|
Open-AudIT Fellow |
Joined: Thu May 17, 2007 5:47 pm Posts: 568 Location: Italy
|
[quote="jpa"]Maybe a missing WMI timeout variable? See [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3665#p16345]here[/url]. Thank you, it was added to audit.vbs at SVN rev. 1243. TCPview running on the OA host showed persistent RPC connections to every non-domain members audited host, probably caused by the schtasks.exe command. Deleting the oShell object at the end of scheduled tasks auditing seems doing the trick. Before I had lots of errors event ID 529 and 680 logged on non-domain hosts audited using the pc_list_file, repeating endlessly for days until the rpcss service was restarted on the OA host: now I see only some of them during the audit process, until it reaches the end, no more repeating. Hope this update could help.
_________________ Edoardo
|
|