AuditWizard™ V7 How to Configure the Automated Scanner for your LAN

Transcription

AuditWizard™ V7 How to Configure the Automated Scanner for your LAN
AuditWizard™ V7
How to Configure the Automated Scanner for your
LAN
The following is intended as a step-by-step guide to setting up an automated
auditing system within a local area network (LAN) using AuditWizard. In this
example, we will be using a shared network drive, NETSHARE, shared from the PC
called ‘NETSERVER’. Note, it is not necessary for the share to be on Windows
Server, only that the share is visible to all PCs that are to be audited, however it is
recommended to have the share on a network server (in a production environment)
to prevent file-sharing limitations. Standard workstations are only capable of
allowing 10 concurrent connections at one time (Servers are not limited by this).
***Disclaimer: Please ensure that you have the necessary expertise before
continuing, as Layton Technology, Inc. cannot be held responsible for any
problems, which you may encounter while modifying your Server settings.
Every attempt has been made to make this document as clear as possible
however, due to issues or settings in each environment results may vary.
We cannot troubleshoot any part of the network or server problems, when
found to be a fault in the configuration of the server or the network.
Support staff is only able to give assistance with AuditWizard™
Step 1 - Preparing the Network
1. Create a new folder on your PC and call it ‘NETSHARE’. This will be the primary
shared folder.
2. Beneath the ‘NETSHARE’ folder create two sub-folders, DATA and SCAN. Note,
when building the scanner, you specify the top level folder (Netshare), and
AuditWizard will create the ‘Scan’ and ‘Data’ subfolders for you.
3. Right click on the ‘NETSHARE’ and select Properties. Click on the Sharing Tab,
and share this folder as ‘NETSHARE’. Apply the Change. You should see the
hand appear underneath the folder icon as shown below:
Check the folder permissions from the Security Tab for the Scanner and Data
folders. Ensure that as a minimum, all users (everyone and Domain users) have
read and execute permissions to the SCAN folder and ALL permissions to the
DATA folder. Also ensure that the permissions for NETSHARE allow all users to
have ‘Full’ access. Make sure to also apply the changes to permissions on each
of the folders.
1 of 8
How to Audit LAN
Step 2 - Building the AuditWizard™ Scanner
1. Start the main AuditWizard program and log in as an auditor or Admin, if security
has been enabled.
2. If the Startup screen is displayed, select Close then click on the Build scanner
Wizard icon, or you can go to the Wizards | Audit Scanner Wizard Menu.
3. From the Build Wizard, select the Profile you wish to use, then click Next to
continue configuring the scanner. We recommend using the Default option for
this example, then click ‘Next’.
2 of 8
How to Audit LAN
4. From the Build Wizard, select the Method you wish to use, then click Next to
continue configuring the scanner. We recommend using the Network – Login
Script option for this example, then click ‘Next’.
5. From the next screen, you will be able to specify the path to the NETSHARE
folder that was created above (in step 1).
Share path: \\NETSERVER\NETSHARE
Scanner path: \\NETSERVER\NETSHARE\SCAN.
Data path: \\NETSERVER\NETSHARE\DATA Please note the screen shot
below uses the UNC (Universal Naming Convention) path, which is the most
reliable method. The UNC method allows for the scanner to communicate
across the network. We recommend using the default settings from this
screen below, which will automatically search for a Scan and Data subfolder.
If not present, the Wizard will create them for you
3 of 8
How to Audit LAN
You can use the Browse buttons for each of the above paths to avoid typing
mistakes however, ensure that you always go via network neighborhood (or
its equivalent) to enforce the use of UNC notations for the two paths. Mapped
drives should not be used for the NETSHARE path especially as the drive
mapping may be different on PCs in your network (only use drive mappings if
you are certain it is a common drive for all users). Click ‘Next’ when you are
done specifying the paths.
6. Choose an operation mode for the scanner. Non-Interactive does not allow the
user to interact with the scanner, and this option can be set to hide from the user
(most used option). First Time Interactive will display a pop up to the user on
the initial scan only, which will allow them to enter basic asset information and
other advanced information from the Asset Data Fields.
When set to
Interactive, the scanner will always allow the user to interact with the scanner
to enter information.
4 of 8
How to Audit LAN
For this test, you may want to set the Interactive scan first, and then at any
time you can reconfigure the scanner to run Non-Interactive, by running
the Scanner Wizard again. In a production environment, the most typical
setting is ‘Non-Interactive’ and ‘Hide in the background’. Click ‘Next’ to
continue.
7. From the Scanner Collection screen, you can modify how the scanner will
interrogate the PC for specific data. We recommend leaving the defaults;
however the ‘Advanced’ buttons will allow you to further define what information
is collected. If the Interactive mode was selected, you can specify which screens
the user will see and interact with by checking or unchecking boxes.
If
Interactive was chosen, we recommend experimenting with the different settings
by building the scanner, then invoke the scanner Click Next to continue.
8. From the next screen set the Re-audit Interval field to be the minimum number
of days between audits. In most cases a value of 7 to 14 days is a good
compromise between auditing too frequently, and potentially missing important
changes in the configuration of the PC being audited. ‘0’ indicates the audit will
run every time it is invoked. Click ‘Next’ to continue.
Special note about Re-audit interval – When the interval is set to more than
zero days, if you try to re-audit the PC before the interval has elapsed, it will
not run. For testing, a zero day interval may be best.
9. On the Scanner Configuration screen, you will be able to review the current
details to be audited and accept the values, or you can click ‘Back’ to change
them. Click ‘Next’ to continue.
