In a word - YES.
The plan is to have _everything_ configurable from the web interface. I don't wish to have to alter _anything_ by hand. This is very much apart of some of the use-cases. People may not have access to command line to edit things (think: hosted application).
How do I plan to do auditing ?
Well, at this stage, my thoughts go something like this...
Bear in mind OAv2 is designed to be hosted and run on a Linux machine. I am sure people will get it working on a Windows machine, but that is not my primary focus. Yes, a pre-configured VM _may_ be available. So....
I plan to enable the Admin user to setup "groups". Groups are defined as either Static or Dynamic. Static groups are simply a list of devices that the Admin assigns to that group. Dynamic groups are based on a field in the DB (think network subnet, OS, etc). FYI - I already have this working.
For a Static group, the plan is to create an audit script that includes this group. There is an initial "everything" default group that always exists and does contain all devices.
Now, when auditing machines, there will be two ways to do it.
One - have the server install a scheduled task on the client. The task will run a VBscript "shim" that starts and requests the audit script from the server. It provides some identifying information (UUID, MAC, PCName) and it given the correct script (assuming one needs to do this). It also downloads a small .exe to encrypt the audit results and the Public Key of the server. It then runs the audit script and submits the (encrypted) results. That way, if you need to alter the audit script, you do it on the server only, and all PCs get the new version next time they run the script. The task can be setup on whatever schedule the Admin desires.
Two - have the server connect to each machine and run the script. Same as above, except think of server initiated rather than client scheduled.
My current thoughts are to record the configured audits in the DB. That way, if an audit does not occur when scheduled, an alert can be generated. Also, we would have the option of modifying the old schedule (regardless of it being client or server based). That way, all should be controllable from the server, using the web interface.
There would be a cron job that runs on the server evey hour to check for audits that need to be executed. Having this ability also gives rise to other things that can be run as well - think reports generated and emailed daily, etc, etc. I am thinking _one_ cron job that checks all needed tasks, rather than a seperate cron job for eash task.
At the moment, these are thoughts only. I have no code to do this, other than a proof of concept using "winexe" on Linux to run a command on a Windows machine. It does work - so I think it's more a matter of banging out code...
So, in the end it's very similar to what your thoughts are.