When trying the very first discovery i run into a credential issues.
I tried local administrator, i tried domain admin with the domain.
I even tried the winexe-static command from the command line pointing to just my desktop and domain / local admin credentials but always get the 'failed to open connection' message.
windows firewall is disabled, no local policies are in place. Using a simular tool but windows based the scan works ok and that tool is able to read software and other info.
Any idea's whats going on? I *'ed out our domain name in the screenshot.
timeout 5m /usr/local/open-audit/other/winexe-static -U */'Administrator'%****** --uninstall //192.168.30.50 "wmic csproduct get uuid"
ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESETERROR: Failed to open connection - NT_STATUS_CONNECTION_RESETERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET
Did this ever get resolved? Im struggling to get any windows credentials to work. (Windows 7 & 10 estate).
Dedicated local admin account, firewalls off, remote access enabled.
This issue was specifically related to SMB2 support, which has since been provided.
What version of Open-AudIT are you using?
Please check the following -
Are your Windows devices configured properly to allow an audit: https://community.opmantek.com/display/OA/Target+Client+Configuration
Have you followed the instructions on the Troubleshooting page: https://community.opmantek.com/display/OA/Troubleshooting
Thanks Mark. Yes, I looks like I needed to turn off a lot of stuff to get windows to work. (inc registry and Security policies etc). Im going to need to find a nice way of turning these all on and off on demand; leaving these open is killing our security scores. :-)
May I ask one question?
My OSX discoveries seem to be working however, including SSH logons etc. But it doesn't list the user accounts on the machine. Is that normal? I kinda need to list the user accounts on the host.
Circumventing security policy to conduct an audit is never a good idea. Instead, check out this link: https://community.opmantek.com/display/OA/How+to+Audit+in+complex+network+environments and consider deploying the Windows auditing script and running it on target machines based on a startup script or Windows Task Scheduler.
Regarding Users on OSX, not every device supports every attribute. More can be found HERE: https://community.opmantek.com/pages/viewpage.action?pageId=25297310
Some of these options are not practical, as I will use this tool to audit client networks - so this is very much a transient Open AudIT setup.
Re: the Mac accounts, a list can be obtained using the "dscl . list /Users" command in SSH. I will now see if I can include this in the audit_ssh script.
Linux version: CentOS Linux release 7.4.1708 (Core)
Linux centos 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
You are running version 2.1.1 of Open-AudIT.Your Host is: centos, and it's OS is Linux.Your database platform is mysql (version 5.5.56-MariaDB).Your web server is Apache/2.4.6 (CentOS) PHP/5.4.16 .Your PHP version is 5.4.16 and it's current time is 2018-04-17 15:19:40.
The windows client machines are mostly windows 10 where SMB1 is no longer supported by MS.
With Kind Regards,
Marco van Kammen.
At the present time Open-AudIT uses SMB1.
As a workaround you can have the audit script run at logon, manually copy it to the devices and run it, have the uses run it via "Audit My PC" link on the Open-AudIT logon page (no need to actually logon).
This is now very high on our list of items to address.
Running the audit script seems to work as workaround, but we will wait for the permanent fix before we decide to go on and buy some licenses.
Thanks & Regards,
Marco van Kammen.
A couple questions for you -
What Linux distribution and version is your Open-AudIT installation on? For a list of supported Operating Systems and requirements, please see: https://community.opmantek.com/display/OA/Server+Requirements
Also, is SMB1 disabled on the Windows machine?
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.