When 7.5.2 is released there will be an option to dynamically enable Remote Registry during a Windows Scan. This will be configurable via an Engine Tweak.
7.5.2 should be coming out very soon... then you can search the KB for "Dynamically enable Remote Registry" for the specific tweak I'm talking about.
I hope that helps!
7.5.2 went out yesterday.
Here's the KB I was telling you about KB77852 ... actually it's not published yet. So here are the details:
With version 7.5.2 a registry tweak is available that will remotely enable the service for the purpose of scanning, and will disable (or set the service back to it's original state) at the end of the scan.
- Open the registry editor on the scan engine. Click Start, Run, type regedit and click OK.
- Navigate to:
* [HKEY_LOCAL_MACHINE]\SOFTWARE\Foundstone\Foundscan\Tweaks] (for 32-bit host) or
* [HKEY_LOCAL_MACHINE]\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks] (for 64-bit host)
** if the key "Tweaks" doesn't exist, create it. **
3. Create or modify the following tweak to the key:
* Valuename: WHAM - DynamicallyEnableRemoteRegistry
* Valuetype: DWORD
* Value: 1 (enabled))
4. Restart the FSScanEngineSvc service for the tweak to take effect.
I haven't actually tried it out yet, but it got quite a bit of QA ... so if you get results (good or bad) post here ok?
I have tried to use this feature as it solves a problem for me. However I cant get it working, despite setting the registry (export below), I get the scan logs showing next to WindowsModule, Tweaks enabled, that DynamicallyEnableRemoteRegistryEnabled: 0
Have I entered the registry key correctly? (Windows Server 2008 R2 Standard)
"WHAM - DynamicallyEnableRemoteRegistry"=dword:00000001
From testing I know that the feature isnt working. I have tried restarting the service and rebooting the server.
EDIT: Solution was a check box in the scan settings, which was not documented anywhere for MVM 7.5. In this version it appears you do not need the registry tweak.