Prerequisites for Windows scan host
In addition to the prerequisites listed in Prerequisites for a scan host, ensure that you meet the following requirements for Windows platform:
For a non-administrator user on Windows: A non-administrator user of a Windows scan host must be added to the administrators group.
For supporting non-English characters on the Windows scan host, enable multibyte characters support.
For more information on enabling multibyte characters support in Microsoft Windows Server 2019, refer to the article Retrieve Data in UTF-8 on Windows.
For supporting long paths on the Windows scan host, enable long path support. For more information on enabling maximum path length support, refer to Maximum Path Length Limitation.
If the scan host connectivity type is , then OpenSSH must be configured on windows scan host. Create the firewall rule for OpenSSH so that scan host is accessible from the media server.
If the scan host connectivity type is , then OpenSSH is not required.
Note the following:
For Windows 2016, get OpenSSH from the GIT hub repository and for Windows 2019, enable the OpenSSH server feature. For more details, refer to the Microsoft documentation.
Microsoft Visual C/C++ Redistributable is an additional dependency if the media server is updated to 10.1.1 or later.
The Visual C/C++ run-time library DLL is required to run the nbmalwareutil utility on a windows scan host. The run-time DLL can be obtained from the Microsoft Visual C++ Redistributable latest supported downloads.
Note:
Run the scan host credential validation again from the Web UI if changes are done to ID mapping.
For VMware and Cloud workload policy scanning, UID and GID mapping must be set to 0. This requires a separate scan host pool having separate scan host.
Perform the following
- Enable local
passwdfile mapping using PowerShell:C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup $True -UNMServer localhost C:\Users\Administrator> nfsadmin mapping The following are the settings on localhost Mapping Server Lookup : Enabled Mapping Server : localhost AD Lookup : Disabled AD Domain :
- Install NFS client by running the following command on PowerShell:
Install-WindowsFeature -Name NFS-Client
- The entry must be as follows in the respective files (in file type format):
Note:
Ensure that the scanuser and scangroup are created. The scanuser must be part of the scangroup and Administrators group.
In
C:\Windows\System32\drivers\etc\passwdfile:scanuser:x:1001:1001:Description:C:\Users\scanuser
In
C:\Windows\System32\drivers\etc\groupfile:scangroup:x:1001:1001
- Restart
nfsadminclient as follows:nfsadmin client stop
nfsadmin client start
- Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
Get-NfsMappedIdentity -AccountName scanuser -AccountType User UserIdentifier : 1001 GroupIdentifier : 1001 UserName : scanuser PrimaryGroup : SupplementaryGroups :