Best Method For My Environment / What Am I Doing Wrong?
Page 1 of 1

Author:  BenK [ Fri Jun 25, 2010 6:31 am ]
Post subject:  Best Method For My Environment / What Am I Doing Wrong?

Good Afternoon All -

I recently introduced OpenAudit to our enviroment and am enjoying learning all that it has to offer. Currently, it's already added 144 machines to the database, yet I'm still trying to find the best and most efficent way to scan.

Below, I have listed my current setup. I'm sure that there must be a better way to achive what I'm after, but for now can only get it to work by having a different script on each domain.

Current Setup: Currently, we are wishing to scan 4 different domains., Domain2.local,, =
- Contains the OpenAudit web & sql server
- Both on one Windows2003 machine
- I'm using XAMPP on it to run Apache & MySQL.
- On the OA server via Windows Task Manager, I have the command "cscript audit.vbs" set to run daily @ 10am & 2pm
- It only scans using domain admin rights
- audit.config is attached

Domain2.local =
- Contains Copied/Pasted "Scripts" folder from Domain1's OA server on a random DC in this domain
- Changed the following in audit.config
- audit_location to "r"
- local_domain to "LDAP://dc=domain2,dc=local
- Changed nmap ip info to match scheme (even though i don't think it really matters)
- Via Windows Task Manager, I have the command "cscript audit.vbs" set to run daily @ 10am & 2pm &
- Basically the same as what I did to Domain2

Other Notes:
- I do have domain admin rights to everything
- Workstations are XP x32
- AD is set up as follows: under domain, there is an OU for each branch location. Under the branch location, there's an OU for Users & one for Computers.


1. Is there a way to get all of the scans to run on / from the primary OA server without having to manage / use different machines?

2. So far, the sans seem to work fine (after 48 hours) and I have 144 results. After looking through them, I see that many workstations didn't get added. I can connect to these workstations with a remote computer manager connection, but get the "Win32: The RPC server is unavaliable" message. When trying to edit properties of WMI Controls. I thought it may be firewall, but the same happens when I Stop the firewall service too.

3. If I must continue to scan with the 4 servers that I have set up, is there a way to do so with no graphical notification at all? I have the command in a batch file which i run minimized, but it still has the (grouped) dialogue boxes in the taskbar. If not, no big deal.

4. I have OA set up to user LDAP to signin with, but all users seem to have admin rights. Is there a way to manage this so poeple don't mess things up?

I guess that's it - Sorry for the long post. I always try to include as many details as possible so that perhaps someone will see what I am doing incorrectly.

Thanks for your help!

File comment: Audit.Config File From
audit.config.txt [2.27 KiB]
Downloaded 442 times

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group