Open-AudIT

I've noticed that when being run from a central location Winventory (and now Open Audit ) doesn't retrieve mapped drives and connections to Windows printer shares (it only retrieves folder and printer shares that are being shared by the machine that is being audited). Only locally attached printers are detected on each machine. It would be nice to have a list of both the locally attached printers as well as the network printers that are installed on each PC. (the network printers are detected by nmap but this doesn't tell us who is using each printer)

Regarding the Network Printers:

In the printer table in the database the local printers are uniquely identified with the UUID of the machine that they are attached to however the network printers are only listed once. (so we don't know who is using which network printer).

For my own use I've modified Winventory 0.9 Pre 6 and created a separate network_printer table that simply contains a network_printer_id, the UUID of the particular system that the printer is installed on, the printer_caption (i.e. what the user's icon for this printer is named), and the network_printer_system_name (the IP for the printer). This way we can store who has each network printer without creating redundant detailed information for each network printer in the printer table. Then in the summary page for each PC I have a list of all printers (local and networked) that are installed.

For those who would like something similar (or if Mark would like to include it in Open Audit), here's how to do it:

1) Create the network_printer table in your database:

[code]
CREATE TABLE `network_printer` (
`network_printer_id` int(10) unsigned NOT NULL auto_increment,
`network_printer_system_uuid` varchar(100) NOT NULL default '',
`network_printer_caption` varchar(50) NOT NULL default '',
`network_printer_system_name` varchar(45) NOT NULL default '',
PRIMARY KEY (`network_printer_id`),
KEY `id` (`network_printer_system_uuid`),
KEY `id2` (`network_printer_system_name`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
[/code]

2) Change the Insert_Printer function in admin_pc_add_new_4.php to this: (starts at about line 1054)

[code]
function insert_printer ($split){
global $timestamp, $uuid, $verbose, $printer_timestamp ,$old_timestamp;
if ($verbose == "y"){echo "<h2>Printer</h2><br />";}
$extended = explode('^^^',$split);
$printer_caption = trim($extended[1]);
$printer_local = trim($extended[2]);
$printer_port_name = trim($extended[3]);
$printer_shared = trim($extended[4]);
$printer_share_name = trim($extended[5]);
$printer_system_name = trim($extended[6]);
$printer_location = trim($extended[7]);
$printer_model = trim($extended[8]);
$printer_name = NULL;

if (strpos($printer_port_name,'IP_') !== false ) {
// Network Printer
if (strpos($printer_caption,'\\' ) !== false ) { $printer_name = explode("\\", $printer_caption); }
if (strpos($printer_caption,'\\' ) !== false ) { $printer_caption = $printer_name[6]; }
$printer_ip = substr($printer_port_name, 3);
$printer_host_name = nslookup($printer_ip);
$sql = "SELECT count(printer_ip) AS count FROM printer WHERE printer_ip = '$printer_ip'";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
if ($myrow['count'] == "0"){
// Insert
$sql = "INSERT INTO printer (printer_ip, printer_caption, printer_location, printer_model, printer_system_name, printer_timestamp, printer_first_timestamp) VALUES (";
$sql .= "'$printer_ip', '$printer_caption', '$printer_location', '$printer_model', '$printer_host_name', '$timestamp', '$timestamp')";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
} else {
// Update
$sql = "UPDATE printer SET printer_timestamp = '$timestamp', printer_system_name = '$printer_host_name', ";
$sql .= "printer_location = '$printer_location', printer_caption = '$printer_caption', printer_model = '$printer_model' WHERE printer_ip = '$printer_ip'";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
}

//Add to network_printer table
$sql2 = "SELECT count(network_printer_system_name) AS count FROM network_printer WHERE network_printer_system_name = '$printer_ip' and network_printer_system_uuid = '$uuid'";
if ($verbose == "y"){echo $sql2 . "<br />\n\n";}
$result2 = mysql_query($sql2);
$myrow2 = mysql_fetch_array($result2);
if ($myrow2['count'] == "0")
{
// Insert
//$sql2 = "INSERT INTO printer (printer_ip, printer_caption, printer_location, printer_system_name, printer_timestamp, printer_first_timestamp) VALUES (";
//$sql2 .= "'$printer_ip', '$printer_caption', '$printer_location', '$printer_host_name', '$timestamp', '$timestamp')";

$sql2 = "Insert into network_printer (network_printer_system_uuid, network_printer_caption, network_printer_system_name) VALUES ('$uuid', '$printer_caption', '$printer_ip')";

if ($verbose == "y"){echo $sql2 . "<br />\n\n";}
$result2 = mysql_query($sql2);
} else {
// Update
//$sql2 = "UPDATE printer SET printer_timestamp = '$timestamp', printer_system_name = '$printer_host_name', ";
//$sql2 .= "printer_location = '$printer_location', printer_caption = '$printer_caption' WHERE printer_ip = '$printer_ip'";
$sql2 = "UPDATE network_printer SET network_printer_caption = '$printer_caption' WHERE network_printer_system_name = '$printer_ip' and network_printer_system_uuid = '$uuid'";

if ($verbose == "y"){echo $sql2 . "<br />\n\n";}
$result2 = mysql_query($sql2);
}


