Open-AudIT

I was going to start looking at this as a free audit software. My question is, how does the software handle disconnected users? That is, computers that are only connected to the corporate network through VPN a few hours every day. A non service based software like this would seem to have trouble, in my opinion, trying to pull data from a laptop computer in the field. Systems that are always on, always connected to the internal corporate network are generally always available to be queried for data like the VBscript does. The big question is the often disconnected field user. Let me know if you need more of an explanation of the scenario.

Is anyone using it successfully in this type of scenario?

Thanks for the insight.
Paul

The computer audit is performed by a VBScript which uploads the data to the server or creates a file with the data which can be uploaded later. Although OpenAudit v2 currently doesn't have an automated way to upload this audit file data it wouldn't be too hard to get this going. So you could have a scheduled task perform an audit to file as often as you like and then another task to upload the data to the server when a VPN was established. Or, more simply, you could just have a task to perform the audit and upload to the server when a VPN was established.

What JPA said.
That's the tradeoff we make by having an agentless system.
No agent to install is good but it means this exact scenario can be an issue.
There are ways (hacks) around it as JPA described - but if you have to setup a scheduled task on a system you may as well have an agent... I might ask our Active Directory and/or networking guys at work their thoughts on this.

Does anyone know if there is some "flag" in Active Directory that triggers when a system connects (especially an off-network system as described)?

At work we just run a scheduled task every day (which audits 7,000 systems). If a system is not powered on, then it's Active Directory data is used. We eventually catch them. I think there about 30 systems (out of the 7,000) I haven't managed to catch yet. If these were important, I might bother but in the grand scheme, they're not.

Servers are important and they're always on and connected...

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

With any AD user you can have a login and/or logout script which will execute when the user logs in and/or out of AD. You could use the same script for many users or have one per user.

[quote="jpa"]The computer audit is performed by a VBScript which uploads the data to the server or creates a file with the data which can be uploaded later. Although OpenAudit v2 currently doesn't have an automated way to upload this audit file data it wouldn't be too hard to get this going. So you could have a scheduled task perform an audit to file as often as you like and then another task to upload the data to the server when a VPN was established. Or, more simply, you could just have a task to perform the audit and upload to the server when a VPN was established.

If you look in the scripts directory from Open-AudIT (v1), you'll see a script designed to take any "offline" audit files and send them to the server. Shouldn't be too hard to adapt for v2. I'll take a look at this eventually...

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

[quote="pwetter"]I was going to start looking at this as a free audit software. My question is, how does the software handle disconnected users? That is, computers that are only connected to the corporate network through VPN a few hours every day. A non service based software like this would seem to have trouble, in my opinion, trying to pull data from a laptop computer in the field. Systems that are always on, always connected to the internal corporate network are generally always available to be queried for data like the VBscript does. The big question is the often disconnected field user. Let me know if you need more of an explanation of the scenario.

Is anyone using it successfully in this type of scenario?

As a note, Since some of our locations don't have domains, We have put the openaudit script is <AllUsers>/Program Files/Start Menu/Startup
so that the machine is audited and submits its results whenever someone logs in.

-Dl