Although the most recent post on this was from Jun’ 22 this post still happens to be our most viewed post in the discussion forums so I think it’s good to note that there are better ways to authenticate other than using the Domain Credentials.
The InsightVM Scan Assistant can be used in place of the CIFS credentials which eliminates the headache of permission issues for the user accounts and the services themselves. The Scan Assistant can be found here and is available for both Windows and Linux. The Scan Assistant uses it’s own executable and presents a certificate that you create from the console. You deploy the Scan Assistant on all of your endpoints passing the certificate into the install command. The endpoint would then display that certificate on port 21047. The scan templates would then need to be updated to look for TCP 21047 in both Asset and Service discovery.
With this method, you can use a single certificate to authenticate to all of your Windows and Linux devices (although there are different installers for the two) among however many domains you need. The scan assistant has access to the registry service, command execution service, and the file system service which gives it all the ability it needs to run the vulnerability test and nothing else. This method provides less overhead for password management etc and is actually more efficient when scanning.
TLDR; don’t fight with windows permissions/issues and use the Scan Assistant