//End of Add to network printer table
} else {}

if ($printer_port_name == "LPT1:" OR strpos($printer_port_name,'USB') !== false OR strpos($printer_port_name,'DOT') !== false ) {
// Locally Attached Printer
$printer_timestamp = $old_timestamp;
$sql = "SELECT count(printer_uuid) AS count FROM printer WHERE printer_uuid = '$uuid' AND ";
$sql .= "printer_caption = '$printer_caption' AND printer_port_name = '$printer_port_name' AND ";
$sql .= "(printer_timestamp = '$printer_timestamp' OR printer_timestamp = '$timestamp')";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
if ($verbose == "y"){echo "Count: " . $myrow['count'] . "<br />\n\n";}
if ($myrow['count'] == "0"){
// Insert into database
$sql = "INSERT INTO printer (printer_uuid, printer_caption, ";
$sql .= "printer_port_name, ";
$sql .= "printer_shared, printer_share_name, ";
$sql .= "printer_system_name, printer_location,";
$sql .= "printer_timestamp, printer_first_timestamp ) VALUES (";
$sql .= "'$uuid', '$printer_caption', ";
$sql .= "'$printer_port_name',";
$sql .= "'$printer_shared', '$printer_share_name', ";
$sql .= "'$printer_system_name', '$printer_location', ";
$sql .= "'$timestamp', '$timestamp')";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
} else {
// Already present in database - update timestamp
$sql = "UPDATE printer SET printer_timestamp = '$timestamp', printer_location = '$printer_location' WHERE printer_caption = '$printer_caption' AND printer_uuid = '$uuid' AND printer_timestamp = '$printer_timestamp'";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql);
}
} // End of IP detection in printer_port
}

[/code]

3). Add the following code in system_summary.php after the code for the Dollar Value, Asset Number, Description etc

[code]
$SQL = "SELECT * FROM printer WHERE printer_uuid = '" . $pc . "'";
$result = mysql_query($SQL, $db);
if ($myrow = mysql_fetch_array($result)){
do {
if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; }
echo "<tr bgcolor=\"" . $bgcolor . "\"><td valign=\"top\">Printers:&nbsp;</td><td><a href=\"printer_summary.php?printer=" . $myrow["printer_id"] . "&amp;sub=1\">" . $myrow["printer_caption"] . "</a></td></tr>";
} while ($myrow = mysql_fetch_array($result));
} else {
if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; }
echo "<tr><td>Printers:&nbsp;</td><td>None</td></tr>\n";
}

$SQL = "SELECT * FROM network_printer, printer WHERE network_printer_system_name = printer_system_name and network_printer_system_uuid = '" . $pc . "'";
$result = mysql_query($SQL, $db);
if ($myrow = mysql_fetch_array($result)){
do {
echo "<tr><td>Network Printers:</td><td><a href='printer_summary2.php?printer=" . $myrow["network_printer_system_name"] . "'>" . $myrow["network_printer_caption"] . " </td></tr>\n";
//echo "<tr><td>IP Address:</td><td><a href=\"printer_summary2.php?printer=" . $myrow["network_printer_system_name"] . "\">" . $myrow["network_printer_system_name"] . "</a></td></tr>\n";
} while ($myrow = mysql_fetch_array($result));
} else {}
[/code]

I notice that [url=http://www.microsoft.com/technet/scriptcenter/csc/scripts/desktop/configure/cscds011.mspx]this script[/url] does some of what audit.vbs does in returning the installed printers on a PC. However is also returns the current network connections including the current user's mapped drives. This section in particular may be useful to add to the audit:

[code]
Set objNetwork = WScript.CreateObject("WScript.Network")
Set colDrives = objNetwork.EnumNetworkDrives
For i = 0 to colDrives.Count-1 Step 2
objFile.WriteLine colDrives.Item(i) & vbTab & colDrives.Item (i + 1)
[/code]

I've also created a fairly elaborate Call Ticket System by extending what Mark started with Winventory 0.9 if anyone is interested in adding that as well. Let me know and I can clean up the code and put it here for those that are interested.

Well, the only problem I see is that it really is dependent on who is logged into the machine. Connections to windows printer shares are user dependent, so I'm not sure if you could get a decent list of this? If a user (not administrator) connects to a network printer, not everyone gets that connection. Mapped drives are definitely user dependent. In a perfect world, we'd be able to grab all of this, but I don't know about in this world.

Windows XP and newer allows per-machine printer connections as well as per-user.

I haven't looked to see if you can query this information from WMI yet though.

[quote="mikeyrb"]Well, the only problem I see is that it really is dependent on who is logged into the machine. Connections to windows printer shares are user dependent, so I'm not sure if you could get a decent list of this? If a user (not administrator) connects to a network printer, not everyone gets that connection. Mapped drives are definitely user dependent. In a perfect world, we'd be able to grab all of this, but I don't know about in this world.

[quote]Well, the only problem I see is that it really is dependent on who is logged into the machine.

[quote="Mark"][quote]Well, the only problem I see is that it really is dependent on who is logged into the machine.

Has there been any more development on this?