Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 9:35 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
PostPosted: Tue Sep 16, 2014 3:20 pm 
Offline
Newbie

Joined: Sat Jul 12, 2014 5:51 pm
Posts: 1
Dear all,

fist of all thanks everyone who made OA :) Hope I can also contribute in the future.. until then, however, I have 2 questions:

1. I think I have a problem with ESET EndPoint protection - it seems it is blocking the OA script from being executed when I run a AD discovery. When I disable the ESET EP FW on the clients - the script get executed - I get information about the client.
What I already did - I added the IP subnet of the OA server to the trusted list in ESET - but alas ESET still seems to block incoming connections. To make matters worse I get no info which ports it is blocking in the firewall log - computers running ESET just don't get audited. Can someone tell me which ports/protocols should be enabled? Standard WMI ports + .. ?

2. In our domain we have two subnets (amongst others) reserved for computers - 192.168.100.0 and 192.168.110.0 (120 will follow shortly..). When I run a AD discovery only computers in the same subnet (e.g. 192.168.100.0) as the OA server get audited (disregarding the ESET problem - even PC's without ESET are not audited). Is this by design? I can ping beween subnets and computers from the 110.0 subnet communicate with the DC in 100.0. Should I modify the script or any options to allow cross-subnet auditing?

Thanks for all answers

Regards,

Jan


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 17, 2014 12:45 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
1 - WMI uses port 135 and other random ports. The wiki has a link to a useful MS KB Article.
https://community.opmantek.com/display/ ... figuration

2 - Auditing across subnets works as it should and needs nothing special configured in the application. FYI - I was auditing three domains across over a hundred subnets from a single server just fine. I'd suspect it's something in the network stack (a router with port forwarding or some such) that's causing an issue. As long as the network traffic is allowed, it will "just work". Make sure your DNS (for AD) is working, too...

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group