center window, make sure these settings are correct: File sharing is On and Public folder sharing is Off.
The scanning engine must access the system registry to perform Windows trusted scanning. To allow the scanning engine access to the system registry, the Remote Registry service must be enabled. To check this on a Windows Vista system, go to Control Panel > Control Panel Home > System And Maintenance > Administrative Tools > Services and verify that the service is running and is set to start automatically.