Open-AudIT

What's on your network?
It is currently Wed Apr 25, 2018 8:26 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Wed Aug 08, 2007 10:36 pm 
Offline
Helper

Joined: Thu Jun 14, 2007 4:06 am
Posts: 96
Location: Georgia, USA
I've written a How-to to help myself with disaster recovery. Someone else may find it helpful, so I've posted it below using the "code" designation to maintain formatting.

Code:
Installing Open-AudIT

   Table of Contents

   Preface

   1. Installation of PHP

        Manual Installation Steps
        Set Up a Valid Configuration File For PHP
        Enable Necessary Extensions
        Set the Environment for PHP
        Microsoft Internet Information Server IIS

   2. Installation of MySQL

        Download
        Install
        Configure

   3. Verifying the Installation

        PHPINFO
        Error Reporting

   4. Download and install Open-AudIT

        Release Version
        SVN Version
        SVN Client
        Copy Files to doc_root       

   5. Configuration of Open-AudIT
       
        Config File Permissions
        Setup

   6. Auditing a Computer
     
        Available Options in Audit.config
        Running an Audit

   7. Access Control (optional)

        Create a Group to Contain Authorized Users
        Revoke rights
        Grant Access rights to Groups
        Grant Access Rights for Audit
        Restrict Configuration Changes
        Configure IIS to Use Authentication

   8. Database Maintenance
 
        Backup of the MYSQL Database
        Restore of a MYSQL Database
        Optimize Database
        Manage MYSQL Users

   9. Miscellanous Fixes and customizations
       
_____________________________________________________________________

Preface

   This installation is specific to installation of Open-AudIT on the
   Windows Server 2003 SE SP2 platform running Internet Informattion
   Server (IIS). Open-AudIT SVN 748 was used in making this guide.

   You will need to have a fully functional IIS web server before
   continuing. If you haven't installed IIS, go to Control Panel -->
   Add or Remove Programs --> Add/Remove Windows COmponents then check
   Application Server and click next.
_____________________________________________________________________

Chapter 1. Installation Of PHP

   There are two main ways to install PHP for Windows; either manually
   or by using the installer. Due to problems encountered with the
   installer, the manual method is best and is the method discussed
   here.

   Once you have PHP installed on your Windows system, you must enable
   several of extensions for complete functionality.

Manual Installation Steps

   To get started, go to http://www.php.net/downloads.php and
   download the zip package under Windows Binaries.

   Extract the zip to C:\php.

   The directory structure extracted from the zip is as follows:

   PHP 5 package structure

c:\php
   |
   +--dev
   |  |
   |  |-php5ts.lib
   |
   +--ext                 -- extension DLLs for PHP
   |  |
   |  |-php_bz2.dll
   |  |
   |  |-php_cpdf.dll
   |  |
   |  |-..
   |
   +--extras
   |  |
   |  +--mibs             -- support files for SNMP
   |  |
   |  +--openssl          -- support files for Openssl
   |  |
   |  +--pdf-related      -- support files for PDF
   |  |
   |  |-mime.magic
   |
   +--pear                -- initial copy of PEAR
   |
   |
   |-go-pear.bat          -- PEAR setup script
   |
   |-fdftk.dll
   |
   |-..
   |
   |-php-cgi.exe          -- CGI executable
   |
   |-php-win.exe -- executes scripts without an opened command prompt
   |
   |-php.exe     -- CLI executable - ONLY for command line scripting
   |
   |-..
   |
   |-php.ini-dist         -- default php.ini settings
   |
   |-php.ini-recommended  -- recommended php.ini settings
   |
   |-php5activescript.dll
   |
   |-php5apache.dll
   |
   |-php5apache2.dll
   |
   |-..
   |
   |-php5ts.dll           -- core PHP DLL
   |
   |-...

Set Up a Valid Configuration File For PHP

   The next step is to set up a valid configuration file for PHP,
   php.ini. There are two ini files distributed in the zip file,
   php.ini-dist and php.ini-recommended. Use php.ini-recommended,
   because the default settings in this file are optimized for
   performance, and security. To make this your active configuration
   file, rename php.ini-recommended to php.ini.

     Note: Make sure that the user running the web server has read
     permissions to your php.ini. Right-click php.ini and select
     Properties. In the Security tab make sure that the user group
     "Users" has Read and Read & Execute permissions to this file.
     Repeat this step for the C:\PHP directory so the "Users" user
     group has Read and Read & Execute permissions.

