Open-AudIT

What's on your network?
It is currently Thu Apr 26, 2018 7:52 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Mon Aug 06, 2012 4:17 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Non-admin audits are missing a very few things in OA v2. Not much but they're not complete. Some stuff might be missed in OA v1 as well. Diff a run as admin and non and you'll see what, if anything, is missing.


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 06, 2012 5:51 pm 
Offline
Newbie

Joined: Fri Jul 27, 2012 4:46 pm
Posts: 13
Well if I run the script with scheduled task as a non admin user I get this

Code:
VNC Viewer 5.0.1    5.0.1    RealVNC Ltd    2012-08-03    11:16    
VNC Server 5.0.1    5.0.1    RealVNC Ltd    2012-08-03    11:16    
VNC Printer Driver 1.8.0    1.8.0    RealVNC Ltd.    2012-08-03    11:16    
Microsoft Office Office 64-bit Components 2010    14.0.6029.1000    Microsoft Corporation    2012-07-20    10:01    
Microsoft Office Shared 64-bit MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-07-20    10:01    
Conexant HD Audio    8.50.5.0    Conexant    2012-07-20    09:08    
DW WLAN Card Utility    5.60.48.35    Dell Inc.    2012-07-20    09:08    
Microsoft Visual C 2005 Redistributable (x64)    8.0.56336    Microsoft Corporation    2012-07-20    09:08    
Microsoft Visual C 2008 Redistributable - x64 9.0.30729.17    9.0.30729    Microsoft Corporation    2012-07-20    09:08    
Codec - Audio - l3codeca    1.9.0.401    Fraunhofer Institut Integrierte Schaltungen IIS    2012-07-20    09:08    
MDAC    6.1.7601.17514    Microsoft Corporation    2012-07-20    09:08    
DirectX 9c    4.09.00.0904    Microsoft Corporation    2012-07-20    09:08    
Windows Media Player    12,0,7601,17514    Microsoft Corporation    2012-07-20    09:08    
Internet Explorer    9.0.8112.16421    Microsoft Corporation    2012-07-20    09:08    
Microsoft Windows 7 Professional    6.1.7601    Microsoft Corporation    2012-07-20    09:08


When I run it the script as a non admin user with cscript I get this

Code:
7-Zip 9.20    9.20.00.0    Igor Pavlov    2012-08-06    09:49    
Adobe Reader 9.3    9.3.0    Adobe Systems Incorporated    2012-08-06    09:49    
Cisco EAP-FAST Module    2.2.14    Cisco Systems, Inc.    2012-08-06    09:49    
Cisco LEAP Module    1.0.19    Cisco Systems, Inc.    2012-08-06    09:49    
Cisco PEAP Module    1.1.6    Cisco Systems, Inc.    2012-08-06    09:49    
Codec - Audio - l3codeca    1.9.0.401    Fraunhofer Institut Integrierte Schaltungen IIS    2012-07-20    09:08    
Conexant HD Audio    8.50.5.0    Conexant    2012-07-20    09:08    
DirectX 9c    4.09.00.0904    Microsoft Corporation    2012-07-20    09:08    
DW WLAN Card Utility    5.60.48.35    Dell Inc.    2012-07-20    09:08    
Intel(R) Management Engine Components    7.0.0.1144    Intel Corporation    2012-08-06    09:49    
Intel(R) Processor Graphics    8.15.10.2418    Intel Corporation    2012-08-06    09:49    
Internet Explorer    9.0.8112.16421    Microsoft Corporation    2012-07-20    09:08    
MDAC    6.1.7601.17514    Microsoft Corporation    2012-07-20    09:08    
Microsoft Office Access MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Excel MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Groove MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office InfoPath MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Office 64-bit Components 2010    14.0.6029.1000    Microsoft Corporation    2012-07-20    10:01    
Microsoft Office OneNote MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Outlook MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office PowerPoint MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Professional Plus 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Proof (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Proof (English) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Proof (French) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Proof (German) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Proofing (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Publisher MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Office Shared 64-bit MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-07-20    10:01    
Microsoft Office Shared MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49
Microsoft Office Word MUI (Dutch) 2010    14.0.6029.1000    Microsoft Corporation    2012-08-06    09:49    
Microsoft Visual C 2005 Redistributable (x64)    8.0.56336    Microsoft Corporation    2012-07-20    09:08    
Microsoft Visual C 2008 Redistributable - x64 9.0.30729.17    9.0.30729    Microsoft Corporation    2012-07-20    09:08    
Microsoft Windows 7 Professional    6.1.7601    Microsoft Corporation    2012-07-20    09:08    
Realtek Ethernet Controller All-In-One Windows Driver    1.12.0019    Realtek    2012-08-06    09:49    
SUNIX Multi-IO Controller    7.2.0.0    SUNIX Co., Ltd.    2012-08-06    09:49    
VNC Printer Driver 1.8.0    1.8.0    RealVNC Ltd.    2012-08-03    11:16    
VNC Server 5.0.1    5.0.1    RealVNC Ltd    2012-08-03    11:16    
VNC Viewer 5.0.1    5.0.1    RealVNC Ltd    2012-08-03    11:16    
Windows Media Player    12,0,7601,17514    Microsoft Corporation    2012-07-20    09:08


But I find it weird the scheduled task still show a little information but not all.

edit: I just put the script in the startup folder of a user and that works but that's not the way I want to do it because users can manually execute it then.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 07, 2012 1:14 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
The audit code basically steps through these two keys for the installed software:
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Review these keys for expected software entries and maybe check the permissions to these keys as well.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 08, 2012 9:00 pm 
Offline
Newbie

Joined: Fri Jul 27, 2012 4:46 pm
Posts: 13
The permissions are ok.

I give it up. I tried about everything I don't get how people get it working on W7 & W2K8 with UAC turned on. Those 2 OS's are just flawed when it comes to executing a script. I don't see why it would let me execute it manually but with a GPO as a scheduled task it doesn't.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 08, 2012 10:39 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
I just audit ours from a PC that uses Domain Admin creds...
I don't use logon scripts.
That's just me though.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 08, 2012 11:18 pm 
Offline
Newbie

Joined: Fri Jul 27, 2012 4:46 pm
Posts: 13
You don't use logon scripts how do you audit then? Somehow you have to run the audit.vbs script right?


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 09, 2012 1:26 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I linked to the Howto earlier. Read that.

Basically you make sure the Windows Firewall on the clients allows remote admin, set the local_domain property in audit.vbs as appropriately and run "cscript audit.vbs" using and account with admin credentials on the target computers.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 09, 2012 2:03 am 
Offline
Newbie

Joined: Fri Jul 27, 2012 4:46 pm
Posts: 13
Ah yes I see that way.

Anyways I found the problem. It's a really stupid mistake I made, I'm ashamed :oops:

Because I upgrade OpenAudit there was a new audit.vbs script. I created a Test OU in my Active Directory to test the script on a single PC.
I set block inheritance so no other GPO would conflict. But I only placed the Computer Object in that test OU and not my User Object. The GPO applied to the test OU contained User setting instead of a Computer. Because my User account wasn't in the OU the inheritance block wouldn't apply and it would still execute my old audit.vbs. I guess the old script wouldn't collect all the information because I didn't see all the software and when I executed the new script manually it would.

So thank you guys for helping I hope I didn't waste your time too much :P


Soon I will upgrade to OAV2 too :twisted:


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ]  Go to page Previous  1, 2

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group