Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 10:57 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Fri Jan 22, 2010 12:57 am 
Offline
Helper

Joined: Wed Jun 14, 2006 11:14 pm
Posts: 51
Location: Goshen, IN (GMT -4)
I tried searching the forum to see if this had been discussed elsewhere, but I couldn't find it. Anyhow, we have been deploying several Windows XP x64 and Windows 7 x64 machines, and have noticed that while the audit pulls the installed software ok, it doesn't pull the keys for anything - Windows, Office, anything else that may have a key. Is anyone else having this issue, or am I the only one?


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 22, 2010 1:28 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Are you running the latest SVN version, if not, then you may well be unable to audit this information. :shock:

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 22, 2010 2:23 am 
Offline
Helper

Joined: Wed Jun 14, 2006 11:14 pm
Posts: 51
Location: Goshen, IN (GMT -4)
I have been updating at least once a week. I just updated today - including the script - and ran it on my system - Win7 x64 - to no avail.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 22, 2010 2:51 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
:oops: Looks like a bug, anybody else got Win7 64 bit?
Strangely I hadn't noticed that it doesn't work for me either... but then again I am about the only one round here using Windows 7 64bit... Any thoughts.
:shock:

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 28, 2010 2:19 am 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
There are some Additions on a post in this forum to append to the audit.vbs.
Then it will scan "software 64-bit" also. This one is working for me.

I added the changes to audit.vbs on the trunk build i pulled on Jan 07 2010 and its working.
But if i let audit.vbs run from a win7/x64 machine scanning 127.0.0.1 it displays "Software 64-Bit" while scanning but doesnt list any software from the WOW6432node Hive in Database.
Also the script will hang on "scheduled tasks" when running on a win7X64 system.

Did this workaround to fix it...
[code]
ibreaker=0
Do While (ibreaker<200) ' (Not oTF.AtEndOfStream)
sLine = oTF.Readline
ibreaker=ibreaker+1 ' Abfangen Endlosschleife
[/code]

I attached the manual additions to the audit.vbs for collecting 32 and 64 Bit Software here:

[code]
Remove Line "dim software" entirely and you should be fine.

--------------

After ~Line 1029 Add :

OSName = objItem.Caption

'// begin addition for 64bit discovery
if instr(Ucase(objItem.Caption),"X64") then OS64bit = 1
'super hack here, MS got stupid With 2008 and doesn't provide osarchitecture
oReg.GetStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", win_shell
if ( Len(Trim(win_shell)) ) then OS64bit = 1
'// end addition for 64bit discovery

if objItem.OSType = "16" then


---------------------

After ~Line 2576 Add the following (I'm leaving one line before and after my changes for posterity):

Next
'// begin addition for 64bit Software
If OS64bit = 1 Then

comment = "Installed Software 64bit"
Echo(comment)
if online = "p" then
dim software
oIE.document.WriteLn "<div id=""content"">"
oIE.document.WriteLn "<table border=""0"" cellpadding=""2"" cellspacing=""0"" class=""content"">"
oIE.document.WriteLn "<tr><td colspan=""2""><b>Installed Software</b></td></tr>"
end if
On Error Resume Next
strKeyPath = "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE,strKeyPath,arrSubKeys
For Each subkey In arrSubKeys
newpath = strKeyPath & "\" & subkey
newkey = "DisplayName"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
if strValue <> "" then
version = ""
uninstall_string = ""
install_date = ""
publisher = ""
install_source = ""
install_location = ""
system_component = ""
display_name = strValue
newkey = "DisplayVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
version = strValue
if (isnull(version)) then version = "" end if

newkey = "UninstallString"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
uninstall_string = strValue
if (isnull(uninstall_string)) then uninstall_string = "" end if

newkey = "InstallDate"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
install_date = strValue
if (isnull(install_date)) then install_date = "" end if

newkey = "Publisher"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
publisher = strValue
if (isnull(publisher)) then publisher = "" end if

newkey = "InstallSource"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
install_source = strValue
if (isnull(install_source)) then install_source = "" end if

newkey = "InstallLocation"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
install_location = strValue
if (isnull(install_location)) then install_location = "" end if

newkey = "SystemComponent"
oReg.GetDWORDValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
system_component = strValue
if (isnull(system_component)) then system_component = "" end if

newkey = "URLInfoAbout"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
software_url = strValue
if (isnull(software_url)) then software_url = "" end if

newkey = "Comments"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
software_comments = strValue
if (isnull(software_comments)) then software_comments = " " end if

if online = "p" then
software = software & display_name & vbcrlf
end if
form_input = "software^^^" & clean(display_name) & " ^^^" _
& clean(version) & " ^^^" _
& clean(install_location) & " ^^^" _
& clean(uninstall_string) & " ^^^" _
& clean(install_date) & " ^^^" _
& clean(publisher) & " ^^^" _
& clean(install_source) & " ^^^" _
& clean(system_component) & " ^^^" _
& clean(software_url) & "^^^" _
& clean(software_comments) & "^^^"
entry form_input,comment,objTextFile,oAdd,oComment
form_input = ""
end If
Next
End If

'// end addition for 64bit Software
' Include customer specific audits

[/code]


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 06, 2010 9:50 am 
Offline
Helper

Joined: Thu Jun 14, 2007 4:06 am
Posts: 96
Location: Georgia, USA
Here is another option for listing ALL software on 64 bit operating systems.

