Share:|

Auditing

 

Over the next month or so, I am going to post some bits and pieces focusing on the Auditing functionality in the Track-It! Inventory module. First up, a number of customers identify they need to automatically audit their user’s PC. Track-It! can schedule audits, but there are drawbacks to this, identified below. So what alternative is there?

 

Scheduled Audits vs Logon Scripts

The audit can be scheduled to automatically run on specific days of the week, a specific day of the month or on a specific date, or a combination of these settings.

 

sched_audits.JPG.jpg

 

However, your user base may not all be logged in at the same time, some may be off site, using a laptop. There are quite a few reasons why a PC might not be available in the environment to be audited at the appointed time that Track-It! is configured to carry out this task.

 

One alternative to using the schedule set in the Administration Console is to use logon scripts, set up in Active Directory. The benefit of this is that you will no longer be queuing audits blindly for a machine that may or may not be available for auditing. This excerpt is from an article supporting an older version of Track-It! (hence references to Windows 2000) but they are still valid and the support team often shares them with customers who have identified that this solution is the most effective way of updating their Inventory;

 

To Implement Logon Scripts on a Windows 2000 Server (Active Directory):

 

  • The logon script itself must be present in the sysvol share (%winroot%\sysvol\sysvol\domainname\scripts) of whatever domain controller the user authenticates on. If you want to implement a logon script and you have replication set up among your domain controllers, save the script in the %winroot%\sysvol\sysvol\domainname\scripts directory on the primary domain controller (PDC) in order to replicate it across the other domain controllers.

 

  • Open the Group Policy snap-in:
  • Click Start  Run, type mmc in the Open field, and click OK.
  • Click File  Add Remove Snap-in from the Console's main menu.
  • On the Standalone tab, click Add.
  • Select Group Policy from the list, and click Add.
  • Either click Local Computer to edit the local GPO or locate the GPO that you want to edit.
  • Click Finish, and then click OK.

      

  • In the console tree, select Policy_name Policy/User Configuration/Windows Settings/Scripts (Logon/Logoff).
  • Click Scripts, and then double-click Logon in the right pane.
  • Click Add.
  • Configure any of the following settings that you want to use, and then click OK:

     o   Script Name: Type the path to the script or click Browse to locate the script file in the Netlogon share of the domain controller.

     o   Script Parameters: Type any parameters that you want to use in the same way that you type them on the command line.

     For example, if the script includes the //logo parameter (display banner) and the //i parameter (interactive mode) parameters, type;


//logo //i      

 

  • In the Logon dialog box, configure any of the following settings that you want to use, and then click OK:
  • Logon Scripts for: This box lists all of the scripts that are currently assigned to the selected Group Policy object. If you assign multiple scripts, the scripts are processed according to the order that you specify. To move a script in the list, select the script, and then click either the Up or Down key.
  • Add: Click Add to specify any additional scripts that you want to use.
  • Edit: Click Edit to modify script information such as the name and parameters.
  • Remove: Click Remove to remove the selected script from the Logon Scripts list.
  • Show Files: Click Show Files to view the script files that are stored in the selected Group Policy object.

 

Important Notes:

In the Active Directory Users and Computers dialog, it is recommended that you select a group, because it contains multiple users.

 

Please bear in mind, when logon scripts are triggering the audit, the data will not merge to the Inventory automatically. You will need to set the merge to run on a schedule. Go to Tools > Administration Console > Configuration > Inventory > Merging > Schedule

 

Set to “Automatically Merge Daily” and set for a time outside of peak use times for the Track-It! application. Merging audit data can have quite an overhead on system performance. So if assets have been audited at logon at various points throughout the day, set the merge to run overnight and you will see updated record in your Inventory grid view the next working day.

 

Next

We’ll take a look at some hints and tips that are regularly used to troubleshoot the auditing feature.