Hi
i want to audit our Computers in WindowsDomain (AD 2010). It seems it works fine in the cmd-Box for the clients, here an example of a client:
23.11.2010 19:27:15,ZONW07 - Able to connect to WMI. No username and password provided - therefore assuming local domain PC. PC name supplied: ZONW07 PC name from WMI: ZONW07 User executing this script: administrator System UUID: 76534DBF-3F92-DD11-A5A9-0018F314B3DB IP: 10.136.70.3 Network Info System Info Windows Info Bios Info Processor Info Memory Info Video Info Monitor Info Monitor Info USB Devices Hard Disk Info Partition Info SCSI Cards SCSI Devices Optical Drive Info Floppy Drives Tape Drive Info Keyboard Info Battery Info Modem Info Mouse Info Sound Card Info Printer Info Share Info Mapped Drives Info Local Groups Info Local Users Info Scheduled Tasks Info System Environment Variables Info Event Logs Info Ip Routes Info Pagefile Info Motherboard Info Onboard devices Info AV - Security Center Settings Startup Programs Services Internet Explorer Browser Helper Objects Installed Software Customer specific audits Installed Media Codecs MDAC/WDAC, DirectX, Media Player, IE and OE Versions Firefox Extensions Windows Firewall Settings CD Keys Automatic Updating Settings Audit.vbs Execution Time: 94 seconds. XML sent to server using ServerXMLHTTP: 200 (OK) Total Execution Time: 96 seconds.
But if i check the webconsole or the mysql database there is no additional entries for the scanned client.
The audit.confif file has this entries: ' ' Standard audit section ' audit_location = "r" verbose = "y" audit_host="http://support" online = "yesxml" 'online = "ie" strComputer = "ZONW07" ie_visible = "n" ie_auto_submit = "y" ie_submit_verbose = "n" 'ie_form_page = audit_host + "/openaudit/admin_pc_add_1.php" ie_form_page = "http://winxp01.zgtroot.ads/openaudit/admin_pc_add_1.php" 'non_ie_page = audit_host + "/openaudit/admin_pc_add_2.php" non_ie_page = "http://winxp01.zgtroot.ads/openaudit/admin_pc_add_2.php" 'input_file = "pc_list_file.txt" use_audit_log = "y" keep_audit_log="y"
' ' Email authentication ' '
'email_to = "example@example.com" 'email_from = "example@example.com" 'email_sender = "Open-AudIT" 'email_server = "mail.example.com" ' IP address or FQDN 'email_port = "25" ' The SMTP port 'email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM 'email_user_id = "example@example.com" ' A valid Email account in user@domain format 'email_user_pwd = "some_password" ' The SMTP email password 'email_use_ssl = "false" ' True/False 'email_timeout = "60" ' In seconds 'send_email = "false" ' True/False - Enable/Disable email sending
audit_local_domain = "n" ' ' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap 'domain_type = "nt"
local_domain = "LDAP://ou=ZGT-Online,ou=Gesellschaften,dc=zgtroot,dc=ads" 'local_domain = "LDAP://zgtroot.ads" 'local_domain = "WinNT://zgtroot.ads"
' ' Example Set Domain name for NT ONLY for LDAP use the above format ' NOTE This is Case Sensetive. See the example below. ' 'local_domain = "WinNT://IEXPLORE" 'local_domain = "WinNT://<domainname>" '
hfnet = "n" Count = 0 number_of_audits = 10 script_name = "audit.vbs" monitor_detect = "y" printer_detect = "y" software_audit = "y" uuid_type = "uuid" ' ' Nmap section ' nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder nmap_subnet = "192.168.0." ' The subnet you wish to scan nmap_subnet_formatted = "192.168.000." ' The subnet padded with 0's nmap_ie_form_page = audit_host + "/openaudit/admin_nmap_input.php" nmap_ie_visible = "n" nmap_ie_auto_close = "y" nmap_ip_start = 1 nmap_ip_end = 254 nmap_syn_scan = "y" ' Tcp Syn scan nmap_udp_scan = "y" ' UDP scan nmap_srv_ver_scan = "y" ' Service version detection. nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fast
What could be the reason?
Thanks in advance Marco
|