Open-AudIT
https://www.open-audit.org/phpBB3/

Current Windows audit script
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5864
Page 1 of 4

Author:  Mark [ Fri Apr 27, 2012 12:02 pm ]
Post subject:  Current Windows audit script

DO NOT USE
If you are running v1 or above, please use the audit script that comes in the download.
If you are using a version below v1, please upgrade.
The attached script will not work in v1 and above and is no longer supported.







Am making this a sticky so we can always grab the latest audit script from this thread.
I will keep the attachment to this post updated with the latest.
You will need to rename it from audit_windows.txt to audit_windows.vbs in order to run it (no .vbs attachments allowed).

The first is from the discussions in the Beta5 threads.

I have added some checks for IIS5 so they should audit.
I am not having any luck auditing IIS 5 (or IIS 5.1) on WinXP. Win2k seems fine.

I have changed the "last logged on user" section to specifically audit one way or the other depending on the Windows version.
I have added a couple of variables to check for a users Active Directory work unit. If #1 produces no result, it tries #2. Leave these blank if you dont want anything returned.
I have added a flag to not audit software - this is useful in testing so you can quickly skip the software if you don't need it.
skip_software = "y" will not audit installed software.
skip_dns = "y" will not attempt to resolve DNS for static IP Addresses.

All attributes are able to be set via the command line.

Not all attributes are set for production.
It is set to create a file and not submit online.
Debugging is set to 2 (very verbose).
Software is audited - you may wish to disable for faster script running when testing.



Current as at 2012-04-27 (v1) is attached.

New script uploaded (v2) as at 2012-05-09. Fixed Win2k Keys and Win2k network section.
EDIT - v2 re-uploaded.

New script uploaded (v3) as at 2012-05-21. Added DNS entries for any systems with a static IP (think servers).

New script uploaded (v4) as at 2012-06-04. Accounts for Windows 8 in the os_family section.

New script uploaded (v5) as at 2012-06-04. Error checking if no AD user returned.

New script uploaded (v6) as at 2012-06-04. Fixed broken v4 / v5. :oops:

New script uploaded (v7) as at 2012-06-16. Have been trying to detect SQL better. Should show version, edition and enumerate DBs in all instances as well as SQL Express. Please try this and post if it doesn't work for you.

New script uploaded (v7_1) as at 2012-06-18. A couple of SQL Express fixes. NOTE - if SQL Express does not have it's databases listed when runnig the script remotely, try copying the script to the machine in question and running it locally. I am getting mixed results, but it should always work locally. I think you have to explicitly enable network logons when configuring SQL Express - not sure... Running it locally should work though.

New script uploaded (v7_2).

New script uploaded (v8) as at 2012-06-26. Heaps of fixes for printers. Should only detect actual printers that exist. Network printers are pinged. USB printers are detected. Software printers are excluded. DOT4 (mainly HP) printers cannot be detected, so are assumed to exist (same for LPT1). Duplex and colour abilities are detected. Debugging is set to 2 (very verbose), will submit online, will not create a file.

New script uploaded (v8_1) as at 2012-06-27. More printer fixes.

New script uploaded (v9) as at 2012-07-18. This is the script from beta6.

New script uploaded (v10). Extra software retrieved (32bit) when auditing a 64 bit system. Thanks dhawkshaw.

New script uploaded (v11) as at 2012-09-15. Option to ping before attempt to audit. Fixed Win32_USBDevice in printers section.

New script uploaded (v12) as at 2012-10-03. Added "create file" ability when a system is offline and details taken from AD. Increased the number of allowable IP addresses on a system from 20 to 100. Increased submit webpage processing timeout. Edited the "windows user name" functionality to prevent errors.

New script uploaded (v13) as at 2013-02-26. Make sure you grab the sqlite.exe from here to detect Adobe keys. This is optional and it will work fine without it. Changes - filter for Dameware in video detection, improved monitor detection and cleanup, turned down the verboseness when debugging in the Printer section (increase debugging variable to get it back), ensure there is NO output when debugging set to 0, added ODBC driver for 64 bit Windows, removed "software uninstall" variable (not used server side anyway) because it was causing problems, added WIn8 and Win2012 where detection needed it, added extra software detection when audit is run using double click or from the web interface on 64bit Windows, added extra debugging output for Windows keys, added Adobe key detection using sqlite3 (as above), added TeamViewer key detection, revised the "escape_xml" function - now using CDATA where needed, added SKUs for Office 2013, revised "getkey_rpk" function, added some windows build number in the comments at the very end of the script. Phew :-) I plan to ship this with the next release. Make sure you are using the latest beta with this script.

