Open-AudIT

Logon script for running an audit from the local machine.

If you want (or need) to run the audit.vbs script locally from a machine and have it send its audit report to your OA server, you can do this at least 2 ways (with multiple variations within them).

1. Copy the Open-AudIT files to the local machine & run audit.vbs using a startup script.
2. Use Group Policy to run audit.vbs using a logon script.


The first thing to do is create a logon script to run the audit.vbs script. I like this one because it runs the script completely hidden to the user:


[code]
' This script will run the Open-AudIT audit script hidden to the user
' Thanks to the Microsoft Scripting Guys for this one!
' http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec07/hey1205.mspx

Const HIDDEN_WINDOW = 0

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW

Set objProcess = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")

objProcess.Create "Cscript.exe \\Pathname\audit.vbs", null, objConfig, intProcessID
[/code]

Copy that code into a text file and save it wherever you like, calling it whatever you want, e.g. OALogon.vbs


The next thing is to get the Open-AudIT files available to the logon script.

I'm going to assume at this point that you've got Open-AudIT working on your server & are familiar with the setup files.
I'm also going to assume that your audit.config file in the scripts folder on your server is setup to send audit reports to itself.
Based on those 2 assumptions, you will need to modify the audit.config file to send the audit reports from an individual machine to the server.



Scenario 1 (Running from Local Machine):
Copy the entire Open-Audit folder that you downloaded onto your OA server to the local machine. Put it anywhere you like & call it whatever you like. In the scripts folder, modify the following lines of the audit.config file:

[code]
audit_location = "r"
verbose = "n"
audit_host="http://YourOAServerName"
strComputer = "."
[/code]

The audit location is now "remote" to the machine that is running audit.vbs.
You don't need verbose mode, since you're hiding the output anyway.
You need to enter the name or IP address of your Open-AudIT server. (even though I have my server set for SSL, this setting is still just http://)
You are now auditing the local machine, which is represented by the "."


Copy the logon script you created above onto the local machine and edit the logon script and replace Pathname in the last line with the full path of where you put the scripts folder on the local machine, e.g:

objProcess.Create "Cscript.exe c:\Open-Audit\scripts\audit.vbs"", null, objConfig, intProcessID

Now you need to pick a startup location to run the logon script. You could just put the logon script (or a shortcut to it) in the startup folder, but a user might delete it. A more typical place would be in the HKLM\Software\Microsoft\windows\CurrentVersion\Run key in the registry.

That's it for Scenario 1.



Scenario 2 (Using Group Policy):

Copy the entire Open-Audit folder that you downloaded onto your OA server to a network share. Put it anywhere you like & call it whatever you like. Make sure you have the the necessary user permissions assigned on the share. Users only need read & execute permissions. In the scripts folder, modify the following lines of the audit.config file:

[code]
audit_location = "r"
verbose = "n"
audit_host="http://YourOAServerName"
strComputer = "."
[/code]

The audit location is now "remote" to the machine that is running audit.vbs.
You don't need verbose mode, since you're hiding the output anyway.
You need to enter the name or IP address of your Open-AudIT server. (even though I have my server set for SSL, this setting is still just http://)
You are now auditing the local machine, which is represented by the "."


Copy the logon script you created above into the logon scripts share for your domain. Edit the logon script and replace Pathname in the last line with the full path of the network share where the scripts folder is, e.g:

objProcess.Create "Cscript.exe \\FileServer1\OpenAudit\scripts\audit.vbs", null, objConfig, intProcessID


Create (or modify an existing) GPO, adding the logon script & link the GPO to the desired machines.

That's it for scenario 2.

_________________
OA Server: Dell 745 running XP SP3 & WAMPP
Auditing ~230 Windows machines using Active Directory.

I'm having some issues with scenario 1...

Im using the latest OpenAudit download (Version 09.03.17)

Here's my setup:

I got a oa.bat that contains:
[code]
@echo off
REM OPEN_AUDIT
wscript.exe "\\pathtomyauditvbs\oa.vbs"
[/code]

This bat file is used in the login script of each machines.

