Open-AudIT

What's on your network?
It is currently Wed Jan 24, 2018 2:02 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Beta 2 Bugs
PostPosted: Fri Aug 12, 2011 2:56 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
So I finally got around to installing Beta 2, and for some reason when I open a Windows 7 or Windows 2008 R2 machine, the Software and Settings menu buttons don't work.

Anybody else have this? The buttons work with all other Windows versions.

Also the last logged on user for Windows 7 does not work with domain users. It always shows the last local user to have logged on.

Thanks,

-Shmee

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Aug 12, 2011 10:13 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
I get all info for all Windows versions I have access to -
Windows 2000 Professional,
Windows 2000 Server,
Windows 7 Enterprise,
Windows 7 Professional,
Windows Server 2008 R2 standard,
Windows XP Professional,
Windows Server 2003 Enterprise x64,
Windows Server 2003 Standard x64,
Windows Server 2003 Enterprise,
Windows Server 2003 Standard.

In general, if a menu item wont expand, it's because the sub-menu items have no data. Obviously they should contain data, so...

You can try the following to attempt to narrow down the issue.
Open c:\xampplite\OAv2\code_igniter\system\application\config\fireignition.php and set the config variable to TRUE.
Make sure you have FireBug and FirePHP extensions installed in Firefox.
Now, when you browse an OAv2 web page, you should see SQL statements in the FireBug window.
Next audit one of the problem machines using
cscript audit_windows.vbs machinename submit_online=n create_file=y
Then open the resulting file and paste it into Admin -> Systems -> Add a System.
When you hit Submit, you should see plenty of SQL and debugging info in the below indow.
You can copy & paste it into a decent editor/viewer.
Next check the system and see if the menu item's expand and the details are indeed present.
If not, feel free to send me (not post here) the debug info.
If so - then there's some issue either with the script (probably permissions related) or the submission (likely UTF-8 related, I've been working on this for the next beta), or the PHP script is timing out when trying to process the submitted audit.
To alleviate the last one, try an individual audit with an online submit - not a domain audit. I've fonud here that if I set domain audit to examine 20 machines at once, the OAv2 server cannot process the audit's in time, time's out and you end up with Software, Services, Routes, Keys (basically the end section of the audit results) not being processed.
If I set the domain audit machine to only do 5 machines at once, yes, it takes longer but it doesn't time out. Not a problem when I audit our servers overnight.



As for the Win7 users - not sure. I think (by looking at a couple of machines here), I am getting BOTH. I definitley get a domain user on at least some of them - but other's seem to be local users. More investigation to be done here.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Aug 12, 2011 10:20 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1229
Shmee wrote:
the Software and Settings menu buttons don't work.
I haven't seen this with IE9 or Firefox 5.

Shmee wrote:
Also the last logged on user for Windows 7 does not work with domain users
I'm having lots of problems with the last logged on user info. My Windows 7 machines don't show any information at all. Some Windows 2008 R2 servers look like they have correct information and others don't.

Looking over the code for collecting this information a bit and the data on my systems shows some problems.

OAV2 first tries to grab the last logged on user from what I'm guessing are legacy keys for non-current versions of Windows:
Code:
' last logged on user
oreg.getstringvalue hkey_local_machine, "software\microsoft\windows nt\currentversion\winlogon", "DefaultUserName", windows_user_name
oreg.getstringvalue hkey_local_machine, "software\microsoft\windows nt\currentversion\winlogon", "DefaultDomainName", windows_user_domain


On a Windows Server 2008 R2 system windows_user_name is NULL because the key doesn't exist. On my Win7 SP1 x86 box the keys exist but are empty so windows_user_name is "".

Next the code tests if we found the keys in the previous code. If not, it looks in the more modern location in the registry for this information. In the Win2008R2 case this is what we want. In the Windows 7 case windows_user_name is "" and not NULL so we skip this and never properly populate the windows_user_name field.
Code:
if isnull(windows_user_name) then
   oreg.getstringvalue hkey_local_machine, "software\microsoft\windows\currentversion\authentication\logonui", "lastloggedonuser", windows_user_name


Back to the Windows Server 2008 R2 case then. From my testing the LogonUI\LastLoggedOnUser key only shows information for users logging on via a keyboard or maybe a VNC type terminal program. If you log on to the console via RDP the LastLoggedOnUser doesn't get populated. I cleared the registry values for LastLoggedOnSAMUser and LastLoggedOnUser under LogonUI and then logged on via RDP and the values were still blank. Logging on via the keyboard then populated these values.

It looks like the values under the LogonUI\SessionData key are more accurate but I don't know enough to say for sure.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Aug 12, 2011 10:24 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1229
Beyond this I'm having trouble auditing Win 7 boxes because of bad partition values.

