In reference to question 1:
Yes, as long as the scanner properly identifies the operating system, it should be able to "intelligently select the correct credentials." I don't run into much error..The credential manager in version 7 and up seems pretty solid.
Overall, you can throw all of your credentials in one bucket. Best suggestion is to test first- pick some test systems in each windows domain and of various flavors of unix if possible, all in one scan, and check your results.
One Tip- the Authenticated hosts file in the CSV report can help you determine what you authenticated to, with what mechanism, and at what level of access.
The report is a little primitive in that it won't tell you what scanner or what credentials the authentication attempt failed with.
In my experience using this tool for over 3 years, in the authenticated hosts csv, you may see a succeess and a fail for the same host- in this case the assumption is it failed with one credential then succeeded with another.
Hope this helps.
Exactly as John said, it is possible to scan windows and unix hosts simultaneuously. One thing that you need to bare in mind is that you select all vulnerability checks (settings -> vuln Section) when you set up the scan, i.e. windows and shell vulnerabilities.
Another thing that you need to verify, if providing credentials for Unix environments is to, in "settings -> credentials" check the "Trust unknown remote-shell targets" as well as selecting the credential set to use.
Hope this helped you.
You may want to roll out your credentialed scans in phases/segments, watching the "authenticated hosts" list for oddities.
We found that in our environment, when the scanner was busy (i.e. doing several scans), it would intermittently lock out the scan user (credential) with excessive failed logins. But if I were to run the scan individually, it would succeed.
We figure that the busy scanner wasn't getting back to the host fast enough during the login sequence, and so the host was timing the login sequence out, leading to 'failures', and then a locked account. An easy fix, once we figured it out.
YMMV, of course.