Open-AudIT
https://www.open-audit.org/phpBB3/

Audit.vbs without administrative privileges
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3089
Page 1 of 1

Author:  sernijr [ Tue Dec 02, 2008 10:44 pm ]
Post subject:  Audit.vbs without administrative privileges

Good morning

Anyone can help me please.

I need to know if is possible run the audit.vbs in windows desktops, when the user is not a local Administrator.

When i try, see Acess Denied error.

Tks,

Author:  A_Hull [ Wed Dec 03, 2008 4:03 am ]
Post subject:  Re: Audit.vbs without administrative privileges

Unless the user has access to WMI, which presumably this user does not, then, no, they cannot audit the machine. You could set permissions on WMI for certain users and groups, with a Group or Local Policy, or directly through the Manage Computer >WMI GUI.

Author:  wpeaton [ Fri Apr 24, 2009 4:33 am ]
Post subject:  Re: Audit.vbs without administrative privileges

We are running audit.vbs by editing Group Policy for our Windows domain. From Group Policy you can force your domain users to run different scripts
Startup & Shutdown scripts -- applied to domain computers with effective administrative rights
Logon and Logoff scripts -- these are done with user rights when a user logs in or logs off

We use Startup scripts. Whenever someone starts their computer, we audit it. Pretty slick.

Since an complete scan of a computer can take a few minutes, I'm trying out a strategy where I add a QuickScan variable inside the script. If QuickScan = True, only software scan is done. All the hardware stuff is skipped. If it happens to be Monday, I set QuickScan = False, and a full scan is done. I don't really think I need to do it every week, but I couldn't figure out how to do the date manipulation to find the first Monday of the month.

I also run the firewall_enable.vbs script, with an added line at the beginning:
[code] On Error Resume Next[/code]
There is probably a more elegant way to do this, but I haven't figured it out yet. The second time a client computer runs the firewall_enable script, some errors are generated, presumably because the registry keys already exist. So I just tell VbScript to ignore the errors.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/