Audit data like this:
Code:
      <partition>
         <hard_drive_index></hard_drive_index>
         <partition_mount_type>mount point</partition_mount_type>
         <partition_mount_point>\\?\Volume{9ac4466c-9865-11e0-be86-806e6f6e6963}\</partition_mount_point>
         <partition_name>System</partition_name>
         <partition_size>6251</partition_size>
         <partition_free_space>6178</partition_free_space>
         <partition_used_space>73</partition_used_space>
         <partition_format>NTFS</partition_format>
         <partition_caption>\\?\Volume{9ac4466c-9865-11e0-be86-806e6f6e6963}\</partition_caption>
         <partition_device_id></partition_device_id>
         <partition_disk_index></partition_disk_index>
         <partition_type>volume</partition_type>
         <partition_quotas_supported></partition_quotas_supported>
         <partition_quotas_enabled></partition_quotas_enabled>
         <partition_serial>317035552</partition_serial>
      </partition>


Produces errors like this:
Code:
A Database Error Occurred

Error Number: 1452

Cannot add or update a child row: a foreign key constraint fails (`oav2/sys_hw_partition`, CONSTRAINT `sys_hw_partition_hard_drive_index` FOREIGN KEY (`hard_drive_index`) REFERENCES `sys_hw_hard_drive` (`hard_drive_index`))

INSERT INTO sys_hw_partition ( system_id, hard_drive_index, partition_mount_type, partition_mount_point, partition_name, partition_size, partition_free_space, partition_used_space, partition_format, partition_caption, partition_device_id, partition_disk_index, partition_bootable, partition_type, partition_quotas_supported, partition_quotas_enabled, partition_serial, timestamp, first_timestamp ) VALUES ( '67', '', 'mount point', '\\\\?\\Volume{9ac4466c-9865-11e0-be86-806e6f6e6963}\\', 'System', '6251', '6178', '73', 'NTFS', '\\\\?\\Volume{9ac4466c-9865-11e0-be86-806e6f6e6963}\\', '', '', '', 'volume', '', '', '317035552', '2011-08-11 15:59:14', '2011-08-11 15:59:14')


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Aug 12, 2011 10:27 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
I have fixed the mount points issue in my code.

I'll see what I can find regarding WIN7 + Win2008 last logged on users.
Have added a check (in my code) so that if windows_username is null OR windows _user_name is "", then it checks the newer registry locations. Hopefully that will fix Win7. I'll run some tests...

Thanks for the pointers.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Sat Aug 13, 2011 1:01 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
I am getting the mount point errors too. Which is probably the issue because it fails before it can insert any of the software and settings info, so it is all blank thus my buttons don't work. Since it is fixed in your code. I will just hang tight until beta 3 I guess.

Thanks for looking in to this gents!

-Shmee

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Wed Sep 07, 2011 6:06 pm 
Offline
Newbie

Joined: Tue Jun 07, 2011 6:06 pm
Posts: 24
I have a couple of issues along the same lines.

Namely, on Windows 7 machines the last logged on user is always the last local user to log on, no the domain user.

On Windows 7 x64 (x86 not affected) not all installed applications are listed. Abode products are always missing.

Cheers,
Gareth

_________________
Auditing 5 companies, 10 sites, 13 servers & 300 workstations.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Thu Sep 08, 2011 2:56 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 186
Location: Massachusetts
Re: Adobe on Win 7 x64- I just noticed the same. Could it be that on W7-64, the registry location of the Adobe products is in a different location? Looking at a system this seems to explain it.

The Software showing as installed in OAv2 is located here:
HKEY_LOCAL_MACHINE\SOFTWARE\

while in W7-64 this is the registry location for Adobe products:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Thu Sep 08, 2011 3:04 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 186
Location: Massachusetts
re: Last logged on user

In OAv2, for Windows 7, it seems to be getting this setting from here:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName

While it seems like the actual last logged on user setting is located here:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Thu Sep 08, 2011 10:13 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1229
shanimal wrote:
In OAv2, for Windows 7, it seems to be getting this setting from here
I've looked at the code and it does try the location you indicated first and follows with your second location if it doesn't find anything there.
However, I can't find a Windows 7 machine in my domain that has DefaultUserName populated in the first registry location. I wonder how yours got populated.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Thu Sep 08, 2011 11:45 pm 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 186
Location: Massachusetts
How do you get Windows 7 installed? I think if you use light touch or zero touch (or possibly some other automated method of deployment), that field would be blank, makes sense.

When you install Windows 7 Enterprise manually as I have, during installation I think it forces you to create a user account because administrator is disabled. DefaultUserName is that user account. I only know this because I used my name Phil on my win 7 systems installation, and after that 1st time login I always enable admin and never logon again with Phil. So when I saw it showing up as Phil, it made it easy to figure out where that comes from. The other place has my corporate domain account that I use to logon every day, after the computer was added to the domain.

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Sep 09, 2011 1:28 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1229
Brilliant! Should have thought of that as I have deployed all our Win 7 with lite touch.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Sep 09, 2011 10:44 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
Quote:
On Windows 7 x64 (x86 not affected) not all installed applications are listed. Abode products are always missing.


I have now fixed this in the audit script.
:D

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Fri Sep 09, 2011 11:43 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
Quote:
In OAv2, for Windows 7, it seems to be getting this setting from here:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName

While it seems like the actual last logged on user setting is located here:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser


So, are you guys thinking I should change this (when it's detected that we are auditing a Win7 machine)?

Maybe if we detect Win7, simply use the second value?

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta 2 Bugs
PostPosted: Sat Sep 10, 2011 5:17 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 186
Location: Massachusetts
Hi Mark-
If it detects Win 7 or 2K8R2, it checks the 2nd location for last logged on user? I think that should work like a champ!
Thanks

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group