Open-AudIT
https://www.open-audit.org/phpBB3/

new member (and active directory deploy)
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=5763
Page 1 of 1

Author:  sgiunchi [ Sat Sep 17, 2011 7:12 pm ]
Post subject:  new member (and active directory deploy)

Hi all,
just registered, I'm using OAv1 with some of my customers' networks, for about 300 pc. I want to share some of my results.
I started executing audit.vbs from a server, regularly; in doing this, there are two big problems: the server CPU goes 100% (I found the problem is the "deconstruct" function, when using the script in 4+ concurrent scans), and it usualli doesn't get all the clients.

So, I transferred the scan on the client side: I copied audit.vbs and related config file to c: in every client, then created a scheduled task to start it at every pc start. Doing so, the audit.vbs is started only once on every pc, not hurting the pc speed.

I use this audit.bat file, to check that the oa server is available and wait 5 minutes before starting the actual scan:

[code]
@echo off
ping 127.0.0.1 -w 1000 -n 300

set /a "c=1"

:retry
echo c=%c%
ping oa_server -w 1000 -n 3
if %errorlevel% neq 0 (
set /a "c+=1"
if %c% GTR 100 (
goto endfile
)
goto retry
)

cscript.exe audit.vbs 127.0.0.1 > c:\oa\audit.log
:endfile
[/code]

To automate this, using Windows 2008 new group policy options, I create a policy with:
1) file copy policy, copies the content o the \\server\oa folder in c:\oa on every client, to always have the last edit of the files
2) create an "openaudit" scheduled task on the client, which starts c:\oa\audit.bat at the pc start, and at 13:00 (when usually the pc is unused and turned on).

Thanks to Mark for creating such an useful tool!

Stefano

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/