I've been trying to get Open-Audit to inventory both 32 and 64 bit software on 64 bit operating systems as well. Currently only software under \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall is inventoried. On 64 bit systems, 32 bit software is listed under \SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. What I've done is populate an array with both possible key locations and loop through the software inventory section in audit.vbs. If the system is 32 bit, it only loops once.

Something like this:
[code]Set oShell = CreateObject("WScript.Shell")
OsType = oShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")
If (OsType = "x86") Then
arrKeyPath=Array("SOFTWARE\")
Else
arrKeyPath=Array("SOFTWARE\","SOFTWARE\Wow6432Node\")
End if
For Each strarrKeyPath In arrKeyPath
strKeyPath = strarrKeyPath & "Microsoft\Windows\CurrentVersion\Uninstall"


---- INVENTORY SOFTWARE ----

Next

[/code]
I did the same for the CD keys

Something like this:

[code]
For Each strarrKeyPath In arrKeyPath

''''''''''''''''''''''''''''''''
' MS CD Keys for Office 2007 '
''''''''''''''''''''''''''''''''

Next
[/code]

After this, I put the OS keys outside the loop

I've attached a copy of my audit.vbs. Maybe someone else can try it out.

[attachment=0] File comment: Changes Based SVN 1232 version of audit.vbs
audit.txt [215.27 KiB]
Downloaded 543 times


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 20, 2010 6:46 am 
Offline
Newbie

Joined: Thu May 03, 2007 9:56 am
Posts: 4
Location: San Francisco, CA, USA
jpmorgan, this works good for me. I had only just noticed the problem myself since we just got 10 win7 64 workstations and most of the software wasn't showing up.

Your audit.vbs seems to collect all of the 32 and 64 bit software installed, as well as the ms office 2007 key, which is 32 bit of course. I'm running the script from a Win2008r2 server.

The only bad thing I notice, which may be a separate issue, is that I still can't get the OS key from any Win7 system, 32 or 64 bit. Usually these are just Dell OEM's so I don't really care, but I suppose it'd be nice to have anyway.

Thanks much and good job.


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 02, 2010 12:00 am 
Offline
Newbie

Joined: Mon Mar 01, 2010 11:55 pm
Posts: 1
In order for the script to find your Win 7 keys you have to change this part:

[code]
'''''''''''''''''''''''''''''''''''''''''''''''''
' MS CD Keys for Windows XP, 2000, 2003, Vista and 7 '
'''''''''''''''''''''''''''''''''''''''''''''''''
IsOSXP = InStr(OSName, "Windows XP")
IsOS2K = InStr(OSName, "Windows 2000")
IsOS2K3 = InStr(OSName, "Server 2003")
IsOSVista = InStr(OSName, "Windows Vista")
IsOS7 = InStr(OSName, "Windows 7")
IsOSXP2K2K3WV = CInt(IsOSXP + IsOS2K + IsOS2K3 + IsOSVista + IsOS7)
[/code]


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 14, 2010 9:48 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
Cool. It works for me too. but i have to integrate it each time i call an update from SVN...

will anyone check these working solutions in into SVN so that we can all take advantage of it?


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 16, 2010 1:54 am 
Offline
Newbie

Joined: Wed Feb 06, 2008 3:06 am
Posts: 38
Bump.

This would be good to have in SVN. We're now auditing a lot of 2008 R2 servers. Here's my code addition:

[code]
'''''''''''''''''''''''''''''''''''''''''''''''''
' MS CD Keys for Windows XP, 2000, 2003 and Vista '
'''''''''''''''''''''''''''''''''''''''''''''''''
IsOSXP = InStr(OSName, "Windows XP")
IsOS2K = InStr(OSName, "Windows 2000")
IsOS2K3 = InStr(OSName, "Server 2003")
IsOSVista = InStr(OSName, "Windows Vista")
IsOS2K8R2 = InStr(OSName, "Server 2008 R2")
IsOSXP2K2K3WV = CInt(IsOSXP + IsOS2K + IsOS2K3 + IsOSVista + IsOS2K8R2)
[/code]

With regard to the above fix for 64 bit software, though, this does not appear to work for me. It looks like the script is reading the OS architecture type for the machine running the script. This does not work if I am auditing a 2008 R2 system from a 2k3 x86 sytem remotely. How to adjust so that it uses the value of the target OS?
To be useful for me in the interim, I've adjusted the code above for my purpose of auditing 2008 R2.