   Edit your new php.ini file. Set the doc_root to point to your web
   servers document_root. For example:

     doc_root = "c:\inetpub\wwwroot"

Enable Necessary Extensions

   The location of extensions is C:\php\ext. You will need to change
   the extension_dir setting in your php.ini to point to the this
   directory. For example:

     extension_dir = "C:\php\ext"

   Enable the extension(s) in php.ini you want to use by uncommenting
   the extension=php_*.dll lines in php.ini. This is done by deleting
   the leading ; from the extension you want to load.

   All extensions required by Open-AudIT are included in the binary
   zip file. You must uncomment the following lines in php.ini in
   order to load each extension:
 
     extension=php_gd2.dll
     extension=php_ldap.dll
     extension=php_mysql.dll

Set the Environment for PHP

   Set the PHPRC environment variable so PHP can find your php.ini
   file.

     * Go to Control Panel and open Start -> Control Panel -> System
     * Go to the Advanced tab
     * Click on the 'Environment Variables' button
     * Look into the 'System variables' pane. (NOT user variable)
     * Click on 'New' and enter 'PHPRC' as the variable name and the
       directory where php.ini is located as the variable value (e.g.
       C:\php)
     
   Modify the Windows PATH environment variable to include the PHP
   directory. This way the PHP DLL files and PHP executables can all
   remain in the PHP directory without cluttering up the Windows
   system directory.

     * Add the C:\PHP directory to your system's PATH variable.
     * Choose Start and right-click My Computer.
     * From the shortcut menu, select Properties.
     * On the Properties page, select the Advanced tab.
     * Click the Environment Variables button.
     * From the list of System variables double-click the Path variable.
     * To the end of the Path variable, add ";C:\PHP".(No quotes!)
     * Restart your server.

   PHP is now setup on your system. The next step is to enable IIS to
   run PHP content.

Microsoft Internet Information Server IIS

   PHP should be installed as a ISAPI module. Do the following:

     * Go to Control Panel -> Administrative Tools -->
       Internet Information Services Manager
     * Right click on your Web server node (this will most probably
       appear as 'Default Web Site'), and select 'Properties'.
     * Under ISAPI Filters
       - Add a new ISAPI filter. Use PHP as the filter
         name, and supply a path to the php5isapi.dll.
     * Under 'Home Directory', do the following:
       - Change the Execute Permissions to 'Scripts only'
       - Click on the 'Configuration' button, and choose the
         Application Mappings tab.
       - Click Add and set the Executable path to the PHP ISAPI DLL
         C:\php\php5isapi.dll. Supply .php as the extension.
       - Check the 'Script engine' checkbox. 
     * Now, click OK a few times.
     * Stop IIS completely (NET STOP iisadmin)
     * Start IIS again (NET START w3svc)

   Add .php as a new Web service extension as follows:

     * Go to Control Panel -> Administrative Tools -->
     * Internet Information Services Manager
     * Go to Web Service Extensions
     * Choose "Add a new Web service extension"
     * enter PHP as the name
     * Choose the Add button
     * For the value browse to the ISAPI file php5isapi.dll
     * Check "Set extension status to Allowed"
     * Click OK.

   Set index.php to be your default content page as follows:

     * Go to Control Panel -> Administrative Tools -->
       Internet Information Services Manager
     * Right click on your Web server node (this will most probably
       appear as 'Default Web Site'), and select 'Properties'.
     * Under the Documents tab, choose Add. Type in index.php
     * click OK.
     * Adjust the order so that index.php is at the top by choosing
       Move Up.

_____________________________________________________________________

Chapter 2. Installation of MySQL

Download

   To get started you'll need to go to http://dev.mysql.com/downloads
   and download MySQL 5.0 Community Server - Generally Available (GA)
   Release. Get the Windows ZIP/Setup.EXE (x86). Do not download the
   beta version.

Install

   Extract the contents of the zip file to a temporary location and
   run setup.exe.

