Open-AudIT

Firstly, thank you Mark for such a great piece of work. I've been using v1 for the past year or so and have now started getting to grips with v2

This is with a clean install of the beta6.2.

When auditing Windows 7 pro 64bit machines, we seem to be missing all of the 32bit software that should get identified within

[code]HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall[/code]

The stuff that's located in [code]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall[/code] is being picked up just fine.

This means that quite a lot of items are being missed such as Firefox, Notepad++, FileZilla Client etc.

This is with both a domain audit and single audit_windows.vbs and 32bit XP machines are being audited just fine.

On a very much less important point, the sockets on these particular systems are AMD Socket FM1 and are being mis-identified as Socket 754.

Any help identifying what I'm doing wrong would be much appreciated. If you need me to provide any further details to help diagnosis I can do.

Thanks

Darren

Done.
See the new audit script (v10) here -
[url]http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5864&p=20316[/url]

Thanks for the heads-up. It now seems to capture quite a bit more software.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

The socket is derived from the "UpgradeMethod" property, as per here.
http://msdn.microsoft.com/en-gb/library ... 73(v=vs.85).aspx

Microsoft don't exactly keep this stuff current.
Can you post your XML for ONLY the CPU section?
I can create a hack like
if MANUFACTURER = "AMD" and UPGRADEMETHOD = "16" then socket = "FM1".

I need the exact string for the manufacturer, though.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

Thanks Mark,

v10 of the audit script works brilliantly picking up the extra software signatures.

As for the Mis-ID of the processor sockets .. here's an offending beastie

[code]
<processor>
<processor_cores>4</processor_cores>
<processor_socket>Socket 754</processor_socket>
<processor_description>AMD A6-3670 APU with Radeon(tm) HD Graphics</processor_description>
<processor_speed>2700</processor_speed>
<processor_manufacturer>AuthenticAMD</processor_manufacturer>
<processor_power_management_supported>False</processor_power_management_supported>
</processor>
[/code]

This should be Socket FM1. In this instance, you might be best using the processor_description to get the socket. The clue string would be the 'APU' part or the 'Graphics'
All the FM1 units have these on-chip graphics accelerators.

I think there might be a similar problem in identifying the AM1, AM2 and latest AM3 sockets. I think we have some AM2 boards in use here as well as some legitimate Socket 754s - I've built only AMD workstations here since the Pentium II days - and so I should be able to do a bit of testing and diagnostics for you. I'm going to be rolling out some AM3 units later on in the year.

Darren

Thanks Darren.
I'll keep the script updated if you keep the XML coming!

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.