| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| How to do remote audit on non-domain computer? https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6401 |
Page 1 of 1 |
| Author: | cimenta [ Wed Feb 04, 2015 1:22 pm ] |
| Post subject: | How to do remote audit on non-domain computer? |
Hi I am running Open-AudIT from the virtual appliance. [code]You are running version 1.5.1 of Open-AudIT. Your Host is: opmantek, and it's OS is Linux. Your database platform is mysql (version 5.1.73). Your web server is Apache/2.2.15 (CentOS) . Your PHP version is 5.3.3 and it's running in timezone UTC.[/code] Before I went to do audit of other computers I wanted to try to audit my own. The one that is running VirtualBox with Open-AudIT. I did: Menu - Admin - Discovery - Discover a Windows computer Then I entered Computer name (mine), IP of the computer I wanted to audit, username and password of a users (myself) that is part of the Administrator group. So in fact currently the user was logged in. I did not create an Open-AudIT dedicated user. Note that the Windows computer is not part of any domain. All I get is this [code]/usr/local/open-audit/other/open-audit.log File size is 0 megabytes Last 25 lines of the file: Refresh this page for updated logs. Most recent entries are at the top. Feb 04 13:20:35 opmantek 3230 S:discover_subnet U:apache Discovery for kkk submitted at 2015-02-04 03:20:35 starting Feb 04 03:20:35 opmantek 2379 C:discovery F:discover_subnet U:NMIS Discovery submitted for kkk.[/code] I tried few times. When I run the Audit this PC script, everything worked fine. Thank you for any help. R |
|
| Author: | shanimal [ Fri Feb 06, 2015 5:38 am ] |
| Post subject: | Re: How to do remote audit on non-domain computer? |
Here is how I handle that. First, copy the audit_windows.vbs file to a directory on your workstation. Make sure the script has the correct URL for the Open Audit server. This also requires you to know a local admin user on remote systems. I run this from a workstation using local administrator account, and all the remote systems have the same local admin password. Run a batch file from same directory, looks like this: echo off cscript audit_windows.vbs 10.0.0.18 >>I:\temp\52vlan%date:~12,2%%date:~4,2%%date:~7,2%.txt cscript audit_windows.vbs 10.0.0.19 >>I:\temp\52vlan%date:~12,2%%date:~4,2%%date:~7,2%.txt cscript audit_windows.vbs 10.0.0.22 >>I:\temp\52vlan%date:~12,2%%date:~4,2%%date:~7,2%.txt cscript audit_windows.vbs 10.0.0.58 >>I:\temp\52vlan%date:~12,2%%date:~4,2%%date:~7,2%.txt EXIT I have a batch file for each vlan in our environment and each batch file runs daily via sceduled tasks (I'm using Windows) You really don't need to output to text files except for trying to figure out which systems didn't audit. I clean the directory up of *.txt files with another cleanup batch file that runs weekly. If you can't run this as I do with the same local admin user, you can specify username and passwords on each line: cscript audit_windows.vbs strcomputer=win118 strUser=win118\administrator strPass=YourPassword! |
|
| Author: | Mark [ Fri Feb 06, 2015 9:10 am ] |
| Post subject: | Re: How to do remote audit on non-domain computer? |
You should also be able to audit the Windows target via the web interface. Use the target's hostname as the domain. Use the Administrator account. If it still doesn't work, check the wiki page for Target Client Configuration, here - [quote]https://community.opmantek.com/display/OA/Target+Client+Configuration. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|