     * Click Next
     * Click Typical Setup
     * Click Install
     * Click next, next, next
     * Check Configure the MYSQL Server now
     * Click Finish

Configure

   In the MYSQL Server Instance Configuration Wizard:
   
     * Click Next
     * Choose Standard Configuration and click next
     * Check "Install as Service" and "Include Bin Directory in
       Windows Path"
     * Click Next
     * Check "Modify Security Settings" and enter a root password
     * Unselect "Create anonymous account"
     * Click Next
     * Click Execute
     * Click Finish

_____________________________________________________________________

Chapter 3. Verifying the Installation

PHPINFO

  At this point you need to verify PHP operation. This involves a test
  to see if IIS recognizes the .php file extension and is able to load
  the appropriate dll extensions commented out in the php.ini file.

  Using notepad, create a file name php.php and place it in the doc_root
  folder c:\inetpub\wwwroot. The file should contain the following:

    <?php
    phpinfo();
    ?>

  On the server hosting IIS, using your browser, go to
  http://localhost/php.php. The PHP configuration options should be
  displayed in your browser. Verify that under PHP Core your have GD,
  LDAP and MYSQL listed. If PHP is configured correctly and these
  extensions are properly enabled, these extensions will be listed.

Error Reporting

  If you have trouble getting the extensions to list properly, enable
  error reporting to help troubleshooting. To enable error reporting
  change the following lines in your php.ini.

    display_errors = on
    display_startup_errors = on

_____________________________________________________________________


Chapter 4. Download and install Open-AudIT

Release Version

  You can download Open-AudIT from
  http://sourceforge.net/projects/Open-AudIT using the "Download
  Open-AudIT" link. The version linked here is the latest release
  version.

SVN Version

  Because Open-AudIT is under development there are several SVN
  (Subversion) versions available with the latest features and bug
  fixes. It is recommended that you download the latest SVN in order
  to take advantage of these additions. To do this you must install
  an SVN client. Tortoise SVN is the recommended client for Windows.
  Download it at http://tortoisesvn.net.

SVN Client

  Tortoise SVN is a shell extension. You must right click the folder
  you wish to to download the files to. Select "SVN Checkout." In URL
  of repository enter the following:

    https://Open-AudIT.svn.sourceforge.net/svnroot/Open-AudIT/trunk
 
  Click OK. The the trunk files will be saved in the "checkout
  directory." 

Copy Files to doc_root

  Copy all files and folders to your doc_root folder
  c:\inetpub\wwwroot.

  It should look something like this:

  c:\inetpub\wwwroot
             |
             +--openoffice
             |
             +--Tutorials
             |   
             +--backup
             |     
             +--images               -- web graphics
             |
             +--images-systems
             |
             +--lang                 -- language files
             |
             |
             +--lib
             |  |
             |  +--ezpdf   -- location of classes used for PDF export
             |
             +--scripts
             |  |
             |  |-audit.vbs          -- VBscript audit file
             |  |
             |  |-audit.conf -- initial copy of audit.vbs config file
             |
             |-..
             |
             |-include_config.php
             |
             |-index.php
             |
             |-admin_pc_add_1.php
             |
             |-admin_pc_add_2.php
             |
             |-..

Chapter 5. Configuration of Open-AudIT

  Once you have downloaded Open-AudIT and copied the files to your
  doc_root folder, there are several configuration changes that need
  to be made.
 
Config File Permissions

  Permissions need to be set on the configuration files so that the
  web interface can write to them, otherwise you will get the
  following error when the setup script checks for write capability:

    include_config.php ... Failed.
    scripts/audit.config ... Failed.

  Write permissions should be given to the IUSR_%COMPUTERNAME% user
  for these two files. By default IUSR_%COMPUTERNAME% has deny write
  checked. If include_config.php doesn't exist, rename
  include_config_defaults.php to include_config.php and set
  permissions as stated. Perform the following steps:

    cd c:\inetpub\wwwroot
    ren include_config_defaults.php include_config.php
    cacls include_config.php /T /E /G IUSR_%COMPUTERNAME%:W
    cacls scripts\audit.config /T /E /G IUSR_%COMPUTERNAME%:W

Setup
 
  From the server hosting IIS, go to http://localhost and step
  through the setup process.

  When you get to the database setup, be sure to choose "I have Root
  access to database." Leave default database settings and enter the
  root password you entered during MYSQL setup. You will also need
  to create a password for the "openaudit" user. They can be the
  same.

