Page tree
Skip to end of metadata
Go to start of metadata

This relates to using our default network address as and auditing Windows computers using a script from a Windows Open-AudIT server.

If you're running an Open-AudIT server on Linux, this doesn't affect you.

See The Default Network Address for some background.

If you are using the "new" (as at 3.1.0) way of running discoveries (ie, using as your network address and not setting the configuration item discovery_use_vintage_service to 'y') and you're seeing issues copying the audit script to the target device, you will want to change the service used to run Apache.

This is because the "Local System" account used to run Apache has no access to any "network" resources. IE - We cannot use Apache when running as this account to copy the audit script to Windows PCs.

We made this change because in our testing we were able to map a network drive using this account (albeit not using a drive letter). It has come to light that some users can still not do this. We are surmising that domain based Windows PCs may have this disabled by policies (be they Windows defaults or implemented by the Domain Administrators).

To work around this we have created a configuration item called discovery_use_vintage_service. Setting this to y results in our not using the new way of auditing. This is very sub-optimal because the audit script runs on the Open_AudIT Server, not the target device. Because of that we cannot retrieve a few items of interest and it will place load on the server.

The best fix for this case is not to implement this configuration change, rather change the account that Apache runs as to a regular user account. This user needs no special domain or local privileges. It just needs to be a "normal" local user. A normal user does have access to network resources and will work as intended.

Also ensure Nmap is installed for "all users". Nmap must be in the path of your Apache service accounts user. You can check this by logging on as the account specified to be the Apache Service account and running the below on the command line. You should see the Nmap install directory listed there. You should also be able to run "nmap --version" as that user without specifiying the complete path to the Nmap executable.

echo %PATH%

The change is simple to make, just follow the steps below.

Select the Start menu and type "services". Click the Services icon.

Next, right click the Apache2.4 service and select Properties, then click the Log On tab.

Select the "This Account" checkbox and provide the account name and password.

Next, click OK, then right click the Apache 2.4 service and click Restart. Done.

Performing those steps will enable Discoveries and audits to run as expected.