Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Creating a scheduled audit task upon login https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2177 |
Page 1 of 1 |
Author: | qc_metal [ Wed Feb 28, 2007 6:00 am ] |
Post subject: | Creating a scheduled audit task upon login |
I've been working on a scheduled task creation process for our users here... Now, I do have a scheduled task running from the server that scans an OU, but this one will be set at the user level through login scripts. In my example, I have specified that the audit will run at the same time on Mondays, Wednesdays, and Fridays - randomly generated in the script, between times of 8:00am and 4:00pm, according to their local timezone (this code is sloppy, I know, but it works). This utilizes the at command - - - I almost had it working with schtasks.exe but ran into a problem where I could no longer create the task in the system context (which at does quite nicely). When run, the user running it needs to have administrative capabilities to create the task, but you could use something like cpau.exe to do this if your users are "underprivileged" This is a work in progress, as I would like to add more options (i.e. specifying a time via command-line, and more). However, you will note that you can specify a computer name and script path through the command-line currently, which means you can use it to create a task on a remote computer. [code] Set objArgs = WScript.Arguments Set objShell = CreateObject("WScript.Shell") If objargs.count < 1 Then Set WshNetwork = CreateObject("WScript.Network") strComputer = WshNetwork.ComputerName Else For I = 0 to objArgs.Count - 1 If InStr(1,LCase(objargs(I)),"computer:") Then arrComputer = split(lcase(objargs(I)),"computer:") strComputer = arrComputer(1) ElseIf InStr(1,LCase(objargs(I)),"script:") Then arrScript = split(lcase(objargs(I)),"script:") sAuditScriptCommand = arrScript(1) Else End If Next End If iGenTime = genTime '******************************************************************* 'Path to audit.vbs sDefaultAuditScript = "\\yourserver\scripts$\audit.vbs" 'Days of week to run. Use this parameter to schedule the task to run on the specified day or days of the week or month, for example, every Friday or the eighth day of every month. Specify date as one or more days of the week (use the following abbreviations: M,T,W,Th,F,S,Su) or one or more days of the month (use the numbers 1 through 31). Make sure that you use commas to separate multiple date entries. If you omit this parameter, the task is scheduled to run on the current day. sDaysOfWeekToRun = "M,W,F" 'sTimeToRun = "" '******************************************************************* If sAuditScriptCommand = "" then sAuditScriptCommand = chr(34) & sDefaultAuditScript & chr(34) Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItems = objWMIService.ExecQuery("SELECT Command FROM Win32_ScheduledJob") For Each objItem In colItems If instr(lcase(objItem.Command),sDefaultAuditScript) then bFileExists = "true" 'msgbox "The job exists" wscript.quit Else bFileExists = "False" 'msgbox "The job does not exist" End If 'WScript.Echo "Command: " & objItem.Command Next Set objShell = CreateObject("WScript.Shell") on error resume next strCmd = "at \\" & strComputer & " " & IgenTime & "/every:" & sDaysOfWeekToRun & " cscript.exe " & chr(34) & sDefaultAuditScript & chr(34) Set objExecObject = objShell.Exec(strCmd) 'sstatus = objExecObject.stdout.readall 'wscript.echo sstatus '****************************** 'Find out if a file exists '****************************** Function ReportFileStatus(filespec) on error goto 0 Set fso2 = CreateObject("Scripting.FileSystemObject") If (fso2.FileExists(filespec)) Then msg = "exists" 'msgbox msg Else msg = "does not exist" 'msgbox msg End If ReportFileStatus = msg End Function '****************************** 'Create a random time '****************************** 'random time generation, Function genTime Randomize ' Initialize random-number generator. intHour = Int((10 * Rnd)) if intHour < 8 then inthour = inthour + 10 if intHour > 15 then inthour = inthour - 2 'msgbox inthour minutes = Int((59 * Rnd) + 1) ' Generate random value between 1 and 6. If Len(minutes) = 1 Then minutes = "0" & minutes genTime = intHour & ":" & minutes 'msgbox runtime End Function 'genTime [/code] |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |