Open-AudIT

What's on your network?
It is currently Thu Jan 18, 2018 8:32 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 12 posts ] 
Author Message
PostPosted: Thu Apr 02, 2015 8:04 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
Dear All,

When i trying to run audit_windows for one computer locally, the process stopped when it auditing Windows Info with error notification: "audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command."

Anybody could help me to solve this problem? :(


Best Regards,
Eko


Last edited by BlaxWalker on Fri Apr 17, 2015 12:29 pm, edited 3 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 08, 2015 1:08 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 180
Location: Massachusetts
What version of the audit script are you using? Post what you have for line 1250 in this script, that may help

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 09, 2015 12:18 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
shanimal wrote:
What version of the audit script are you using? Post what you have for line 1250 in this script, that may help


Hi Shane,

Thank you for your reply. Right now i'm using OAv1.6.2, and also the newest script like instructed by Mark here: http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6418.

This is the line of 1250:
set objrecordset = objcommand.execute

Anything wrong with that line?


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 10, 2015 8:54 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
So the code in question is below.
The problem line is
Code:
set objrecordset = objcommand.execute


Is this PC on a domain?
Try setting debugging to 3 and see what output you get.

Code:
function windows_user_get_attribute (full_ad_domain, attribute, sam_account_name)
   if debugging > "2" then wscript.echo "FullAD: " & full_ad_domain end if
   if debugging > "2" then wscript.echo "Attribute: " & attribute end if
   if debugging > "2" then wscript.echo "SAM: " & sam_account_name end if
   if (full_ad_domain > "") then
      const ads_scope_subtree  = 2
      set objconnection = createobject("adodb.connection")
      set objcommand = createobject("adodb.command")
      objconnection.provider = "adsdsoobject"
      objconnection.open "active directory provider"
      set objcommand.activeconnection = objconnection
      objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & sam_account_name & "'"
      if debugging > "2" then wscript.echo objcommand.commandtext end if
      objcommand.properties("page size") = 1000
      objcommand.properties("searchscope") = ads_scope_subtree
      objcommand.properties("sort on") = "name"
      set objrecordset = objcommand.execute
      error_returned = Err.Number : if (error_returned <> 0 and debugging > "0") then wscript.echo "AD command failed"
      if (isobject(objrecordset)) then
         on error resume next
            objrecordset.movefirst
         on error goto 0
         do until objrecordset.eof
            windows_user_get_attribute = objrecordset.fields(attribute).value
            objrecordset.movenext
         loop
      end if

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 10, 2015 11:41 am 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
Hi Mark,

Yes this is a domain PC, and i've been successful to scan 150 others using "cscript audit_windows.vbs".
This is the error output with debugging=3:

Code:
Audit Location: local
-------------------
system info
windows info
FullAD: OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id
Attribute: physicalDeliveryOfficeName
SAM: ssa'idah
select name, physicalDeliveryOfficeName from 'GC://OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id' where objectCategory = 'person' and sAMAccountName = 'ssa'idah'
\\IDWS-D162\master$\audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command.


Is this caused by the user name which use single quotes (or apostrophe?)?


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 11, 2015 5:32 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
It looks to be the cause, yes.
I'm on the road at the moment, so I'll post a fix next week.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 11, 2015 9:00 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
Quickly get this working. Replace line 1245 in the 1.6.2 audit with:
Code:
objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & escape_wmi(sam_account_name) & "'"


I did not check to see what the script does with a DOMAON with an apostrophe in it. It did work with a WORKGROUP containing one.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 3:01 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
jpa wrote:
Quickly get this working. Replace line 1245 in the 1.6.2 audit with:
Code:
objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & escape_wmi(sam_account_name) & "'"


I did not check to see what the script does with a DOMAON with an apostrophe in it. It did work with a WORKGROUP containing one.


Hi Mark & JPA,

4 Thumbs for your super duper damn great support! But the error still came up with slightly different notification. Here they are:

Code:
Audit Location: local
-------------------
system info
windows info
FullAD: OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id
Attribute: physicalDeliveryOfficeName
SAM: ssa'idah
select name, physicalDeliveryOfficeName from 'GC://OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id' where objectCategory = 'person' and sAMAccountName = 'ssa\'idah'
\\IDWS-D162\master$\audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command.


What should i do now?


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 3:15 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
BlaxWalker wrote:
What should i do now?
Get help from someone who knows what they're doing since it seems I don't. :oops: I'll see what's wrong tomorrow.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 4:27 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
jpa wrote:
Get help from someone who knows what they're doing since it seems I don't. :oops: I'll see what's wrong tomorrow.


Hi JPA,

Great thanks for your great effort and great attention...


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 17, 2015 4:20 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
Replace line 1245 with:
Code:
objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & replace(sam_account_name, "'", "''") & "'"


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 17, 2015 11:23 am 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
jpa wrote:
Replace line 1245 with:
Code:
objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & replace(sam_account_name, "'", "''") & "'"


Hi JPA,

THERE IT IS!!! Finally we can get rid of single quotes and apostrophe! Sorry for my lack of knowledges about VBS, so i always bother you to help me :D

I also have updated this topic to solved so that other people will find this case easily if they have any case like me...

Berjuta terima kasih ya, JPA & Mark!


Regards,
Eko


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group