1
0
-1

I was using audit_windows.vbs version 3.0.0.  Now when I try 3.1.0 I get:

----------------------------
Open-AudIT Windows audit script
Version: 3.1.0
----------------------------
audit_dns            y
audit_mount_point    y
audit_netstat        s
audit_software       y
create_file          n
debugging            5
details_to_lower     y
discovery_id
hide_audit_window    n
ldap
org_id
ping_target          y
self_delete          n
strcomputer          .
strpass
struser
submit_online        y
system_id
url                  http://192.168.0.3/open-audit/index.php/input/devices
use_proxy            n
use_active_directory y
windows_user_work_1  physicalDeliveryOfficeName
windows_user_work_2  company
-------------------
LocalNet:  172.17.166.33  fe80::1541:db78:2804:87ef  192.168.0.20  fe80::9cb1:838:6eb0:acfd  fe80::15d:8600:56eb:43b8  WRK-ARENAS
Target: .
No Match: Auditing remote host.
Disregarding ping_target because we're auditing localhost.
Problem authenticating (10) to .
Error Number:-2147217405
Error Description:
Cannot connect to .
Attempting Active Directory data retrieval.
No default LDAP provided, using local settings.
LDAP domain: LDAP://org.ad
PC not able to be audited and not found in Active Directory.
Active Directory used for search was: LDAP://org.ad
No audit recorded.


My workaround was comment lines 682 to 693, and its working.  Any Ideas?.

Thanks.


Andrés.


  1. Mark Unwin

    I have made some changes to the script. Can you grab a copy from the URL below and try it out?

    https://raw.githubusercontent.com/Opmantek/open-audit/master/other/audit_windows.vbs

  2. Andres Arenas

    Hi Mark, I just run it. Same results.

    C:\Temp>cscript audit_windows_n.vbs
    Microsoft (R) Windows Script Host Version 5.812
    Copyright (C) Microsoft Corporation. All rights reserved.
    
    starting audit - .
    ----------------------------
    Open-AudIT Windows audit script
    Version: 3.1.2
    ----------------------------
    audit_dns            y
    audit_mount_point    y
    audit_netstat        s
    audit_software       y
    create_file          n
    debugging            1
    details_to_lower     y
    discovery_id
    hide_audit_window    n
    ldap
    org_id
    ping_target          n
    self_delete          n
    strcomputer          .
    strpass
    struser
    submit_online        y
    system_id
    url                  http://192.168.0.3/open-audit/index.php/input/devices
    use_proxy            n
    use_active_directory y
    windows_user_work_1  physicalDeliveryOfficeName
    windows_user_work_2  company
    -------------------
    Not pinging target because we're auditing localhost.
    Problem authenticating (10) to .
    Error Number:-2147217405
    Error Description:
    PC not able to be audited and not found in Active Directory.
    Active Directory used for search was: LDAP://org.ad
    No audit recorded.
  3. Mark Unwin

    Your user must have Admin rights on the PC to run the script.

    Specifically, they must be able to connect to -

    GetObject("winmgmts:\\.\root\rsop\computer")

    I have just confirmed this. An unpriviledged user returns this error, an Admin does not. If your user is an Admin, try running it in an elevated console.

  4. Andres Arenas

    Hi Mark, I just confirmed, Admin can run the script.  But the question is if this is a desired situation.  I like the fact that I can keep track of the users triggering the audit (I do it on login scripts).  But with this change all I will see is Administrator using all PCs.  The should be a way to detect the situation and avoid the error.  

  5. Mark Unwin

    Andres,


    You are correct. It never used to require Admin. I'll investigate why this is now so and see if we can work around this. No promises on a timeline.


    Mark.

CommentAdd your comment...

3 answers

  1.  
    1
    0
    -1

    Welp!.. same here, brand new laptop, fresh Win10 1803 install, script 3.1.0 with no params, same error.

    commented out lines 682 to 693, it worked like a charm.

    1. Mark Unwin

      Is the laptop on a domain?

    2. A M

      Yes

      BTW, Audit it works with v2.3.3

    3. Mark Unwin

      Thanks for the info. I'll compare the two versions of the script and see if anything changed around that area.

    4. Mark Unwin

      I have made some changes to the script. Can you grab a copy from the URL below and try it out?

      https://raw.githubusercontent.com/Opmantek/open-audit/master/other/audit_windows.vbs

    CommentAdd your comment...
  2.  
    1
    0
    -1

    No, I just run "cscript audit_windows.vbs" ... no parameters.  No user or password.

    I basically just change the IP of the server and the rest is untouched.  My PC is a Fully updated Win 10 machine,  my AD server is Windows 2003 Server (I know...).  That's it.  Just commenting those lines makes the script work.

      CommentAdd your comment...
    1.  
      1
      0
      -1

      Can you post the full command you are using to run the scrtip, please.

      It "looks" like you are passing a username and possibly a password when auditing a local machine. This will not work (and never has).

        CommentAdd your comment...