[code]
If InStr(OSName, "Server 2008 R2") Then
echo("Detected 2008 R2")
arrKeyPath=Array("SOFTWARE\","SOFTWARE\Wow6432Node\")
Else
arrKeyPath=Array("SOFTWARE\")
End if
For Each strarrKeyPath In arrKeyPath
strKeyPath = strarrKeyPath & "Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE,strKeyPath,arrSubKeys

**Software section**

Next
[/code]

I used the same method as the MS Keys. Since I am not auditing any other 64 bit systems, this fits my purpose at the moment.

_________________
[size=85]OA Server: W2k3/IIS/PHP5/MySQL
Currently auditing 558 servers, 138 Workstations
LDAP=AD, Audit interval ~ once/month[/size]


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 28, 2010 10:58 am 
Offline
Helper

Joined: Thu Jun 14, 2007 4:06 am
Posts: 96
Location: Georgia, USA
I think I've fixed the problem detecting architecture from a remote computer.

I replaced this
[code]Set oShell = CreateObject("WScript.Shell")
OsType = oShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session [/code]

With this:

[code]oReg.GetStringValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\Session Manager\Environment", "PROCESSOR_ARCHITECTURE", OsType[/code]

I've attached my new audit.vbs file. Can someone try it out?

Anyone have any fixes for Server 2008 CD keys?


Attachments:
File comment: Fixed PROCESSOR_ARCHITECTURE
audit.txt [215.25 KiB]
Downloaded 449 times
Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 19, 2010 9:55 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
Mh there is still a problem collecting X64 software that when running any of our vbs scripts

FROM an X64 system (like Win7 or S2k8R2) and auditing an X64 system aswell.

You will only get Software 32 Bit and not Software 64 Bit.

Ive tried all combinations but the vb registry calls ONLY queries 32 Bit even when asking the wow64node key....

Weird. I found a local solution for all environments on the web but dot get it implemented into audit.vbs. :cry:

[code]
strComputer = "172.30.1.253"
strUser="Administrator"
Strpass="password"
Subhive="Software\Microsoft\Windows\CurrentVersion\Uninstall\"
Const HKLM = &h80000002
Set objCtx = CreateObject("WbemScripting.SWbemNamedValueSet")
objCtx.Add "__ProviderArchitecture", 32
objCtx.Add "__RequiredArchitecture", TRUE
Set objLocator = CreateObject("Wbemscripting.SWbemLocator")
Set objServices = objLocator.ConnectServer(strComputer,"root\default",strUser, strPass,,,,objCtx)
Set oReg = objServices.Get("StdRegProv")

WScript.Echo "32-bit Applications"
WScript.echo "-------------------"

Call GetApplications

objCtx.Add "__ProviderArchitecture", 64
objCtx.Add "__RequiredArchitecture", TRUE
Set objLocator = CreateObject("Wbemscripting.SWbemLocator")
Set objServices = objLocator.ConnectServer(strComputer,"root\default",strUser, strPass,,,,objCtx)
Set oReg = objServices.Get("StdRegProv")

WScript.Echo "64-bit Applications"
WScript.echo "-------------------"

Call GetApplications

Sub GetApplications

' Use ExecMethod to call the GetStringValue method

Set Inparams = oReg.Methods_("EnumKey").Inparameters
Inparams.Hdefkey = HKLM
Inparams.Ssubkeyname = subhive
set Outparams = oReg.ExecMethod_("EnumKey", Inparams,,objCtx)

For Each strSubKey In Outparams.snames

Set Inparams = oReg.Methods_("GetStringValue").Inparameters
Inparams.Hdefkey = HKLM
Inparams.Ssubkeyname = Subhive & strSubKey
Inparams.Svaluename = "DisplayName"
set Outparams = oReg.ExecMethod_("GetStringValue", Inparams,,objCtx)
if (""&Outparams.SValue<>"") then
wscript.echo Outparams.SValue
end if

Next

End Sub
[/code]

May any1 of you integrate this into audit.vbs and replace the regarding sections.
I will be happy to test the implemantation tho. :D
thx
Pat


Top
 Profile  
Reply with quote  
PostPosted: Mon May 10, 2010 5:37 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 12:43 am
Posts: 11
Hi,

are there any news about auditing x64 Systems? Got alot of them but can't audit the software :-(


Top
 Profile  
Reply with quote  
PostPosted: Sat May 15, 2010 8:46 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
there are still two issues:

1) collecting the product keys
2) listing software 32 and 64 bit

both are related to:

a) what platform open audit is running on (32 or 64 bit system)
b) what systems are audited (32 and 64 bit systems)

I only found a possible solution which is added in my post above, but im not fit enuf to integrate this working code snips into audit.vbs

if any1 cud do i would appreciate :D


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 12, 2010 11:02 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
:roll:

I tried and managed to make it work!!!!!!
Yh,

attached audit.vbs based on build 1242 is collecting 32- and 64 bit software
this works when running audit.vbs on a x64 platform (eg server 2008R2) and i32 Plattform

Please - would anyone check this in into SVN?

Thx :mrgreen:

Pat


Attachments:
File comment: audit pulling 32 and 64 on 64 bit platform too
audit.zip [41.56 KiB]
Downloaded 536 times
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group