| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| how to audit Windows computers remotely by ip-range https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5840 |
Page 1 of 1 |
| Author: | wouter [ Wed Feb 15, 2012 8:46 am ] |
| Post subject: | how to audit Windows computers remotely by ip-range |
Hello, Now I'm trying OAv2 with xampp on Windows 7 for auditing my network, but I can't seem to audit remote windows computers that are not part of a domain (audit by ip-range) How do I do that? What script to use? (cfr. nmap.vbs & audit.config in OA) thanks, wouter. |
|
| Author: | Mark [ Wed Feb 15, 2012 8:54 pm ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
There is no nmap.vbs nor audit.config in OAv2. Are you sure you are using OAv2 and not Open-AudIT? To order a non-domain system in OAv2, simply type the below: [code]cscript audit_windows.vbs strcomputer=PCNAME struser=PCNAME\USERNAME strpass=YOURPASSWORD[/code] Make sure you replace the items above in CAPS with your own attributes. You can also load these into the audit_list.vbs script. Just include "PCNAME struser=PCNAME\USERNAME strpass=YOURPASSWORD" in the array of computers. |
|
| Author: | wouter [ Thu Feb 16, 2012 12:17 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="Mark"]There is no nmap.vbs nor audit.config in OAv2. Are you sure you are using OAv2 and not Open-AudIT? Yes, I tried OA first but nmap.vbs didn't work. Kept getting errors on webpage to post the data. Could it be an incopatibility with IE9? [quote="Mark"]To order a non-domain system in OAv2, simply type the below: [code]cscript audit_windows.vbs strcomputer=PCNAME struser=PCNAME\USERNAME strpass=YOURPASSWORD[/code] The problem is that I don't know the pcnames (not 100% sure at least) on my network. [quote="Mark"]Make sure you replace the items above in CAPS with your own attributes. You can also load these into the audit_list.vbs script. Just include "PCNAME struser=PCNAME\USERNAME strpass=YOURPASSWORD" in the array of computers. Is there a tool that can collect them? |
|
| Author: | wouter [ Thu Feb 16, 2012 8:29 pm ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="Mark"]To order a non-domain system in OAv2, simply type the below: [code]cscript audit_windows.vbs strcomputer=PCNAME struser=PCNAME\USERNAME strpass=YOURPASSWORD[/code] I tried this for some pc's from which I do know the pcname, but I get this error message: audit_windows.vbs(122,2) SWbemLocator: The RPC-server is not available. I haven't got the tech knowlegde to solve this. Can you help? |
|
| Author: | Mark [ Sat Feb 18, 2012 8:53 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote]audit_windows.vbs(122,2) SWbemLocator: The RPC-server is not available. Sounds like a firewall issue on the remote PC. |
|
| Author: | wouter [ Tue Feb 21, 2012 6:17 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="Mark"]Sounds like a firewall issue on the remote PC. I disabled the firewall on the remote machine completly... I ran the script "firewall_allow.vbs" locally on the remote machine. What can it be then? |
|
| Author: | wouter [ Tue Feb 21, 2012 6:53 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="wouter"][quote="Mark"]Sounds like a firewall issue on the remote PC. I disabled the firewall on the remote machine completly... I ran the script "firewall_allow.vbs" locally on the remote machine. What can it be then? I've had succes when using an ip-adress in stead of the pcname: [code]cscript.exe audit_windows.vbs strcomputer:IP-ADRESS struser=PCNAME\USERNAME strpass=PASSWORD[/code] BUT... the audit stops prematurely on: [code]local groups info C:\audit_windows.vbs(1727,4) Active Directory: unspecified error[/code] Since I'm not using Active Directory, can I disable this? Or how can I solve this? |
|
| Author: | Mark [ Tue Feb 21, 2012 10:11 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
I'll take a look at the beta4 script tonight. |
|
| Author: | Sparadra [ Mon Feb 27, 2012 9:40 pm ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
Hello, I would like to do a scan on a windows 2003 R2 X64 server with AD from a windows 7 x64 computer. [code]C:\xampp\OAv2\other>cscript.exe audit_windows.vbs strcomputer:192.xxx.xxx.206 strus er=domain\administrateur strpass=xxxxx Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation 1996-2001. Tous droits réservés. starting audit - strcomputer:192.xxx.xxx.206 C:\xampp\OAv2\other\audit_windows.vbs(122, 2) SWbemLocator: Le serveur RPC n'est pas disponible.[/code] [color=#8000BF]"Le serveur RPC n'est pas disponible" = The RPC-server is not available[/color] I have disable the firewall on my windows 7 and there is no firewal on my server. I haven't the same error of Wouter with active directory. Do you think it could be because my win 7 is not in the domain ? |
|
| Author: | jpa [ Tue Feb 28, 2012 10:42 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
That would be my guess. OpenAudit is trying to connect to the target machine using the DOMAIN\Administrateur user which isn't valid if the machine is not in the domain. Instead of DOMAIN\Administrateur for struser use MACHINENAME\Administrateur (or equivalent user) and pass in the appropriate password in strpass. |
|
| Author: | wouter [ Thu Mar 01, 2012 5:18 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="Sparadra"][code]C:\xampp\OAv2\other>cscript.exe audit_windows.vbs strcomputer:192.xxx.xxx.206 struser=domain\administrateur strpass=xxxxx[/code] I made a typo in my previous post, maybe you made the same one: strcomputer:192.xxx.xxx.206 should be strcomputer[color=#FF0000]=[/color]192.xxx.xxx.206 |
|
| Author: | jpa [ Thu Mar 01, 2012 5:24 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
Didn't notice that. That makes more sense with that error message. Although once you've got that fixed then you might need to fixed the struser as I pointed out. |
|
| Author: | wouter [ Thu Mar 01, 2012 5:26 am ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
[quote="jpa"]Instead of DOMAIN\Administrateur for struser use MACHINENAME\Administrateur (or equivalent user) and pass in the appropriate password in strpass. I allready tried [code]cscript.exe audit_windows.vbs strcomputer=IP-ADRESS struser=USERNAME strpass=PASSWORD[/code] [code]cscript.exe audit_windows.vbs strcomputer=IP-ADRESS struser=PCNAME\USERNAME strpass=PASSWORD[/code] [code]cscript.exe audit_windows.vbs strcomputer=IP-ADRESS struser=IP-ADRESS\USERNAME strpass=PASSWORD[/code] All 3 return this error: [code]local groups info C:\audit_windows.vbs(1727,4) Active Directory: unspecified error[/code] Any ideas, Mark? |
|
| Author: | Mark [ Sat Mar 03, 2012 4:59 pm ] |
| Post subject: | Re: how to audit Windows computers remotely by ip-range |
Am posting a new audit script (in another thread) - give it a whirl... |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|