  At the end of the setup process you will click the URL
  "Click here to enter Open-AudIT!" At this point you should enter
  and continue with configuration by selecting Admin --> Config
  from the left hand menu. Here you can customize how information
  is displayed, as well as configure LDAP support.

  The Open-AudIT web site should now be operational. Once you audit
  your first computer you will begin to see real inventory data.

_____________________________________________________________________


Chapter 6. Auditing a Computer

  Audits are performed by running the audit.vbs script. This script
  gets its configuration parameters from an audit.config file. These
  two files should be placed in the same directory and may reside on
  the local hard drive or on a remote share.

Available options in Audit.config

  You must configure the audit.config file with the necessary
  options:

  audit_location = "r"
   
    "l"ocal or "r"emote depending on whether the machine you are
    auditing from is the same machine you are posting to (local) or not
    (remote).

  verbose = "y"

    If "y" then you can see the results from the audit.vbs script as
    it does its work. If "n" everything is almost silent.

  online = "yesxml"

    This can be "yesxml" or "ie" and selects whether we submit the
    page via Internet explorer, or directly using XMLPOST, I would
    use yesxml since it doesn't waste the resource of launching ie
    for every audit. yesxml works for me with 80 or so machines in
    about ten minutes or so, depending on what else the machines are
    doing at the time.

  strComputer = ""
   
    Set this to "." to audit just the local machine, for pretty much
    any other purpose, set it to ""

  ie_visible = "n"
 
    only makes sense with online="ie" and lets you see the browser in
    operation.

  ie_auto_submit = "y" 
   
    Ditto, but selects whether the page submits automatically or
    waits for user input, I would use "y".

  ie_submit_verbose = "n"
   
    Does what it says. Submits the ie page with all of the
    information exposed as it is gathered

  ie_form_page = "http://openaudit/openaudit/admin_pc_add_1.php"
 
    This is not too obvious, as it can be almost anything. The
    simplest case is to use
    http://127.0.0.1/openaudit/admin_pc_add_1.php. This will allow
    the script to post to the same box as the OA web server is
    running on. Next we can use an IP address, something like
    http://192.168.0.4/openaudit/admin_pc_add_1.php. This allows us
    to post results from a machine other than the web server, AND
    from the web server. Finally this can me something like
    http://openaudit.mydomain.com/openaudit/admin_pc_add_1.php.
    This allows us to post from anywhere so long as our DNS server
    can resolve openaudit.mydomain.com to the correct IP address and
    no firewall blocks our traffic (and our web server will accept
    requests from the IP address running the VBS script of course).
    (In short this is the page that ie submits to, can be an IP or a
    machine name followed by the folder within htmlroot on the web
    server running the OA web pages.)

  non_ie_page = "http://openaudit/openaudit/admin_pc_add_2.php"

    The page that yesxml submits to, and the page that the ie page
    calls next, so it has to be valid, see previous description.

  nmap_subnet = "192.168.45."           ' The subnet you wish to scan

    Does what it says, but only used by the nmap script.

  nmap_subnet_formatted = "192.168.045." ' The subnet padded with 0's
 
    Does what it says, but only used by the nmap script, bit of a
    fudge, 'cos we should generate this from the above nmap_subnet.

  nmap_ie_form_page = "http://openaudit/openaudit/admin_nmap_input.php"

    Does what it you think it does, the same as the audit page
    ie_form_page, but for the nmap script, see previous ..
    ie_form_page descriptions.

  nmap_ie_visible = "n"

    Likewise , also for the nmap script.

  nmap_ie_auto_close = "y"

    Likewise , also for the nmap script.

  nmap_ip_start = 1
 
    Start of ip range on subnet chosen above.

  nmap_ip_end = 254

    End of ip range on subnet chosen above.

  input_file = ""

    Used to supply a list of PCs and their usernames and passwords,
    these users must have WMI access rights via the network. Note
    administrators without passwords will not by default have these
    rights, do you may have to create a user on each machine for this
    purpose, or set the local administrator user password. If you are
    using a domain, use a somain admin user to do this, or better
    still audit the entire domain using the audit_local_domain option.

  email_to = ""

    Send failed audit emails to whoever@whateverdomain.whatever.

  email_from = ""
 
    Send failed audit emails from whoever@whateverdomain.whatever.

  email_server = ""

    Send failed audit emails to whoever@whateverdomain.whatever,
    via this mail server, as yet there are no SMTP credentials
    supplied, so this may not work for a lot of people. You may be
    able to supply these credentials via your PHP .INI file.

  audit_local_domain = "y"

    Set this to Audit the domain chosen with the next variable.

  local_domain = "LDAP://mydomain.local"

    The AD domain to audit.

  hfnet = "n"

    Use hfnet **experimental** does anybody have this working reliably?

