RE: registry patch for vista to enable regular user's to use nmap viachanging npf start to 2 instead of 3

["Sina Bahram" <sbahram () nc rr com>]

Agreed

Take care,
Sina 

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Rob Nicholls
Sent: Monday, December 10, 2007 4:05 PM
To: nmap-dev () insecure org
Subject: RE: registry patch for vista to enable regular user's to use nmap
viachanging npf start to 2 instead of 3

I only spotted Sina's message on the RSS feed, not sure if it'll turn up in
my inbox later or if one of my spam filters didn't like the attached .reg
file and it's ended up somewhere else for me to find when I've got a spare
moment...

Changing the key to 2 would - I think - only make it work after a reboot, I
don't recall being asked to reboot after installing WinPcap separately (and
I'm assuming the nmap version of the installer doesn't either, I don't think
I've tried it since something like 4.22 *blush*). The setup file is
definitely going to run elevated, so you could probably get away with the
installer (for Vista users - or perhaps any 6.x users seeing as Windows 2008
will be out shortly?) setting the key to 2 AND using the installer to load
the WinPcap driver so it's ready straight away.

I suppose the other question is do we want to check if UAC is
enabled/disabled when nmap is installed and only set it to 2 if UAC is
enabled? Or can we present users with a choice of options, with 2 as the
default selection? Also, is there a way we can get nmap to detect and tell
Windows users that it failed to load WinPcap rather than the current (and
not particularly helpful to new users) error message about it failing to
open the device? I think all of my suggestions in this paragraph should wait
until after the stable release ;)
 
It might be worth putting Sina's .reg file into the zip, seeing as it's a
tiny file, so that Vista users that prefer the zip can run the file if they
want to. If that happens, it'd be nice if someone could update the
instructions at:
http://insecure.org/nmap/install/inst-windows.html#inst-win-zip with a new
bullet point between 4 and 5 (seeing as it relates to WinPcap, it should
come after 4) saying something like:

"If you want to run Nmap with an account that does not have Administrator
privileges, or you have User Account Control (UAC) enabled on Windows Vista,
apply the Registry changes in the xxxxxxxxxxx.reg file. This enables WinPcap
to load automatically when Windows starts, which allows Nmap to be run by
any user."

Replacing xxxxxxxxxxx.reg with whatever filename you decide to go with (I
prefer the term Standard to Regular, as it re-uses Vista's terminology, but
I'd also like the filename to reflect that we're editing a WinPcap setting).


Rob


---
From: Sina Bahram <sbahram_at_nc.rr.com>
Date: Mon, 10 Dec 2007 10:12:01 -0500

Hi all, 


Sorry for the insanely long subject; however, I figured that preventing
folks from needing to use regedit and all that would be nice for the final
release, so I've attached a .reg file which simply achieves this task. It
sets the appropriate start attribute of npf to 2 instead of 3. This should
then allow regular users to use nmap without requiring them to start an
elevated cmd session. 


Can we include this in the final release as a helper script? 


Take care,
Sina 




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org