Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Sun Sep 22, 2019 5:45 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
PostPosted: Wed Feb 13, 2013 7:09 pm 
Offline
Newbie

Joined: Fri Feb 01, 2013 9:00 pm
Posts: 13
Please tell me how audit windows domain (active directory)
When I run script, i have error:
audit_domain_windows.vbs(135, 2) Active Directory: server does not work.
In config I have:
domain_array = array("LDAP://my_domain")

I did not find the settings for the Active Directory.

Thanks for reply


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 14, 2013 5:57 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
That should work. Make sure you've got the domain spelled correctly.


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 14, 2013 7:55 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
And make sure it's the full domain name, not the short one.
IE - ldap://my_domain.com.au and not ldap://my_domain

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 26, 2013 4:23 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Bump - v13 released.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 26, 2013 6:14 pm 
Offline
Newbie

Joined: Tue Mar 16, 2010 10:44 pm
Posts: 25
Location: Germany
You have set debugging to "3" by mistake.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 26, 2013 6:31 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
No mistake - debugging to MAXIMUM!!!
Turn it down to 2, 1 or 0 if you like :lol:

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 26, 2013 7:00 pm 
Offline
Newbie

Joined: Tue Mar 16, 2010 10:44 pm
Posts: 25
Location: Germany
Then - of course - my mistake! :lol:
I took your debugging level entries above as the only allowed values.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 26, 2013 7:14 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Well, that's probably how it _should_ be!
I should really audit the audit script!
0,1,2 are all valid and I think there are a few "if debugging > 2" spot in there, too...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 27, 2013 6:48 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
I totally missed the point of this earlier post by tekkie330 on the updates required for decoding modern Windows keys. Here's v13 attached with updates to hopefully get Windows and Office keys decoded correctly.

However, I'm not sure I've done it the best way and I don't have the greatest test environment because we use Volume License a lot. Basically I took the new decode method that handles Win8 and added in the new Office decode changes. Seems to work in my testing and actually gets the correct Win8 keys which the original v13 does not.

I also added in the Office 2013 decode stuff which is missing in v13. But I don't have Office 2013 installed to test. I'll try to get a VM with Office 2013 to test in but it might take a while.

I also think that the current code will miss Office 20XX 64bit installed on 64bit machines when audited from a 32bit machine. I haven't tested this to check my thinking is correct.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 27, 2013 8:53 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
And I messed it up at the last second with a stupid cut-n-paste typo that breaks all Office and Win key decoding.

In v15 change line 6776 from
Code:
if (isarray(rpk)) then
to
Code:
if (isarray(Key)) then


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 27, 2013 6:22 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Fixed. v16 uploaded :lol:

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Mar 02, 2013 3:24 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
v15 and v16 are identical so my stupid bug isn't fixed yet.

And the Registration Key for Office 64bit installed on Windows 64bit is not audited when using the 32bit SysWOW6432\cscript. So no key decode in your future use case of automatically running the downloaded script on Win64 using 32bit IE.

I could fix this if you want to support that case.


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 06, 2013 11:04 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
jpa wrote:
v15 and v16 are identical so my stupid bug isn't fixed yet.
Uploaded v17 to fix my mis-fix!
jpa wrote:
And the Registration Key for Office 64bit installed on Windows 64bit is not audited when using the 32bit SysWOW6432\cscript. So no key decode in your future use case of automatically running the downloaded script on Win64 using 32bit IE. I could fix this if you want to support that case.
Please do and send it to me.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 06, 2013 7:36 pm 
Offline
Newbie

Joined: Wed Mar 06, 2013 7:11 pm
Posts: 6
hello,

i use the current audit script (audit_windows_v17.vbs) on win7 32bit and 64bit.
it works fine except one thing: when running the audit it always "removes" the org_id set on the audit-server.
am i the only one facing this problem? how can i fix it?

thanks in advance


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 06, 2013 8:29 pm 
Offline
Newbie

Joined: Mon Mar 01, 2010 10:34 pm
Posts: 10
Hi,
With the v17, OS Family for W7&8 doesn't appear, JPA solved the problem by use this :

function os_family(os)
os = replace(os, chr(160)," ")
if InStr(os, " 95") then os_family="Windows 95"
if InStr(os, " 98") then os_family="Windows 98"
if InStr(os, " NT") then os_family="Windows NT"
if InStr(os, "2000") then os_family="Windows 2000"
if InStr(os, " XP") then os_family="Windows XP"
if InStr(os, "2003") then os_family="Windows 2003"
if InStr(os, "Vista") then os_family="Windows Vista"
if InStr(os, "2008") then os_family="Windows 2008"
if InStr(os, "Windows 7") then os_family="Windows 7"
if InStr(os, "Windows 8") then os_family="Windows 8"
if InStr(os, "2012") then os_family="Windows 2012"
end function

also Teamviewer client id's doesn't work, the strKeyPath since to be wrong but with a good one I have the same result :(

''''''''''''''''''''''''''''''''
' TeamViewer 5
''''''''''''''''''''''''''''''''
strKeyPath = "Software\TeamViewer\Version5"
key_name = "TeamViewer 5"
key_edition = ""
key_release = "5"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


strKeyPath = "Software\Wow6432Node\TeamViewer\Version5"
key_name = "TeamViewer 5"
key_edition = ""
key_release = "5"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


''''''''''''''''''''''''''''''''
' TeamViewer 6
''''''''''''''''''''''''''''''''
strKeyPath = "Software\TeamViewer\Version6"
key_name = "TeamViewer 6"
key_edition = ""
key_release = "6"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


strKeyPath = "Software\Wow6432Node\TeamViewer\Version6"
key_name = "TeamViewer 6"
key_edition = ""
key_release = "6"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


''''''''''''''''''''''''''''''''
' TeamViewer 7
''''''''''''''''''''''''''''''''
strKeyPath = "Software\TeamViewer\Version7"
key_name = "TeamViewer 7"
key_edition = ""
key_release = "7"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


strKeyPath = "Software\Wow6432Node\TeamViewer\Version7"
key_name = "TeamViewer 7"
key_edition = ""
key_release = "7"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if

''''''''''''''''''''''''''''''''
' TeamViewer 8
''''''''''''''''''''''''''''''''
strKeyPath = "Software\TeamViewer\Version8"
key_name = "TeamViewer 8"
key_edition = ""
key_release = "8"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


strKeyPath = "Software\Wow6432Node\TeamViewer\Version8"
key_name = "TeamViewer 8"
key_edition = ""
key_release = "8"
subKey = "ClientID"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_text
if IsNull(key_text) then
' do nothing
else
subKey = "LicenseVersion"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_release
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" &

vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" &

vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if


Thanks!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group