10. The next screen will show the summary of the Scanner configuration prior to
building (deploying) the scanner to the remote share. If you have found
something that needs to be changed, simply click the Back button. When
clicking Next, it will attempt to deploy the scanner files to the remote share and
will confirm if the operation was successful. Click ‘OK’ to acknowledge the
message.
If an error occurred writing to the ‘Scanner’ path, go back to step 4 to ensure
the correct UNC path is selected in the box to deploy the scanner to.
11. The next window will display the full path to the scanner and the command to use
in your network logon script, depending on the network type used. You may
want to write this down for use in Step 3 below.
5 of 8
How to Audit LAN
12. Click ‘Finish’ and you will be prompted to test the scanner that has just been
deployed (recommended). This will ensure that the path to the data folder is
resolved correctly, and that there are no errors.
If you find that there is an error, you may need to repeat this process again
to ensure it was not a permissions issue, or the network path to the ‘Data’
may not have been resolved correctly.
Step 3 – Configuring your Network Logon Script
The following steps require access to your Domain Controller, PDC or Novell
Tree) and some knowledge of user administration under Windows
NT/2000/2003.
Please ensure that you have the necessary expertise
before continuing as Layton Technology, Inc. cannot be held responsible for
any problems which you may encounter while modifying your Server
settings.
Windows Server Configuration:
1. Click Start, point to Settings, click Control Panel, then click on
Administrative Tools, and then click User Manager for Domains.
On
Windows 2000 Server it will be the ‘Users and Groups’ Snap-in from ‘Computer
Management’ or from Active Directory, ‘Active Directory for Users andComputers’. For more information on Novell scripts, please visit this link below:
http://support.novell.com/
Logon scripts can be assigned to individual users or groups of users. It is
however likely that you are only using a single logon script for all users. To
determine if you are using a logon script on your system, double-click a user
6 of 8
How to Audit LAN
from the displayed list and click on the Profile Tab. If a logon script is in use,
its name will be displayed in the Login Script Name box. In Active Directory,
you can also have a ‘Group Policy’ set up to run the script against all users.
2. By default, Windows NT looks for logon scripts on the Primary Domain Controller
in the directory %systemroot%\SYSTEM32\REPL\IMPORT\SCRIPTS,
where systemroot is the disk drive and directory in which Windows NT Server
was installed. For more information on NT Server, visit the link below:
http://www.microsoft.com/ntserver/techresources/WpGlobal.asp
3. If you are running in a Windows 2000 Server environment, the path will
differ slightly to the scripts folder. The following is the path under Windows 2000
Server:
%systemroot%\sysvol\sysvol\domain_name\scripts, where
systemroot is the disk drive and directory in which Windows 2000 Server was
installed. Here is a link to a document on Microsoft’s web site that explains in
detail how to configure a logon script on 2000 Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241
4. If you are running 2003 Server, the path to the Scripts folder is also slightly
different: %SystemRoot%\System32\Repl\Imports\Scripts (This folder
does not exist by default, so it must be created). For more information on how
to set up the logon script in 2003 Server, please refer to this document:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324803
If you are not currently running a logon script
5. Using Windows Explorer on the Server, navigate to the scripts folder defined
above, then using MS Editor (from a command prompt, type in ‘Edit’) ** , create
the file audit.bat and edit it.
6. Select the users which you want to be audited from the displayed list and click
Profile. Enter the name of the batch file that is to be run, say audit.bat.
Specify only the filename, not the full pathname!
If you are already using a logon script
5. Using Windows Explorer on the Server, navigate to the scripts folder defined
above, using MS Editor (from a command prompt, type in ‘Edit’) ** , then edit the
logon script.
6. Move to the bottom of the logon script and add the following line:
START \\NETSERVER\NETSHARE\AUDITWIZARD\SCANNER\SCAN32.EXE
*Note There is a space in between the word ‘Start’ and the UNC path.
**
Please note, we have found the use of MS Editor is more compatible with writing a batch file (BAT file)
than any other text editor. There have been some cases where using a standard text editor as opposed to
MS Editor would not allow the script to run at all.
7 of 8
How to Audit LAN
If you have any 16-bit systems on your network (Windows 3.11 or DOS)
then you will have to replace SCAN32.EXE with LAUNCH.EXE. Note also that
LAUNCH.EXE is a 16-bit application and as such the path to the executable
MUST be 16 bit compliant that is in DOS 8.3 format. The above path is NOT
compliant as the server name exceeds 8 characters in length!
It is
recommended to execute LAUNCH.EXE from a Mapped drive as opposed to
a UNC path.
Step 4 – Configuring the Upload Process
Although the auditing process will now be automatic it still remains necessary to
upload the results of the audits from the DATA folder into the AuditWizard
database. AuditWizard is already configured to do this automatically in the
standard version at pre-defined intervals by selecting Profile| Active Profile | User
Interface | Upload Settings.
By default, the box will be checked to ‘Auto Upload Audit Data when there are at
least X number of audits ready’. By default the time is set to 1 asset, which
allows audits to be uploaded in a timely manner without imposing too much of an
overhead on the AuditWizard PC. Leave the Minimum Audit Count at 1 to force
AuditWizard to upload audits as and when they are available. This can be changed
to any number of preference, however we recommend leaving the default value.
This will process audit data as it becomes available. Note, the program must remain
open to upload the results.
The upload path should have been set to the DATA folder as the scanner was built.
However check this by selecting Profile| Active Profile | Scanner Deployment.
The path to the DATA folder is defined by the Upload From field.
Note: The SQL version will use a program called the Autoloader. This
program will run as a system service, once activated. It will then start to pull in the
audits from the data folder, with or with out the program open. You can start this by
going to Audit | Autoloader Service Control | Start.
Document updated 11-20-2006
8 of 8
How to Audit LAN