Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 10:02 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 
Author Message
PostPosted: Thu Apr 02, 2015 8:04 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
Dear All,

When i trying to run audit_windows for one computer locally, the process stopped when it auditing Windows Info with error notification: "audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command."

Anybody could help me to solve this problem? :(


Best Regards,
Eko


Last edited by BlaxWalker on Fri Apr 17, 2015 12:29 pm, edited 3 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 08, 2015 1:08 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 205
Location: Massachusetts
What version of the audit script are you using? Post what you have for line 1250 in this script, that may help

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 09, 2015 12:18 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
[quote="shanimal"]What version of the audit script are you using? Post what you have for line 1250 in this script, that may help


Hi Shane,

Thank you for your reply. Right now i'm using OAv1.6.2, and also the newest script like instructed by Mark here: [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6418[/url].

This is the line of 1250:
set objrecordset = objcommand.execute

Anything wrong with that line?

Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 10, 2015 8:54 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
So the code in question is below.
The problem line is [code]set objrecordset = objcommand.execute[/code]

Is this PC on a domain?
Try setting debugging to 3 and see what output you get.

[code]function windows_user_get_attribute (full_ad_domain, attribute, sam_account_name)
if debugging > "2" then wscript.echo "FullAD: " & full_ad_domain end if
if debugging > "2" then wscript.echo "Attribute: " & attribute end if
if debugging > "2" then wscript.echo "SAM: " & sam_account_name end if
if (full_ad_domain > "") then
const ads_scope_subtree = 2
set objconnection = createobject("adodb.connection")
set objcommand = createobject("adodb.command")
objconnection.provider = "adsdsoobject"
objconnection.open "active directory provider"
set objcommand.activeconnection = objconnection
objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & sam_account_name & "'"
if debugging > "2" then wscript.echo objcommand.commandtext end if
objcommand.properties("page size") = 1000
objcommand.properties("searchscope") = ads_scope_subtree
objcommand.properties("sort on") = "name"
set objrecordset = objcommand.execute
error_returned = Err.Number : if (error_returned <> 0 and debugging > "0") then wscript.echo "AD command failed"
if (isobject(objrecordset)) then
on error resume next
objrecordset.movefirst
on error goto 0
do until objrecordset.eof
windows_user_get_attribute = objrecordset.fields(attribute).value
objrecordset.movenext
loop
end if[/code]

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 10, 2015 11:41 am 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
Hi Mark,

Yes this is a domain PC, and i've been successful to scan 150 others using "cscript audit_windows.vbs".
This is the error output with debugging=3:

[code]Audit Location: local
-------------------
system info
windows info
FullAD: OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id
Attribute: physicalDeliveryOfficeName
SAM: ssa'idah
select name, physicalDeliveryOfficeName from 'GC://OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id' where objectCategory = 'person' and sAMAccountName = 'ssa'idah'
\\IDWS-D162\master$\audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command.[/code]

Is this caused by the user name which use single quotes (or apostrophe?)?


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 11, 2015 5:32 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
It looks to be the cause, yes.
I'm on the road at the moment, so I'll post a fix next week.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 11, 2015 9:00 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Quickly get this working. Replace line 1245 in the 1.6.2 audit with:
[code]objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & escape_wmi(sam_account_name) & "'"[/code]

I did not check to see what the script does with a DOMAON with an apostrophe in it. It did work with a WORKGROUP containing one.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 3:01 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
[quote="jpa"]Quickly get this working. Replace line 1245 in the 1.6.2 audit with:
[code]objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & escape_wmi(sam_account_name) & "'"[/code]

I did not check to see what the script does with a DOMAON with an apostrophe in it. It did work with a WORKGROUP containing one.


Hi Mark & JPA,

4 Thumbs for your super duper damn great support! But the error still came up with slightly different notification. Here they are:

[code]
Audit Location: local
-------------------
system info
windows info
FullAD: OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id
Attribute: physicalDeliveryOfficeName
SAM: ssa'idah
select name, physicalDeliveryOfficeName from 'GC://OU=D**,OU=C*******,OU=I********,OU=D*****,DC=i*******,DC=co,DC=id' where objectCategory = 'person' and sAMAccountName = 'ssa\'idah'
\\IDWS-D162\master$\audit_windows.vbs(1250, 3) Provider: One or more errors occurred during processing of command.
[/code]

What should i do now?

Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 3:15 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
[quote="BlaxWalker"]
What should i do now?
Get help from someone who knows what they're doing since it seems I don't. :oops: I'll see what's wrong tomorrow.

Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 16, 2015 4:27 pm 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
[quote="jpa"]Get help from someone who knows what they're doing since it seems I don't. :oops: I'll see what's wrong tomorrow.


Hi JPA,

Great thanks for your great effort and great attention...

Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 17, 2015 4:20 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Replace line 1245 with:
[code]objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & replace(sam_account_name, "'", "''") & "'"[/code]


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 17, 2015 11:23 am 
Offline
Newbie

Joined: Thu Apr 02, 2015 6:53 pm
Posts: 10
[quote="jpa"]Replace line 1245 with:
[code]objcommand.commandtext = "select name, " & attribute & " from 'GC://" & full_ad_domain & "' where objectCategory = 'person' and sAMAccountName = '" & replace(sam_account_name, "'", "''") & "'"[/code]


Hi JPA,

THERE IT IS!!! Finally we can get rid of single quotes and apostrophe! Sorry for my lack of knowledges about VBS, so i always bother you to help me :D

I also have updated this topic to solved so that other people will find this case easily if they have any case like me...

Berjuta terima kasih ya, JPA & Mark!


Regards,
Eko

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group