New script uploaded (v14) as at 2013-02-27. Incorporated JPAs changes (as per post in this thread). Thanks JPA!. Office 2013 and Win8 key detecton. Added comments that debugging can be set to "3" - very verbose.

New script uploaded (v15) as at 2013-02-27. Added on ability to continue and not error if domain cannot be contacted. Think running the audit on a laptop not connected to the internal network, hence cannot see a domain controller.

New script uploaded (v16). Fixed JPAs bug :lol:

New script uploaded (v17) as at 2013-03-06. Fixed my bug that should have fixed JPAs bug :oops:

New script uploaded (v18) as at 2013-03-06. Fixed Bugs found by Franck. Thanks Franck.

Attachments:
File comment: rename to audit_windows.vbs
audit_windows_v18.txt [325.13 KiB]
Downloaded 606 times

Author:  mannypatel [ Sat Sep 22, 2012 2:21 am ]
Post subject:  Re: Current Windows Audit Script

Hi,

I have been using OAv1 for some time and used to the domain audit script

I have also setup OAv2 but didn't get round to testing the script in a domain environment. I have downloaded the script but not sure what changes I need to make. Is there a config file in addition to the vbs script similar to OAv1?

Author:  Mark [ Sat Sep 22, 2012 8:27 am ]
Post subject:  Re: Current Windows Audit Script

The audit_domain script is separate to the audit_window script.
All config is inside the individual script (no separate config file).
If you read the scripts, the variables that you can set have notes against them.
Most variables should be able to be set via the command line as well.

Author:  mannypatel [ Tue Sep 25, 2012 11:40 pm ]
Post subject:  Re: Current Windows Audit Script

Hi Mark,

Thanks for the info.

All working now

Author:  gareth [ Wed Nov 14, 2012 8:03 pm ]
Post subject:  Re: Current Windows Audit Script

Hi Mark,

I came across a couple of Lenovo laptops which weren't auditing. Upon further investigation, it appears the following line was causing issues:

<model>@oem4.inf,%tpwhdf%;Wide viewing angle & High density FlexView Display 1366x768</model>

Not sure if it is the @ or the % which is breaking the script, but if I remove the whole line it successfully audits.

Cheers,
Gareth

Author:  chris_2006 [ Sun Nov 18, 2012 6:02 am ]
Post subject:  Re: Current Windows Audit Script

Mark wrote:
The audit_domain script is separate to the audit_window script.


Is there already a audit_domain script available for version 2?

Author:  Mark [ Mon Nov 19, 2012 9:02 pm ]
Post subject:  Re: Current Windows Audit Script

chris_2006 wrote:
Is there already a audit_domain script available for version 2?

Of course. It's in the download under the "other" directory.

Author:  hammi [ Tue Jan 15, 2013 6:46 pm ]
Post subject:  Re: Current Windows Audit Script

Never Used OAv2 before but finally got round to Installing it

I have on thing that I have noticed after doing my first site audit

Issue on XP Machines

The Audit detects that we have two network cards in some of our machines but it seems to display the one that's disconnect as the primary card or this might just be because its the first in alphabetical order

This is not a big problem as the problem doesn't happen on any windows 7 PC and the site will have more 7 machines to xp in the future

I have attached a pdf of one of the XP audits from our site

Not sure if this is the right place to put this but as its Windows PC's I'm auditing thought I'd start here.

