Open-AudIT

I am having trouble doing a windows discovery of an IP. For some reason it is using an incorrect password, replaced by X's for security reasons. Where is it picking up this password from? I looked at the audit_windows.vbs and it is not there. any help would be appreciated. This is V 1.2.1. It also sees the ip under all devices, but should have put it in the proper windows group, but comes up as "general".
Debug code below. Please let me know if you need more information.

DEBUG command: %comspec% /c start /b cscript //nologo C:\xampplite\open-audit\other\audit_windows.vbs strcomputer=10.40.20.5 submit_online=y create_file=n struser=corp.kns.com,wg.kns.com\mstone strpass=XXXXXXX url=http://10.41.31.101/open-audit/index.php/system/add_system debugging=3 system_id=533

Thanks in advance to all!!
Mark

Hello forum,

I see a couple of reads of my post, but no replies. I'll try to explain it better. Probably not clear, sorry.
I had V1.2.1 on another VM and when I did a subnet discovery it found many pc's and I was able to see the installed software, OS, etc.
I installed the version 1.2.1 on another VM due to resource issues and used 1.2.1 because I needed the "Discover Subnets option" taken away and added to enterprise edition...
That said, I see the systems, but the OS is unknown and it did not pick up the installed software. I'm hoping someone can tell me what files to look at that might need changing or associated to the search and possible reasons open-audit did not see the required installed software and OS that I need.
The new open-audit server is on the same subnet as the first one and no firewall is in place to stop discoveries.
Please help...

Mark

So it sounds like one of three things is happening:

1 - Your password is actually incorrect (not likely, but hey).

2 - WMI is not being reported as being open.

3 - Another password is being substituted (shouldn't happen on Windows audits, SNMP quite possibly, but not Windows).

Discovery works like this:

You put in the subnet and credentials you want to use. Each host is Nmapped by a script which then posts this back to the server (on the same machine). Open-AudIT then looks at the Nmap output and if WMI is open, will attempt to audit the target. Open-AudIT should attempt to use the credentials supplied in the form. These credentials will default to those in the global configuration (Menu -> Admin -> Config), but you can change them if you want on a per subnet scan basis.

You could try editing the file /open-audit/code_igniter/application/views/theme-tango/v_discover_subnet.php around line 153 and ensure the option for Debug is available (it may already be on your form). Run the Discovery against a single IP Address and make sure Debug is checked. You will need to wait for it to return, but you should see some output. Examine this and it may shed some light. Email it to me if you like.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

Thanks again for your insight Mark!
I will let you know the results after I investigate further after reading your post.

Cheers from PA, USA,
Mark