| Table of Contents |
|---|
...
Overview
Discovery is a new feature in Open-AudIT version 1.2. Discovery will audit Windows and Linux computers, SNMP scan network devices and record active target addresses if no SNMP is active. Discovery runs entirely from the web interface regardless of the Open-AudIT server running on Linux or Windows.Active Directory Discovery queries Active Directory for a list of network subnets and discovers each in turn.
NOTE - You will need the ports for WMI on the Windows firewall opened on each target Windows computer. For Windows Core servers, ensure you allow the firewall connections as per the TechNet blog post below.
How To
To use Discovery we require access credentials on the target devices. Go to Discover -> Credentials -> Create Credentials and create credentials for all the types of devices you have. They may be for Windows, SSH (Linux / OSX / etc), SNMP, etc.
Once these have been completed you can go to Discover -> Discoveries -> Create Discoveries.
Open the advanced options by clicking on the "Advanced" button. Change the 'type' attribute to Active Directory, input the Active Directory Domain Controller you would like to query and the name of your domain.
Click the "Submit" button and you will be directed to the Discovery list page.
When you click Execute to start the Discovery, Open-AudIT will query the specified Domain Controller for a list of network subnets belonging to the domain. Open-AudIT will then create a discovery entry for each subnet (if it doesn't already exist) and commence discovery for that subnet.
And that's it! As always, it's too easy 
TechNet Blog
Originally at - http://blogs.technet.com/b/brad_rutkowski/archive/2007/10/22/unable-to-remotely-manage-a-server-core-machine-mmc-wmi-device-manager.aspx
How to use Discovery
Setting Default Attributes
To use Discovery, first a few default attributes should be set.
As an Open-AudIT admin level user, go to Menu -> Admin -> Config.
The single most important attribute to set the the "default_network_address" attribute. This is used for Discovery so that when we send an audit script to a remote machine we can also provide the URL of the Open-AudIT server for the remote machine to send it's data back to. We set this manually because your Open-AudIT server may have multiple network addresses. Rather than try and work out the correct address, we ask you to complete this step manually so there can be no mistakes.
For an Active Directory Discovery, you should also set the following fields:
- default_windows_username
- default_windows_domain
- default_windows_password
For completeness, the following fields are also best set:
- default_snmp_community
- default_ssh_username
- default_ssh_password
Once these have been completed you can go to Menu -> Admin -> Discovery -> Discover a Subnet.
This form will pre-populate with your defaults (which you have just configured), but you can also over ride them with specific attributes for any given Discovery run.
Fill the form details and click the Discover button.
Results
You will be redirected to the Logging page. You can refresh this page and see the progress of the Discovery run.
Once the initial list of target devices has been obtained you should see details of each target as it is scanned and input into Open-AudIT.
Logging
NOTE - The logging is quite verbose so there is now a feature to purge the log file at Menu -> Admin -> Logs -> Purge Log.
You can set the log level in the configuration (menu -> System > Open-AudIT Basic Configuration). By default it is set to 5, but you may wish to temporarily increase it to 7 for debugging purposes.
You should see logging similar to the below (if set to level 7). In the below instance, a Discovery run was performed on the open-audit.com domain and the two computers win2k8dc and winxp-pro were audited.
How Does it Work
When running a Discovery against an Active Directory domain, the process is different depending on if your Open-AudIT server is installed on a Windows or Linux machine.
Windows Discovery of AD
The discover_domain.vbs script is run locally with the values provided as per the form. The Open-AudIT server will then talk to the domain controller, obtain a list of computers and audit them.
Linux Discovery of AD
Unable to remotely manage a Server Core machine (MMC, WMI, Device Manager)
BooRadely 22 Oct 2007 5:56 PM
I've been seeing a lot of churn internally and externally about installing a role on a server core machine and then trying to connect to it remotely only to find that the remote server core machine won't allow you to connect.
Remote Management
To allow remote management of a server core machine run this locally on the box:
| Code Block |
|---|
C:\>netsh advfirewall set currentprofile settings remotemanagement enable
Ok. |
After which point the firewall should allow all your remote admin tools to connect (computer management and DNS snap-in for example).
WMI
If you're looking for WMI to be open on your servers:
| Code Block |
|---|
C:\>netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Updated 4 rule(s).
Ok. |
Device Manager
You can enable a read-only view of device manager remotely by doing the following:
1) On the server core machine enable remote management (see above).
2) On a full server open gpedit.msc and connect to the server core machine.
3) Go to: Computer Configuration\Administrative Templates\System\Device Installation
4) Enable the following policy: Allow remote access to the PnP interface.
5) Reboot the Server Core machine.
6) Now you should be able to access the device manager snap-in remotely from a full server.
The discover_domain.vbs and audit_windows.vbs are copied to the nominated Active Directory server and the discover_domain.vbs script is started on that Active Directory server. The Active Directory server will obtain a list of computers, audit them and then submit the result to the Open-AudIT server. The linux programs smbclient and winexe are used to enable Linux to copy the scripts and start them on the Windows server.