You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Auditing a single Windows PC

Assuming you have an XAMPPLite install of Open-AudIT on a Microsoft Windows machine.

Copy the file c:\xampplite\open-audit\other\audit_windows.vbs to a suitable location. Do not remove this file from it's original location as it is needed by the web interface.

Open your copy of audit_windows.vbs in a text editor. Check the following variables are set as below:

Open a command prompt and run the script with cscript audit_windows.vbs. Do not double click the script to run it as this will use wscript instead of cscript and spawn many popup windows.

It should run and post the result to the database. Go back to your web browser and load Open-AudIT. You should have a group or two created. Go into one of them and click the machine name. You should see the machine details.

To prevent any output to the command window you can set debugging = "0" and run the script with cscript //nologo audit_windows.vbs .


Options

Not every Windows computer will be a simple domain connected machine. Sometimes you may have a server in a DMZ with no network connectivity to the internal network, a machine not on a domain, a standalone machine not networked at all, etc. There are options to overcome these. 

 

In the case of a computer with no network connectivity to the Open-AudIT server.

Copy the audit script to a USB drive, go to the remote computer and insert the USB disk. Open a command prompt and navigate to where you copied the script. Run the script and output to an XML file using the command

cscript audit_windows strcomputer=. submit_online=n create_file=y

An XML file named COMPUTERNAME_DATE.xml should be created. Close the terminal window. Remove the USB disk and go to a computer with Open-AudIT connectivity. Open the XML file and copy the XML and paste into http://YOUR_SERVER/index.php/system

 

In the case of a computer not on the domain.

If you can see the computer on the network and it has it's firewall opened to allow remote WMI/VBscript, you can run the audit script using the remote credentials.

cscript audit_windows.vbs strcomputer=REMOTE_COMPUTER_NAME struser=REMOTE_DOMAIN/REMOTE_USERNAME strpass=REMOTE_PASSWORD

You may need to substitute "workgroup" or the remote computer name for REMOTE_DOMAIN above.

 

In the case of a computer than can see the Open-AudIT server, but the audit host cannot see the computer (unusual).

You can copy the audit script to the target computer and set it to run on a scheduled task and submit the result to the Open-AudIT server.

  • No labels