Page 1 of 1

bootable usb/cd auditing

PostPosted: Mon Oct 12, 2009 12:33 pm
by nchan
Hello,

I was just wondering if anyone has had any success in creating a bootable usb key or CD that will run the audit program from a compact Windows environment such as WinPE or BartsPE. The purpose of this would be to audit computers as soon as they come in even if there is no OS loaded on the PC. Any advice would be greatly appreciated!

Re: bootable usb/cd auditing

PostPosted: Fri Oct 16, 2009 6:11 pm
by AKarasev
Hi,

Do you ask how to create bootable usb or CD with compact Windows environment or you already have such bootable drive and just doubt how to install audit program with autorun option on it?

Re: bootable usb/cd auditing

PostPosted: Mon Oct 19, 2009 12:49 pm
by nchan
Thanks for your reply. I'm trying to find the easiest method in auditing brand new computers. I've tried WinPE and BartsPE, but I couldn't figure out how to edit the bootup config to run the audit file. I have an exe file that that will run the audit and email it to me.

Re: bootable usb/cd auditing

PostPosted: Tue Nov 03, 2009 2:28 pm
by eliaslynch
See if this helps you. It talks about running a script at the end of the startup for BartsPE. This may help you run the audit tools like you want.

pt startup BartPE
http://www.msfn.org/board/script-startu ... c12efc1382

Re: bootable usb/cd auditing

PostPosted: Thu Nov 12, 2009 1:52 pm
by pille
Here ya go. See if this helps. These steps should work in helping you create a Windows PE 2 boot environment including ina32.exe that will start automatically on boot.

Note theres a known issue that prevents the current release version of ina32.exe (5.0.0.1394) From producing an audit snapshot file in a WinPE 2 boot environment. Using ina32.exe version 4.8.2 will work.

1. Download Windows Automated Installation Kit (AIK) for Windows Vista SP1 and Windows Server 2008

http://www.microsoft.com/downloads/deta ... laylang=en

2. Mount the .iso file you downloaded into a CD/DVD Emulation Software or burn the image to a DVD, then open the disk in explorer and run startcd.exe.

3. In the dialog window, select Windows AIK setup. This will install Windows AIK.

4. Start the Windows PE Tools command prompt from the Start Menu.

5. At the command prompt type:

Code: Select all
copype.cmd x86 d:\temp\WinPE


This will create d:\temp\WinPE folder and two subfolders: ISO and mount, and copy over all required files for the specified architecture (x86 in this example)

6. Mount the base image to the mount subfolder so that it can be edited:

Code: Select all
imagex /mountrw d:\temp\WinPE\winpe.wim 1 d:\temp\WinPE\mount

7. Deploy ina32.exe to the d:\temp\Audit folder and configure it to send audit snapshots via email

8. Copy the Audit folder to the d:\temp\WinPE\mount folder for ina32.exe files to be part of the booted image which loads to the X: drive.

Code: Select all
xcopy d:\temp\Audit d:\temp\WinPE\mount /e /i /h


9. In the d:\temp\WinPE\mount\Windows\System32 folder, locate the Startnet.cmd script. Open the script in notepad and add the following line after the Wpeinit line that already exists there:

Code: Select all
X:\Audit\ina32.exe


Save and close the file.

10. Unmount the base image and commit the changes to its file (winpe.wim):

Code: Select all
imagex /unmount d:\temp\WinPE\mount /commit


11. Having created a new winpe.wim file in the d:\temp\WinPE folder, you must now replace the default Boot.wim in the \ISO directory with your new customized image. The image must be called Boot.wim:
copy d:\temp\WinPE\winpe.wim d:\temp\WinPE\ISO\sources\boot.wim

12. Create a bootable CD/DVD image file:
Code: Select all
oscdimg -n -bd:\temp\WinPE\etfsboot.com d:\temp\WinPE\ISO d:\temp\WinPE2.iso


The WinPE2.iso file can now be burned to a CD or DVD using any CD/DVD writer software.

13. Boot a computer from the CD or DVD you created. After WinPE loads, ina32.exe will start. If you configured ina32.exe correctly and WinPE was able to detect a network adapter and install drivers for it, ina32.exe will audit the machine and send the audit snapshot file produced via email.

Re: bootable usb/cd auditing

PostPosted: Tue Nov 24, 2009 2:36 pm
by nchan
Hi, sorry for the delayed post. I've been trying to use WinPE to create a boot disc following the instructions listed. The email audit file I've been using uses a command line email utility called Blat (www.blat.net) in conjunction with the audit file to email the audit files to a specific address. The problem is that Blat has to write the audit files to disk first before it attaches the files and emails them. This probably won't work for WinPE since it's an ISO on a cd....is there's a way to configure ina32.cfg to email the files?

