AuditWizard - Using AuditWizard - Administration - Auditing - AuditScanner Configuration
(Completed section) |
m (Minor text changes) |
||
Line 78: | Line 78: | ||
===USB Devices=== | ===USB Devices=== | ||
− | + | To audiit the presence of USB devices such as flash drives and cameras that appear as storage volumes, check the ''USB Devices'' checkbox. | |
+ | |||
+ | Additionally, the files contained on USB devices can be audited. Click the ''Configure'' button. | ||
+ | |||
+ | By default, the ''No Files'' radio button is selected. This will audit the presence of drives but none of the files contained on them. | ||
To audit specific files or file types, click the ''Specified Files'' radio button and click the ''Add'' button to enter a string. Use of an asterisk * will match any character(s), so ''*.mp3'' will audit any MP3 files, ''Doc*.docx'' will audit any .docx file beginning with ''Doc''. ''Document X.docx'' will audit that precise file name. | To audit specific files or file types, click the ''Specified Files'' radio button and click the ''Add'' button to enter a string. Use of an asterisk * will match any character(s), so ''*.mp3'' will audit any MP3 files, ''Doc*.docx'' will audit any .docx file beginning with ''Doc''. ''Document X.docx'' will audit that precise file name. |
Revision as of 22:25, 1 November 2015
Contents |
Overview
Ribbon Commands
Scanner Configuration
New Configuration: Asks you to save the current configuration, if desired, then a set of defaults is displayed for modification, to become the new configuration.
Load Configuration: Load a saved configuration.
Save Configuration: Save the currently displayed settings with the name that appears in the Scanner Name field. If it already exists, you will be asked to confirm.
Scanner Deployment
Deploy to Network: Writes the Scanner executable and configuration file to the network share. This must be done any time the Scanner configuration is changed, in order to output the settings to the configuration file used by the Scanner executable.
Instant Settings
These settings are the minimum you need in order to use the Scanner.
- Go to Administration > Auditing > AuditScanner Configuration.
- Enter the name of your network share in UNC format, \\SERVER\SHARE, in the Network Share Folder field. AuditWizard will populate the Data Folder field based on this information.
- Click the Save Configuration button. This saves the configuration with the name in the Scanner Name field.
- Click the Deploy to Network button. This writes the data and scanner folders to the root of the network share, if not present, then writes AuditScanner.exe and AuditScanner.xml (the Scanner executable and configuration file, respectively) into \\SERVER\SHARE\scanner.
Advanced Settings
General Settings
Scanner Name: The name for the scanner you are currently running. In addition to the technique of clicking the New Configuration button as noted above, you can create additional configurations by changing the Scanner name, then saving it, which saves a copy with the new name.
Description: Description of the currently loaded Scanner configuration.
Scanner Mode:
- Non-Interactive: The scanner runs in the background and is not visible to the user.
- Interactive: The scanner is visible to the user so they can fill in custom forms.
- First Time Interactive: The Scanner runs interactively the first time, then is invisible for subsequent audits. Useful for newly deployed computers that you want to get certain data from, but don't want users to see on a regular basis.
Re-audit Interval: The number of days that will pass before another audit is done. 0 is used to indicate that an audit will be done every time the Scanner runs.
Run Scanner Invisible to the User: Unchecking this option will place a notification icon in the notification area of the taskbar. The icon indicates that the Scanner is running.
Enable Auto-Upload for the results of this Scanner: There is a global setting that you can use to enable or disable automatic uploading in Upload Options. If you want to disable an individual configuration, load the configuration, uncheck this option and save the configuration.
Audited Items
Hardware
Various attributes of the computer. Turn general classes on or off by clicking the Configure button.
Internet Explorer Usage
History of websites visited and stored cookies. Turn these options on or off by clicking the Configure button.
File System
You can specify types of files to be scanned.
- Check the File System checkbox.
- Click the Configure button. The File System Audit Details dialog will open:
- The Folder section defines where the Scanner will look for files. To specify a specific folder or folders, click the Specified Folder(s) radio button. Click the Add button and enter a path. You can enter more than one. The paths are literal, i.e. exactly as they appear in a Windows Explorer address field. Wildcards are not supported. Note that in specifying a folder, any subfolders will also be searched, so, for example, to look for all the .pst files, choose C:\Users.
You can also specify All Folders, but this will increase the time it takes to run an audit. - The Files section lists the files you want to audit. All Executable Files will return any executable file, regardless of name. The files in Specified Files can be specific, such as game.exe or a wildcard can be used, such as *.pst. All Files will return every file and will take a long time.
It's important to note the relationship between the settings in Folders and Files. If you specify a folder or folders but don't specify files, you won't get any results. Similarly, if you configure files to audit and don't specify a folder, then you won't get results. The File System feature looks for the specified files in the specified folders. Note that you may sometimes not get results because those files weren't in that folder, though they may still be on the computer.
Windows Registry
You can specify registry keys to be audited.
- Check the Windows Registry checkbox and click the Configure button to open the Audit Registry Keys dialog.
- Click the Add Key button to open the Enter Registry Key dialog. Enter a Registry Key Name and Value Name, or click the Browse Registry button to open a dialog to browse to the desired key.
- Click the OK button to save the Registry key. It will appear in the Enter Registry Key dialog.
- Click the OK button to close the Enter Registry Key dialog.
Mobile Devices
Audit mobile devices such as phones and PDAs and the files on them. Manage these by clicking the Configure button.
USB Devices
To audiit the presence of USB devices such as flash drives and cameras that appear as storage volumes, check the USB Devices checkbox.
Additionally, the files contained on USB devices can be audited. Click the Configure button.
By default, the No Files radio button is selected. This will audit the presence of drives but none of the files contained on them.
To audit specific files or file types, click the Specified Files radio button and click the Add button to enter a string. Use of an asterisk * will match any character(s), so *.mp3 will audit any MP3 files, Doc*.docx will audit any .docx file beginning with Doc. Document X.docx will audit that precise file name.
To audit all the files on USB devices, click the All Files radio button.
Click the OK button to save the settings.
Software
Audits the software on a computer. Can be disabled.
Audit Scanner Location
Here is where you can define where the scanner will be built to. It is recommended that this location be in UNC path notation (\\ServerName\Folder). Users will need at least Read access to this folder. Admins will need Read/Write access if they are building new scanners.
Results Location
Here is where you can specify where the audits will go once a PC has been scanned. There are 3 different methods to send the results of the audit.
Network Folder
The Data folder should be specified in UNC path notation. Users and Admins will need Full Access to the folder.
FTP Site
For off-site assets that cannot connect to the network. The audits upload to an FTP site, for later download to the server. Click Details and the following window will be displayed:
Enter the Connection Type, Address, Port, Default Directory, and Login Credentials. Click OK to save the FTP settings.
Removable Media Device
For storage on removable media, specify a folder path in the Data Folder field.
To upload a copy of audit data files to an FTP server, check Upload copy of audit data files and click the Details button. An FTP Upload Settings window will be displayed where the FTP server information is entered.
Alert Monitor Settings
This is where the basic settings are for activating AlertMonitor and configuring check intervals.
To enable AlertMonitor, check Enable AlertMonitor for this Scanner Configuration. To set specific alerts, go to AlertMonitor Configuration.
Check for Setting Changes Every: X Seconds – This setting denotes how often the Alert Monitor will check for changes on the system.
Check for Alterable Changes Every: X Seconds – This setting tells the Alert Monitor how often to send the changes it has found back to the server.
Select a predefined Alert Monitor Definition: This is where you can select a default trigger that you have setup in AlertMonitor Configuration.
Configuring the Logon Script
When you first install AuditWizard, the Setup Wizard has a step that gives you the strings to use in your logon script. This is reproduced here:
Windows Networks
Add the following line to your Windows Logon Script
Start \\SERVER\SHARE\scanner\AuditScanner.exe
Novell Networks
Add the following line to your Novell Networks Logon Script
@\\SERVER\SHARE\scanner\AuditScanner.exe
Rebuild the Scanner
Most upgrades will require the scanner to be rebuilt and redeployed in order to ensure that the latest version is in use. The Release Notes will confirm this. To rebuild the scanner:
- Go to Administration > Auditing > AuditScanner Configuration.
- Click the Save Configuration button. This saves the configuration with the name in the Scanner Name field.
- Click the Deploy to Network button. This writes the data and scanner folders to the root of the network share.