All Windows hosts under V7 (7.1.5) show last access method being RCMD. When you use the “Summary of Login Methods” Report – again all the Windows hosts are shown as RCMD logins.

However, if you scan the same host using the same slave through a V6 appliance the last login is shown as WMI.

Is this field now referring to the last credential method used rather than the actual access method?

If so – are there any default Summary Login Method Reports showing a split between Windows hosts using RCMD and those using WMI?

Currently any Windows host discovered in 7.x via the slave will have a DeviceInfo.last_access_method of ‘RCMD’. Don’t forget there is also DeviceInfo.last_adslave that will report which AD Slave was used.

You’re correct that back in the older 6.x line this was set to ‘WMI’, essential just the text of the value has changed.

If you want a quick summary of current access for Windows devices try this query.

This should list the current slave, or access method or flag it as an external probe for the latest scan of all devices believed to be Windows

I’ll explain on Monday how it works if anyone is interested!

Hmmm – our forum CODE tag needs a scrolling box!

If you select the whole query it’s all there. Sorry about that, we’ll get it fixed soon.

Hi,

Many thanks for the repy.