Nessus

Authenticated/Credentialed Scan

Enable Administrative Shares

When credentials are provided in the form of username and password, Nessus uses SMB anonymous $IPC login to check if SMB is running on the target, and then uses the credentials on IPC$ and ADMIN$ shares to verify the credentials and scans the file system for vulnerabilities.

Anonymous IPC$ login to test SMB service:
net use \\<Target_IP>\ipc$ "" /user:""

Credential check using SMB:
net use \\<Target_IP>\admin$ /user:<username> <password>

You could simply goto \admin$ on windows explorer on the target machine to check 
if the account is a local administrator.

Note: The credentials provided to Nessus must be a local administrator on the target machine.

//Open cmd.exe in administrative mode.

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Enable RemoteRegistry Service

Nessus scans through the registry remotely to find deprecated software information. Enable the RemoteRegistry service such that Nessus can trigger it and start and stop for the scan.

// Enable the service and set it to Manual start

sc config RemoteRegistry start= demand

Enable "File & Printer Sharing"

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

Set the firewall rules to allow Nessus IP only to connect to the target machine.

References

• https://community.tenable.com/s/article/Troubleshooting-Credential-scanning-on-Windows

• https://docs.tenable.com/nessus/Content/CredentialedChecksOnWindows.htm