Open-AudIT

What's on your network?
It is currently Sun Apr 22, 2018 2:17 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Sep 16, 2014 3:20 pm 
Offline
Newbie

Joined: Sat Jul 12, 2014 5:51 pm
Posts: 1
Dear all,

fist of all thanks everyone who made OA :) Hope I can also contribute in the future.. until then, however, I have 2 questions:

1. I think I have a problem with ESET EndPoint protection - it seems it is blocking the OA script from being executed when I run a AD discovery. When I disable the ESET EP FW on the clients - the script get executed - I get information about the client.
What I already did - I added the IP subnet of the OA server to the trusted list in ESET - but alas ESET still seems to block incoming connections. To make matters worse I get no info which ports it is blocking in the firewall log - computers running ESET just don't get audited. Can someone tell me which ports/protocols should be enabled? Standard WMI ports + .. ?

2. In our domain we have two subnets (amongst others) reserved for computers - 192.168.100.0 and 192.168.110.0 (120 will follow shortly..). When I run a AD discovery only computers in the same subnet (e.g. 192.168.100.0) as the OA server get audited (disregarding the ESET problem - even PC's without ESET are not audited). Is this by design? I can ping beween subnets and computers from the 110.0 subnet communicate with the DC in 100.0. Should I modify the script or any options to allow cross-subnet auditing?

Thanks for all answers

Regards,

Jan


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 17, 2014 12:45 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
1 - WMI uses port 135 and other random ports. The wiki has a link to a useful MS KB Article.
https://community.opmantek.com/display/ ... figuration

2 - Auditing across subnets works as it should and needs nothing special configured in the application. FYI - I was auditing three domains across over a hundred subnets from a single server just fine. I'd suspect it's something in the network stack (a router with port forwarding or some such) that's causing an issue. As long as the network traffic is allowed, it will "just work". Make sure your DNS (for AD) is working, too...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group