What are the required settings to scan a machine and successfully install missing patches using GFI LanGuard?

If you plan to run security scans as well as manage patches and retrieve information from Microsoft Windows-based scan targets, ensure that the following variables are configured:


Ensure that the following services and processes are running on the GFI LanGuard server:
  • GFI LanGuard Attendant (lnssatt.exe)
  • Microsoft Remote Registry Service
  • Microsoft Windows Management Instrumentation
  • Server
  • Workstation
  • 2 httpd.exe processes
Ensure that the following services are running on the target machine:
  • Microsoft Windows update
  • Server
  • Workstation
  • Remote Registry
  • Microsoft Remote Procedure Call
  • Microsoft Windows Management Instrumentation
  • Microsoft Application Experience (set to manual startup)
If your GFI LanGuard agents are configured to use a Relay Agent, ensure the following is running on the assigned Relay Agent:
  • GFI LanGuard Attendant Service (lnssatt.exe)
  • 2 httpd.exe processes

Access Rights

Ensure that File and Printing Sharing is enabled and that the credentials used, have administrative rights to access remote computers.
Microsoft Windows XP has a policy that interprets users outside the domain as Guest users and the account is disabled, by default. In this situation you will receive this message in GFI LanGuard:
Error (1326) Logon Failure: unknown user name or bad password.
To change access rights settings and resolve this issue:
  1. Go to Control Panel > Administrative Tools > Local Security Policy
  2. From the left pane of the Local Security Policy console, expand Local Policies and select Security Options
  3. From the right pane, double-click Network access: Sharing and security model for local accounts
  4. From the drop-down menu, change Guest only - local users authenticate as Guest to Classic - local users authenticate as themselves
  5. Click OK
NOTE: In operating systems later than Microsoft Windows XP, Network access security settings are configured properly by default. If you, however, experience the above problem on machines running Windows Vista and Windows 7, follow the steps above to change the access rights settings for that scan target.

File Sharing

NOTE: This information applies to Microsoft Windows XP scan targets only.
In Microsoft Windows XP Professional, Simple File Sharing is enabled by default. Simple file sharing stops GFI LanGuard from accessing certain components of the system remotely.
To disable Simple File Sharing:
  1. Open Windows Explorer and click Tools > Folder Options
  2. From the Folder Options dialog, click the View tab
  3. Deselect Use simple file sharing option and click OK
WARNING: For Microsoft Windows XP Home Edition, you cannot perform the mentioned changes and therefore remote scanning results in limited information retrieval and processing.

Firewall Ports and Permissions

GFI LanGuard and Relay Agents

Ensure your firewall is configured to allow Inbound connections on TCP port 1070 (or the communications port as set below), on computers running:
  • GFI LanGuard
  • Relay Agents
To manually configure the communication port:
  1. Launch GFI LanGuard.
  2. Click Configuration tab > ManageAgents
  3. From the right pane, click Agents Settings
  4. From the Agents Settings dialog, specify the communication port in the TCP port text box
  5. Click OK
Agent and Agent-less computers
Ensure your firewall is configured to allow Inbound requests on the ports in the table below, for:
  • Computers running Agents
  • Agent-less computers
User-added image