Open-AudIT

What's on your network?
It is currently Tue Apr 24, 2018 6:37 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
PostPosted: Fri Jun 25, 2010 6:31 am 
Offline
Newbie

Joined: Sat Jun 19, 2010 5:37 am
Posts: 3
Good Afternoon All -

I recently introduced OpenAudit to our enviroment and am enjoying learning all that it has to offer. Currently, it's already added 144 machines to the database, yet I'm still trying to find the best and most efficent way to scan.

Below, I have listed my current setup. I'm sure that there must be a better way to achive what I'm after, but for now can only get it to work by having a different script on each domain.

Current Setup: Currently, we are wishing to scan 4 different domains.
Domain1.com, Domain2.local, Domain3.com, Domain4.abc

Domain1.com =
- Contains the OpenAudit web & sql server
- Both on one Windows2003 machine
- I'm using XAMPP on it to run Apache & MySQL.
- On the OA server via Windows Task Manager, I have the command "cscript audit.vbs" set to run daily @ 10am & 2pm
- It only scans Domain1.com using domain admin rights
- audit.config is attached

Domain2.local =
- Contains Copied/Pasted "Scripts" folder from Domain1's OA server on a random DC in this domain
- Changed the following in audit.config
- audit_location to "r"
- local_domain to "LDAP://dc=domain2,dc=local
- Changed nmap ip info to match scheme (even though i don't think it really matters)
- Via Windows Task Manager, I have the command "cscript audit.vbs" set to run daily @ 10am & 2pm

Domain3.com & Domain4.abc
- Basically the same as what I did to Domain2

Other Notes:
- I do have domain admin rights to everything
- Workstations are XP x32
- AD is set up as follows: under domain, there is an OU for each branch location. Under the branch location, there's an OU for Users & one for Computers.

Questions

1. Is there a way to get all of the scans to run on / from the primary OA server without having to manage / use different machines?

2. So far, the sans seem to work fine (after 48 hours) and I have 144 results. After looking through them, I see that many workstations didn't get added. I can connect to these workstations with a remote computer manager connection, but get the "Win32: The RPC server is unavaliable" message. When trying to edit properties of WMI Controls. I thought it may be firewall, but the same happens when I Stop the firewall service too.

3. If I must continue to scan with the 4 servers that I have set up, is there a way to do so with no graphical notification at all? I have the command in a batch file which i run minimized, but it still has the (grouped) dialogue boxes in the taskbar. If not, no big deal.

4. I have OA set up to user LDAP to signin with, but all users seem to have admin rights. Is there a way to manage this so poeple don't mess things up?

I guess that's it - Sorry for the long post. I always try to include as many details as possible so that perhaps someone will see what I am doing incorrectly.

Thanks for your help!


Attachments:
File comment: Audit.Config File From Domain1.com
audit.config.txt [2.27 KiB]
Downloaded 244 times
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group