Versions Compared

Old Version 17

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 18

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

User Credentials Requirements

To audit a machine, you must have credentials and administrator level access.

  • To audit a remote machine that is not on a domain, you must use the Administrator account (not "an" admin account, "the" Administrator account) on the target PC. **
  • To audit a remote machine on an Active Directory domain, your supplied user (or if none provided, the user running the script) must be a member of the target machines Administrators group (or subgroup).
  • To audit localhost, any supplied credentials are disregarded and connection is made using the details of the user running the script.
  • The account must have a password; WMI does not allow blank passwords.

** NOTE - To enable a remote machine (Vista or above) to be audited that is not on a domain, by an account in the Administrators group, other than the actual Administrator account, do the following:

Start a command prompt as an administrator (Start -> All Programs -> Accessories -> Command Prompt, right click then "Run as administrator".

In the opened command prompt, paste the following and then press <enter>.

Code Block
languagebash
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Reference - http://support.microsoft.com/kb/942817

Windows Firewall Requirements

To enable remote PCs to be audited, either the local (on the target machines) firewall (likely the Windows Firewall) must be disabled or access allowed for the WMI service.

To configure this, Google is your friend (smile)

Cannot Audit

If you are having issues auditing a Windows PC, see our page that specifies the client configuration and provides some hints for configuration, here - Target Client Configuration.https://www.google.com.au/search?q=allow+remote+WMI+windows+firewall&oq=allow+remote+WMI+windows+firewall

Auditing using a GUI

To do this, go to the Open-AudIT logon page at http://YOUR-SERVER/omk/oae (but do not log in) using Internet Explorer on a Windows PC. You should see a page as below. Click the "Audit My PC" button and run the script. You should see your computer being audited and the data should be posted to the Open-AudIT server.

...