Now, here's the content of my oa.vbs:
[code]
Dim produit
Dim shl

Dim WshNetwork, WshShell, objDrive

Dim strKeyPath, branche, strValueName
Dim DateClient, DateExec, pathAppData

Set WshNetwork = WScript.CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objDrive = WshShell.Environment("process")

strKeyPath = "SOFTWARE\UdeS\Audit"
branche = &H80000002
strValueName = "Date"

pathAppData = WshShell.ExpandEnvironmentStrings("%appdata%")
pathAppData= cstr(pathAppData)

'-------------------------------- Programme -------------------------------------------------------------------------------------

On Error Resume Next

produit = readproduc()
produit = ucase(produit)

'Si cest un serveur on arrete le script
If InStr(produit,"SERVER") Then
WScript.Quit
else
'On va chercher la date du jour
DateClient = ReadDate()
pos = InStr(DateClient,".")
If pos <> 0 then
dateclient = mid(DateClient,pos+1)
End if
dateclient = cdate(DateClient)

'On va chercher la date stocké sur le client
DateExec = readreg(branche, strKeyPath, strValueName)

'Si le poste n'a jamais été audite
If DateExec = "null" or Isdate(DateExec) = false then
' This script will run the Open-AudIT audit script hidden to the user
' Thanks to the Microsoft Scripting Guys for this one!
' http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec07/hey1205.mspx

Const HIDDEN_WINDOW = 0

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW

Set objProcess = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")

objProcess.Create "Cscript.exe \\admsswdd01\gestion$\audit\dev\audit.vbs", null, objConfig, intProcessID

'On enregistre la date du dernier audit
call writereg("HKLM\" & strKeyPath & "\Date", DateClient)
Else
...
End If
End If

'--------------------------------- function readproduc ----------------------------------------------------------------------

Function readproduc()

Dim result

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
result = result & objItem.Caption
Next

readproduc = result

End Function

'--------------------------------------------- Fonction WriteReg ---------------------------------------------------------

Function WriteReg(path,valeur)
'On error resume next
WshShell.RegWrite path, valeur
If err.number <> 0 then
Writereg = "Erreur"
else
WriteReg = "OK"
End If
End Function

'--------------------------------- function readreg ----------------------------------------------------------------------
'Const HKEY_CLASSES_ROOT = &H80000000
'Const HKEY_CURRENT_USER = &H80000001
'Const HKEY_LOCAL_MACHINE = &H80000002
'Const HKEY_USERS = &H80000003
'Const HKEY_CURRENT_CONFIG = &H80000005

Function readreg(clef, KeyPath, ValueName)
dim dwValue,oReg

strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
oReg.GetSTRINGValue clef, KeyPath, ValueName, dwValue
If isnull(dwvalue) then
readreg = "null"
else
readreg = dwValue
End if
End Function

'--------------------------------- fonction ReadDate ----------------------------------------------------------------------

Function ReadDate()
Dim fso, sh, workfile,dateJourPoste,ts,objEnv,WshShell,datejour,SystDrive
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objEnv = WshShell.Environment("process")
Set fso = createobject("scripting.filesystemobject")
Set sh = createobject("wscript.shell")

SystDrive = objEnv("SYSTEMDRIVE")
SystDrive= cstr(SystDrive)
workfile = fso.GetTempName
sh.Run "%comspec% /c date /t > """ & pathAppData & "\" & workfile & """",0,true
Set ts = fso.OpenTextFile(pathAppData & "\" & workfile)
dateJour = ts.readall
ts.close
fso.deletefile pathAppData & "\" & workfile
Set sh = Nothing
Set ts = Nothing
Set fso = Nothing
ReadDate = dateJour
End Function
[/code]

So I've modified the script a tad to update the computers only per X days.

Here's my config file first part:
[code]
'
' Standard audit section
'
audit_location = "r"
verbose = "n"
audit_host="http://serverIP"
online = "yesxml"
strComputer = "."
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "n"
ie_form_page = audit_host + "/openaudit/admin_pc_add_1.php"
non_ie_page = audit_host + "/openaudit/admin_pc_add_2.php"
input_file = "pc_list_file.txt"
[/code]

Anything im doing wrong in here?

Thanks for your help!