Sorry in advance if this has been discussed or its posted incorrectly

Thanks

Dan

Attachments:
page 2.PNG
page 2.PNG [ 84.55 KiB | Viewed 18027 times ]
page 1.PNG
page 1.PNG [ 126.59 KiB | Viewed 18027 times ]

Author:  Mark [ Tue Jan 15, 2013 10:52 pm ]
Post subject:  Re: Current Windows Audit Script

The PHP supplied SQL does not actually specify any order for these to be returned from the DB at all.
If it's not a big deal, I'll make a note and look at it "sometime" :)

Author:  hammi [ Sun Jan 20, 2013 1:37 am ]
Post subject:  Re: Current Windows Audit Script

no its not a big deal more just an observation, Thanks very much I love open audit and learnt a lot about php msql and such from what you have created

Thanks for your help in advance

Dan

Author:  jacobsa [ Sun Feb 03, 2013 10:21 am ]
Post subject:  Re: Current Windows Audit Script

Hi there,

Just wanted to report that on all Small Business Server 2011 machines with v12 of the script I am getting:

Line: 3910
Char: 4
Error: Type mismatch: 'ubound'
Code: 800A000D
Source: Microsoft VBScript runtime error


Also wanted to report that any machine that seems to have SQL installed a box pops up saying 'mssql'

Thanks,

Author:  franam [ Mon Feb 04, 2013 6:52 pm ]
Post subject:  Re: Current Windows Audit Script

Hi,
running audit on my network I encountered this error:

Code:
Unspecified wbem error: -2147217385 (MSNdis_LinkSpeed)
Unspecified wbem error: 451 (Win32_NetworkAdapter)
Unspecified wbem error: 451 (Win32_NetworkAdapter)
Unspecified wbem error: 451 (Win32_NetworkAdapter)
Unspecified wbem error: 451 (Win32_NetworkAdapter)
network address info
DNS info
printer info
XXX: PDFCreator
XXX: Microsoft XPS Document Writer
XXX: Send To Microsoft OneNote 2010 Driver
XXX: KONICA MINOLTA C360SeriesPCL
c:\scripts\OAv2\audit_windows.vbs(2187, 6) Errore di run-time di Microsoft VBScr
ipt: Necessario oggetto: 'objShell'


I solved moving
Code:
set objShell = CreateObject("WScript.Shell")

from line 284 to 238

ciao,
francesco

Attachments:
patch.txt [638 Bytes]
Downloaded 320 times

Author:  jaymal1 [ Sun Feb 10, 2013 9:03 am ]
Post subject:  Re: Current Windows Audit Script - Error Submitting to Serve

Fresh install of 9.2 and new MySQL database. Using latest Windows script, saved the config file. Nothing was being added to the database.

Manually tried to post config file and received the following error(s)

(attached error TXT file as well-I can send the system export if needed-just need to scrub some info)

LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 55
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 36
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 36
[message] => EntityRef: expecting ';'

[file] =>
[line] => 59
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 52
[message] => EntityRef: expecting ';'

[file] =>
[line] => 59
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 59
[message] => EntityRef: expecting ';'

[file] =>
[line] => 59
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 62
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 59
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 71
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 59
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 89
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 105
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 97
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 105
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 99
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 105
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 43
[message] => EntityRef: expecting ';'

[file] =>
[line] => 112
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 56
[message] => EntityRef: expecting ';'

[file] =>
[line] => 112
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 59
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 112
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 67
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 112
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 69
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 112
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 45
[message] => EntityRef: expecting ';'

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 54
[message] => EntityRef: expecting ';'

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 70
[message] => EntityRef: expecting ';'

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 79
[message] => EntityRef: expecting ';'

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 23
[column] => 89
[message] => EntityRef: expecting ';'

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 90
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 92
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 133
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 39
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 4330
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 39
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 4619
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 39
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 4859
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 39
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 5250
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 39
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 5403
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 44
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 10641
)
LibXMLError Object
(
[level] => 3
[code] => 68
[column] => 69
[message] => xmlParseEntityRef: no name

[file] =>
[line] => 11450
)

Attachments:
OAv2PostError.txt [4.49 KiB]
Downloaded 348 times

Author:  Mark [ Sun Feb 10, 2013 4:16 pm ]
Post subject:  Re: Current Windows Audit Script

Email me a copy of the audit result you were posting.
You should also be using the audit_windows.vbs from 9.2, not from this post.

Author:  jaymal1 [ Mon Feb 11, 2013 8:45 am ]
Post subject:  Re: Current Windows Audit Script

I just tried it with the script from 9.2 and it works perfectly. I knew I was missing something.

Thanks for the help!

Page 1 of 4 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/