  Count = 0 

    Not sure what this does? Mark?

  number_of_audits = 20

    Maximum number of audit processes to spawn simultaneously when
    doing an audit from the domain.

  script_name = "audit.vbs"
   
    the name for the spawned processes, should always be audit.vbs,
    but you can add a path if you wish.

  monitor_detect = "y"

    Adds monitor type, serial number etc to database.

  printer_detect = "y"

    Adds printer type etc to database.

  software_audit = "y"

    Audits software as well as hardware.

  uuid_type = "uuid"

    Changes the key to the database, can be UUID, MAC Address, or
    System name + Domain.

Running an Audit

  Once you have set the configuration options you can run an audit on
  a single local computer, single remote computer, an entire domain a
  single OU or on a list provided in a text file.

  For these examples remove all nmap_ lines from the config file.
  NMAP scans are an advanced topic and can be disabled by removing
  the options from audit.config.

  Configure ie_form_page and non_ie_page in audit.config with the
  correct server information, then make the appropriate changes below
  depending on the audit type you have chosen. Once you have
  completed customization of audit.config run "cscript audit.vbs".

  Single local computer
   
     audit_location = "r"
     strComputer = "."

  Single remote computer
   
     audit_location = "r"
     strComputer = "computername"

  entire domain
 
     audit_location = "r"
     strComputer = ""
     audit_local_domain = "y"
     local_domain = "LDAP://mydomain.com"

  single ou

     audit_location = "r"
     strComputer = ""
     audit_local_domain = "y"
     local_domain = "LDAP://ou=myou,dc=mydomain,dc=com"

  list provided in a text file

     audit_location = "r"
     strComputer = ""
     input_file = ""

  Audits can be run manually or scheduled on a reoccuring basis. 

  In a domain environment, you can even store the audit.config and
  audit.vbs files on a netlogon share and run the "single local
  computer" audit from a logon script.

     cscript %LOGONSERVER%\NETLOGON\audit.vbs

  Note: This method may slow logons considerably.
_____________________________________________________________________

Chapter 7. Access Control (optional)

  Open-AudIT doesn't yet include sufficient access control features.
  You must use file and folder security permissions to control
  access if you want to use individual local user accounts or Active
  Directory user accounts and groups.

Create a Group to Contain Authorized Users

  You must first create a group to contain your authorized users.
  This group can contain local users, domain users or domain groups.

    * Go to All Programs --> Administrative Tools --> Computer Management.
    * Expand Local Users & Groups
    * Right click Group
    * Select New Group
      - For group name enter OPENAUDITWEB
      - Click Add and select the local or domain users you wish to
        allow access
      - Click Create

Revoke rights

  You must first revoke access to the "Internet Guest Account" and
  "Users" group.

    cacls c:\inetpub\wwwroot /T /E /R IUSR_%COMPUTERNAME%
    cacls c:\inetpub\wwwroot /T /E /R USERS

Grant Access Rights to Groups
 
  Grant change access to the users you want to allow access to
  the web site.

    cacls c:\inetpub\wwwroot /T /E /G OPENAUDITWEB:C

Grant Access Rights for Audit
 
  You must then grant READ permissions to the
  "Internet Guest Account" for the files used for posting audits to
  the web site.

    cd c:\inetpub\wwwroot
    cacls admin_pc_add_1.php /T /E /G IUSR_%COMPUTERNAME%:R
    cacls admin_pc_add_2.php /T /E /G IUSR_%COMPUTERNAME%:R
    cacls include_config.php /T /E /G IUSR_%COMPUTERNAME%:R
    cacls include_style.php /T /E /G IUSR_%COMPUTERNAME%:R
    cacls include_right_column.php /T /E /G IUSR_%COMPUTERNAME%:R
    cacls admin_nmap_input.php /T /E /G IUSR_%COMPUTERNAME%:R

Restrict Configuration Changes

  Revoke access to admin_config.php, database_backup_form.php and
  database_restore_form.php to prevent Open-AudIT users from making
  configuration changes. This will keep members of the access group
  from making modifications to the config via the web.
 
    cd c:\inetpub\wwwroot
    cacls admin_config.php /T /E /R OPENAUDITWEB
    cacls database_backup_form.php /T /E /R OPENAUDITWEB
    cacls database_restore_form.php /T /E /R OPENAUDITWEB
   
  This will grant users in the local "administrators" group rights
  to make configuration changes.

    cd c:\inetpub\wwwroot
    cacls admin_config.php /T /E /G Administrators:F
    cacls database_backup_form.php /T /E /G Administrators:F
    cacls database_restore_form.php /T /E /G Administrators:F

Configure IIS to Use Authentication
   
    You should enable one or more of the following:
     
      Integrated Authentication
      Advanced Digest Authentication
      Basic Authentication (With SSL)

   
    Integrated Authentication

      Integrated Authentication uses (NTLM and Kerberos) to protect
      the user password with a hash. It's a good option if you don't
      want to use SSL. Works well with both IE and Firefox.

      You must configure Internet Information Services
      Manager to use it:
 
        * Go to Control Panel -> Administrative Tools -->
          Internet Information Services Manager
        * Right click on your Web server node (this will most probably
          appear as 'Default Web Site'), and select 'Properties'.
        * Under Document Security
           - Under Authentication and Access Control
              - Click edit
              - Check Integrated Windows Authentication
 
    Advanced Digest

      Advanced Digest protects the user password with a MD5 hash.
      It's a good option if you don't want to use SSL. A Windows
      2003 functional level domain is required. Works well with IE.
      Firefox doesn't seem to work well with this option.
     
      To enable Advanced Digest you must set the USEDigestSSP
      metabase property to true:

        cd c:\inetpub\adminscripts
        cscript adsutil.vbs set w3svc/UseDigestSSP 1

      In addition, you must configure Internet Information Services
      Manager to use it:
 
        * Go to Control Panel -> Administrative Tools -->
          Internet Information Services Manager
        * Right click on your Web server node (this will most probably
          appear as 'Default Web Site'), and select 'Properties'.
        * Under Document Security
           - Under Authentication and Access Control
              - Click edit
              - Check Digest Authentication for Windows Domain
                Servers
   
    Basic Authentication (With SSL)

      Basic Authentication is the least secure but best supported
      among browsers. Because the password is sent unencrypted, it
      should only be used in combination with SSL.
 
      You must configure Internet Information Services
      Manager to use it:
 
        * Go to Control Panel -> Administrative Tools -->
          Internet Information Services Manager
        * Right click on your Web server node (this will most probably
          appear as 'Default Web Site'), and select 'Properties'.
        * Under Document Security
           - Under Authentication and Access Control
              - Click edit
              - Check Basic Authentication

    You must restart the IIS Service for changes to take effect:

      net stop "World Wide Web Publishing Service"
      net start "World Wide Web Publishing Service"

_____________________________________________________________________


Chapter 8. Database Maintenance

Backup of the MYSQL database.

  For disaster recovery you should periodically backup the MYSQL
  database. You can do this manually or schedule it using the
  following command (remove line break _):

    mysqldump -h localhost -u root --password=yourpassword _
    openaudit > Backup.db3

Restore of a MYSQL Database
 
  Use the following process to delete any existing openaudit database
  and restore the database you wish to recover.

    mysqladmin -u root --password=yourpassword drop openaudit
    mysqladmin -u root --password=yourpassword create openaudit
    mysql -u username -p yourpassword database_name < dump.sql

  After you import the mysql database on the new machine, execute
  mysqladmin flush-privileges so that the server reloads the grant
  table information.

    mysqladmin -u root --password=yourpassword flush-privileges

  This is an excellent way to relocate your inventory to another
  server.

Optimize Database

  Compress is a misnomer. You need to export, drop database, create
  database and import the database. You can also perform an optimize
  table for each of your tables.

Manage openaudit Database From Microsoft Access

  You can allow custom queries and maintenance on the OpenAudIT
  database from Microsoft Access. To do this you must create a user
  for the connection. Create a readonly user to allow access to the
  database without allowing changes. Create a writable user to allow
  changes from Access.
 
  Add a readonly user (remove line break _):

    mysql -u root --password=rootpass --execute="GRANT SELECT on _
     openaudit.* TO readuser@'%.%.%.%' Identified by 'readpass';"
    mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;"

  Here you created a new database user "readuser" with password
  "readpass", who has only SELECT access right to the database
  "openaudit".
 
  Add a writable user (remove line break _):

    mysql -u root --password=rootpass --execute="GRANT ALL on _
     openaudit.* TO writeuser@'192.%.%.%' Identified by 'writepass';"
    mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;"
   
  Here you created a new database user "writeuser" with password
  "writepass", who has ALL access rights to the database
  "openaudit". Access is restricted by IP address mask 192.*.*.*.

  Connect using ODBC Connector

    Follow the instruction listed below to connect using one of the
    users you have created:

http://www.washington.edu/computing/web/publishing/mysql-access-3.5.html

  Remove a user (remove line break _):

    If you need to remove a user you can do so as follows:

    mysql -u root --password=rootpass --execute="delete from user _
     where user='username';"
    mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;"

_____________________________________________________________________

Chapter 9. Miscellanous Fixes and customizations

   In current user, under System Summary, you may be missing the \
   in domain\username.
   
     Looks like the problem is in admin_pc_add_2.php at about line 177
     
     Code:

     foreach ($input as $split) {
       $split = stripslashes($split);
       $split = mysql_real_escape_string($split); 

     Comment out "$split = stripslashes($split); "

   Create Temporary SSL Certificate

     This is a good way to add SSL support if you don't need a real
     certificate. Install SELFSSL from the IIS 6.0 Resource Kit. From
     the server with IIS installed run the command:
     
       "selfssl /V:7300 /N:CN=hostname.domainname.topleveldomain"

   Fix multiple listings in LDAP query in Computer Details

     look in ldap_details.php for the following code
     (remove line break _).

     Code:

     }
      if ($record_type=="computer"){ _
      $attributes = array("name","description","operatingsystem", _
      "operatingsystemservicepack","operatingsystemversion", _
      "location");
      $filter = "(&(objectClass=computer)(objectCategory=computer) _
      (|(samaccountname=".$name.chr(42).")(name=".$name.chr(42).") _
      (displayname=".$name.chr(42).")(cn=".$name.chr(42).")))";
     }
 
     Take out the .chr(42) references then it should do an exact match.

   Create and Initialize database

     If you have trouble creating the database through the web setup
     page, try creating the database by hand. To do this, connect to
     your mysql using the command line. Create the database using the
     CREATE command, see:

       http://dev.mysql.com/doc/refman/5.1/en/create-database.html
 
     next USE it, see:

       http://dev.mysql.com/doc/refman/5.1/en/use.html

     Paste the contents of SCRIPTS\open_audit.sql to the command line
     interpreter. This will create all of the tables etc.

   Internet Explorer 7 Disappearing Sub Menu
     
     In Internet Explorer 7, when selecting a sub menu from the left
     hand menu, the sub menu disappears before you can select it.
     This problem can be fixed by eliminating the margin and
     padding on the right side of the main menu.

     In default.css change the following section:

       Code:
       ul#primary-nav li a {
         display: block;
         text-decoration: none;
         color: #777;
         margin: 2px;
         padding: 5px;
         border: 1px solid #ccc;
         }

     To this:

       Code:
       ul#primary-nav li a {
         display: block;
         text-decoration: none;
         color: #777;
         margin: 0px;
         padding: 5px;
         padding-right: 0px;
         border: 1px solid #ccc;
         }


Top
 Profile  
Reply with quote  
PostPosted: Wed May 26, 2010 6:36 pm 
Offline
Newbie

Joined: Wed May 26, 2010 6:31 pm
Posts: 1
thanks for this guide but i guess it is somwhat out of date now. In the enableing IIS to run PHP content section you write "Click Add and set the Executable path to the PHP ISAPI DLL C:\php\php5isapi.dll. Supply .php as the extension." I cannot find php5isapi.dll anywhere. Could you please clarifty the correct steps?
TIA


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 05, 2011 9:03 pm 
Offline
Newbie

Joined: Tue Jan 04, 2011 10:55 pm
Posts: 1
Thanks for posting your personal guide. I've been looking for this because I lost my guide manual. I'll see if it will work.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group