Any credentials used in domain scanning must be granted the right to “Log on as a service”.  The permission can be assigned using either locally (on the target machines) or via Group Policy.

To enable on the local machines go to the Local Security Policy under Control Panel > System and Security > Administrative Tools OR simply run the following command from Start > Run or a CMD window.

secpol.msc

In the Local Security Policy window go to Security Settings > Local Policies > User Rights Assignment > Log on as a Service and add the appropriate credentials to this right. Verify that this account has NOT been added to the “Deny log on as a service policy”.

 

To add the account via Group Policy open your Group Policy editor and edit the appropriate Group Policy. Go to Policies > Windows Settings > Security Settings > Log on a service