Re: bootable usb/cd auditing

PostPosted: Tue Nov 24, 2009 2:41 pm
by pille
Sure, just do ina32.exe /?

Code: Select all
Command Line Options:
=====================

/h or /? - show this screen

Output Options
--------------
/out=[path]  - specify output directory for the audit snapshots

/ini=[path] - specifies location of the ina32.ini file. If the specified
                  location is not on the local computer, the option will be
                  ignored and the default location will be used.

/cfg = [file name] - specifies configuration file to be used by the ina32.

/log = [path] - specifies the output directory for the log files.

User ID options
---------------
/user=[name] - allows to specify (override) user's full name

/userid=[userid] - allows to specify (override) user ID

/email=[email] - specify value for Email field

/nameformat=[format] - format specifier for the output name.
                  The $FN$ and $LN$ placeholders designate the placement
                  of the first name and last name respectively. If the format
                  contains spaces it must be enclosed in double quotes.
                  Example: "$LN$, $FN$" - outputs "Doe, John"
                           "$FN$ $LN$" - outputs "John Doe"

Mode Options
------------
/q or /silent - force silent mode
/i or /interactive - force interactive mode

Asset Tag options
-----------------
/assettag=[AssetTag] - specify asset tag
/autotag - specifies the order in which Inventory Analyzer will
           attempt to automatically assign the Asset Tag.
           AT - BIOS asset tag
           SN - BIOS serial number
           CN - computer name

           Example:
           /autotag=AT,SN,CN - first use BIOS asset tag, if it is blank,
                               then try BIOS serial number, if it is also
                               blank then take computer name

Inventory Options
-----------------
/force - ignore schedule settings and excluded computers and users
         for inventory and file scan
/forceinventory - forces an immediate audit regardless of both the inventory
                  schedule settings and the excluding rules for computers
                  and users.
/forcescan - forces an immediate file scan regardless of both the file scan
             schedule settings and the excluding rules for computers
             and users.
/logsize=[size in KB] - specifies maximum size of the log file.
                        If the log file exceeds the specified size limit,
                        it will be renamed and a new log file will be created.
/auditdelay=[integer] - delay in minutes before starting the audit process
/samba - prevents the ina32 from setting permissions to the output audit
         files. Use this option if your output audit files are stored on
         a non-Windows file server.

Interactive Mode Options
------------------------
/nocancel - hide the Cancel button
/nosaveto - hide the Save To option

E-Mail Options
--------------
The e-mail options are used for e-mailing audit results.

/smtp_to=[recipient address] - specifies the recipient's e-mail address
/smtp_from=[from address] - Inventory Analyzer places this value
                            to the "From" field of the e-mail message
/smtp_server=[SMTP server name] - specifies the SMTP server name
/smtp_port=[port number] - specifies the SMTP server port number.
                           If this option is not specified,
                           default port number '25' is used.
                           If SSL is used, the default port
                           number will be '465'.
/smtp_user=[user id] - specifies the user id for authorization
                       at the SMTP server. This option must be used
                       if the SMTP server requires authorization
/smtp_password=[password] - specifies the password for authorization
                            at the SMTP server. This option must be used
                            if the SMTP server requires authorization
/UseSPA - use Secure Password Authentication in e-mail related operations.     
/UseSSL = [NO|TLS|SSL|TRYTLS] - use SSL in e-mail related operations.
                              - NO: Do not use SSL.
                    - TLS: Establish secure connection
                                using TLS protocol. If TLS protocol
                                is not available, abort connection.
                    - SSL: Establish secure connection
                                using SSL protocol. If SSL protocol
                                is not available, abort connection.
                    - TRYTLS: Establish secure connection
                                using TLS protocol. If TLS protocol
                                is not available, establish non-secure
                                connection.

Re: bootable usb/cd auditing

PostPosted: Tue Nov 24, 2009 7:31 pm
by nchan
I used the email switches. Now i'm getting an error saying "The system cannot find the path specified". Initially I thought maybe it was a network driver issue but I can ping the network fine and I'm getting an IP. When I run it from within the OS it works fine and I get the email with the audit results, but it still creates an AuditData and Log folder to put the results, which might be the issue within the WinPE environment. Is there a way to edit the ina32.CFG file so that it doesn't create those two folders? I assume when the audit runs in WinPE, the results get put in a temp location on ramdisk.....

thanks again for all your help!

Re: bootable usb/cd auditing

PostPosted: Thu Dec 03, 2009 4:03 pm
by pille
I'd try to use the /out and /log paths to control where the files go or yes, set the paths in the .cfg.