Patch Scanning Prerequisites

The following criteria must be met to ensure a successful patch scan:

When scanning your local (console) machine

Note: The Server service is not required to be started on the local machine.

When scanning a remote machine you must meet all the requirements for the local scan above, plus

Note: The Workstation service is not required to be started on the remote machine.

Note: The remote registry service is disabled by default on Windows Vista machines. You must enable the remote registry service (either manually or via group policy) before performing remote scans of Windows Vista machines.


      1. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:

a. On the Edit menu, point to New, and then click DWORD Value.

b. Type LocalAccountTokenFilterPolicy and then press Enter.

      1. Right-click LocalAccountTokenFilterPolicy and then click OK.

      2. In the Value data box, type 1, and then click OK.

      3. Exit Registry Editor.

For more details on disabling UAC remote restrictions, see

Special note regarding Simple File Sharing

When Simple File Sharing is enabled, remote administration and remote registry editing does not work as expected from a remote computer and connections to administrative shares (such as C$) do not work because all remote users authenticate as Guest.  Guest accounts do not have administrative privileges.

On Windows XP Professional or later operating systems, go to the following Microsoft Knowledge Base article to learn more about this feature and how to disable Simple File Sharing:;en-us;304040

If you are running Windows XP Home Edition, Simple File Sharing cannot be disabled (Microsoft states that it is as designed) so remote scanning will not work on this operating system.