Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Current Windows audit script https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5864 |
Page 3 of 4 |
Author: | Mark [ Wed Mar 06, 2013 9:08 pm ] |
Post subject: | Re: Current Windows audit script |
[quote="losh"]when running the audit it always "removes" the org_id set on the audit-server. am i the only one facing this problem? how can i fix it? Thanks for the Bug Report. I'll fix it for the next release. UPDATE - Now fixed in my code. It will be in the next release. |
Author: | Mark [ Wed Mar 06, 2013 9:12 pm ] |
Post subject: | Re: Current Windows audit script |
Uploaded v18 - thanks for the Bug catching Franck! |
Author: | jpa [ Sat Mar 09, 2013 7:11 am ] | ||
Post subject: | Re: Current Windows audit script | ||
Audit v18 modification which should handle the 32/64bit audit process differences better. Basically if we have a 64bit target I made oreg native to the target architecture and not the audit machine. Then I added a 32bit o32reg for one of the software passes. This should also fix other problems encountered on a 64bit machine when auditing from a 32bit process. I removed the software dump from Win32_Product. Can someone remind me why this is done? Does Win32_Product cover software that is not in the registry uninstall keys? It seems like it was just duplicated data in testing my script. I made some major changes so this should probably be tested. I have tested it and it looks good but you never know.
|
Author: | jpa [ Wed Mar 13, 2013 7:06 am ] |
Post subject: | Re: Current Windows audit script |
Super minor DirectX version detection addition for Win8 + Server 2012. if dx_version = "6.00.6002" then dx_name = "DirectX 11" end if if dx_version = "6.02.8250" then dx_name = "DirectX 11.1" end if if dx_version = "6.02.9200" then dx_name = "DirectX 11.1" end if if dx_name = "" then dx_name = "DirectX (unknown version)" end if |
Author: | thiras [ Thu Mar 14, 2013 12:19 pm ] |
Post subject: | Re: Current Windows Audit Script |
[quote="Mark"][quote="chris_2006"]Is there already a audit_domain script available for version 2? Of course. It's in the download under the "other" directory. The domain audit script in the other directory has no verbose (debugging) setting. Will the code be added in the near future? I would like to have debugging=0 in the domain audit script. Is there any other way to acheive this? Thanks! |
Author: | jpa [ Thu Mar 14, 2013 12:38 pm ] |
Post subject: | Re: Current Windows audit script |
The audit_domain.vbs script calls the audit_windows.vbs script once for each domain machine it finds. Set debugging=0 in audit_windows.vbs and you should be fine. Not really sure why this is necessary as audit_domain spawns a shell for each audit. So you'll have twenty windows with black rather than 20 windows with debug information. Oh, wait... You want to hide the output of audit_domain.vbs. Just edit the audit_domain.vbs script and put a single quote (') at the beginning of any line that starts with "wscript.echo". |
Author: | thiras [ Thu Mar 14, 2013 1:25 pm ] |
Post subject: | Re: Current Windows audit script |
[quote="jpa"]The audit_domain.vbs script calls the audit_windows.vbs script once for each domain machine it finds. Set debugging=0 in audit_windows.vbs and you should be fine. Not really sure why this is necessary as audit_domain spawns a shell for each audit. So you'll have twenty windows with black rather than 20 windows with debug information. Oh, wait... You want to hide the output of audit_domain.vbs. Just edit the audit_domain.vbs script and put a single quote (') at the beginning of any line that starts with "wscript.echo". Commenting out all wscript.echo lines in audit_domain_windows.vbs worked! Thank you very much! |
Author: | jpa [ Fri Mar 15, 2013 1:28 am ] |
Post subject: | Re: Current Windows audit script |
Any particular reason you need to hide the audit_domain output? |
Author: | thiras [ Fri Mar 15, 2013 1:57 am ] |
