Open-AudIT

What's on your network?
It is currently Sun Apr 22, 2018 8:27 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: New audit windows script
PostPosted: Thu Jun 09, 2011 9:45 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
I have uploaded a new "audit_windows.vbs" to the beta 1.1 download page.
Changes include.
org_id able to be set on the command line. If you set this, when the system is submitted, it should automagically set the "man_org_id" on the system. NOTE - It will need a new copy of the file m_system.php which I haven't yet uploaded.

Further monitor manufacturer identification.
I try to account for the returned manufacturer being not relevant (ie - "standard monitor types), by checking this and then checking the model. If a certain model is discovered, we can correctly set the manufacturer. NOTE - if you are seeing returned results with "standard monitor type" set, but the correct model number, please send me the model number and the manufacturer. I can then (manually) account for these in the audit script.

Mount Points are disabled by default. You can enable them by adding skip_mount_point=n on the command line (or changing the default value at the start of the script). NOTE - this also applies to Printers.

Hopefully that will sort out the remaining issue's.

I'll create Beta 1.2 soon (with incorporated OrgID stuff and more).

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 09, 2011 11:34 pm 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Mark,
Ran the new audit_windows.vbs on my Win7 Pro test machine and the "skip_mount_point=y" setting. Ran fine, only shows C: drive but this is an old re-installed machine so I wasn't expecting much. The C: drive did show an interesting serial number though:
MAXTOR 6L040J2 ATA Device
Size: 38,177 MiB
Interface: IDE
Model: MAXTOR 6L040J2 ATA Device
Serial: 3636323230303432363937392020202020202020
which looks more hex than anything else :)
And on the monitor front it was recognized but displayed as:

Manufacturer: @oem7.inf,%acer%;Acer Incorporated
Model: Acer S202HL
Manufacturer Date: 12/2010
Description:
Serial: LR4080114210

(with those "%" signs in the Manufacturer line).
The icon at the right also didn't display (not surprisingly) but didn't default to a generic one

<img width="100" title="" alt="" src="http://SERVERNAME/OAv2/device_images/acer_s202hl.jpg" style="border: 1px solid rgb(219, 217, 197);">

John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 10, 2011 5:58 pm 
Offline
Newbie

Joined: Tue Jun 07, 2011 6:06 pm
Posts: 24
Mark,

One minor issue I've come across is that when auditing a Windows 7 machine the "Last Logged on User" is the last local user to log on rather than the last domain user.

Script works fine for Windows XP & Vista.

Now I've got my machines auditing I have to say OAv2 is looking very promising :D

Cheers,
Gareth

_________________
Auditing 5 companies, 10 sites, 13 servers & 300 workstations.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 17, 2011 5:24 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
gareth wrote:
One minor issue I've come across is that when auditing a Windows 7 machine the "Last Logged on User" is the last local user to log on rather than the last domain user.

I'm not seeing this. However, while looking at the audit_windows.vbs code for last logged on user I see this code which is wrong but still works.
Code:
   oreg.getstringvalue hkey_local_machine, "software\microsoft\windows\currentversion\authentication\logonui", "lastloggedonuser", windows_user_name
   if isnull(windows_user_name) then
      oreg.getstringvalue hkey_local_machine, "software\microsoft\windows\currentversion\authentication\logonui", "lastloggedonsamuser", windows_user_name
      if isnull(windows_user_name) then
         windows_user_name = ""
      end if
   else
      if len(net_domain) > 0 then
         lcase(windows_user_name = windows_user_name & windows_user_domain)
      end if
   end if


If lastloggedonuser is retrieved into windows_user_name successfully we branch to the else statement where we test the len of net_domain. I can't see that net_domain is defined or filled anywhere. Right now this works for me because windows_user_name gets filled with DOMAIN\User and the len(net_domain) test fails so we don't tack on windows_user_domain to the username which already includes it.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group