Post subject: | Re: Current Windows audit script |
[quote="jpa"]Any particular reason you need to hide the audit_domain output? I do not feel like clicking OK a zillion times. |
Author: | jpa [ Fri Mar 15, 2013 2:07 am ] |
Post subject: | Re: Current Windows audit script |
You should not run the audit script by double-clicking on it. By default this runs in wscript and you get dialog boxes for script output. You should start a cmd prompt and run "cscript audit_windows.vbs". This way you can see what the script is doing but not one line at a time with a click. |
Author: | Franck [ Fri Mar 22, 2013 6:38 pm ] | ||
Post subject: | Re: Current Windows audit script | ||
Dear all, Please find in attachment the last audit windows script (v18_jpa) where i modified / added some key: -Teamviewer -> not a string value but a dword value, now it's working, you have the client ID in OA. -Autocad LT -> all -> 2013 (32&64) -Autocad Full -> all -> 2013 (32&64) -Autocad Map 3D -> 2009->2013 (32&64) -Product design suite standard 2013 -Navisworks Manage / Simulate 2013 -Acrobat 10 & 11 -> installation date because the serial isn't anymore in registry... Have a nice day Franck
|
Author: | jpa [ Sat Mar 23, 2013 1:16 am ] |
Post subject: | Re: Current Windows audit script |
Thanks. It seems like we should have some sort of looping structure for the many registry pulls in the script. There are many repeated code chunks where the only thing that changes is the release or name. So we have code for TeamViewer 5, 6, 7, 8 and 5-, 6-, 7-, 8-64bit. The only thing that changes is the strKeyPath, key_name and key_release. And as we add newer versions over time we get lots more code where a couple lines added to an array we loop over would do it. (Not to pick on Franck's TeamViewer stuff as this is how it's done everywhere in the script.) We could reduce this down to unique registry pull code and loop over a list of the things that change. |
Author: | jpa [ Sat Apr 13, 2013 4:51 am ] |
Post subject: | Re: Current Windows audit script |
v18 bugs [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6058#p21560]Some instances of testing against string "True"[/url] rather than boolean True which breaks on localized Windows. [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6058#p21575]New code to continue audit[/url] if domain lookup fails is causing all domain info lookups to fail |
Author: | octavius [ Fri Apr 19, 2013 9:38 pm ] |
Post subject: | Re: Current Windows audit script |
Hello, I have returned back to Open Audit after a long absence. Wow, things have changed a lot and it had got even better. I have started auditing my customers and most have been fine until I wanted to audit an SBS2008 server which errors once it hits the SQL Server element. This is being run as Administrator in a command prompt and the user is Domain admin. I think it maybe a SQL rights issue but would appreciate any advice you may have. Thank You DB Name: model DB Name: msdb DB Name: SharePoint_AdminContent_d4e397f2-a27a-48a0-a628-d25db6672bab DB Name: SharePoint_Config_29c26fca-17b8-48c1-9704-b869932abcb6 DB Name: ShareWebDb DB Name: SUSDB DB Name: tempdb DB Name: WSS_Content DB Name: WSS_Search_WIN-EUGSO7LO7PY DB Instance: ACRONISBR DB Count: 10 DB Name: master DB Name: model DB Name: msdb DB Name: SharePoint_AdminContent_d4e397f2-a27a-48a0-a628-d25db6672bab DB Name: SharePoint_Config_29c26fca-17b8-48c1-9704-b869932abcb6 DB Name: ShareWebDb DB Name: SUSDB DB Name: tempdb DB Name: WSS_Content DB Name: WSS_Search_WIN-EUGSO7LO7PY IIS 6 Installed C:\Hold\audit_windows - Emas2.vbs(4068, 4) Microsoft VBScript runtime error: Type mismatch: 'ubound' |
Author: | Mark [ Sat Apr 20, 2013 8:59 pm ] |
Post subject: | Re: Current Windows audit script |
Octavius - which version of the audit script are you using? Even better, rename it audit_windows.txt and attach it here please. |
Page 3 of 4 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |