On-Demand Audit Using domain account?

Alloy Network Inventory is a comprehensive, budget-friendly, easy-to-deploy network inventory solution that provides you with accurate and up-to-date information from every computer on your network.
 

On-Demand Audit Using domain account?

Postby Alan McCay on Mon Jul 25, 2005 11:30 am

HI all.

For some time now we have been trying to find a way to have the on-demand scan run under a domain account so that the datafolder share can be locked and only this account would have access ( security issues ) . The problem is that in theory this process should work, but does not.

Any one have any ideas, or reason why this does not work.

1.Create a Service account on domain controller called InventoryAdmin
2.install windows 2000 professional with SP4 and join to the domain and give local admin privilage to the InventoryAdmin user
3.Install the NINA inventory software on to the PC
4.Create a share on the c drive called Alloy -> give everyone full access for NTFS and Share level permissions
5. create a folder called Agent in Alloy directory
5. create a folder called AuditData in Agent folder->
security perimissions -
Domain admins-full control
InventoryAdmin-full control
EveryOne - remove all permissions
6. create a folder called logs in Agent folder
security perimissions -
Domain admins-full control
InventoryAdmin-full control
EveryOne - remove all permissions
7.In Deployment path of NINA give the respective folders
SharedAgent folder : \\sytemnameAlloyAgent
SharedInventoryrepositery folder :\\systemnameAlloyAgentAuditData
Shared Logfile folder : \\systemnameAlloyAgentLog
8. Registery settings or adding null share ( this can be done in two ways)

a) run addnullshare.exe from bin directory of NINA folder
>addnullshare.exe <share name>
ex:
>addnullshare.exe alloy

or

b) edit the register using regedt32.exe ( not regedit.exe)

Naviagate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters
Add share name to the NullSessionShares value example add Alloy for this example

9. Make sure you set the HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaRestrictAnonymous value to 0.


10. In tools --> Options --> oDomain
administratorSelect n-Demand Audit give the username : InventoryAdmin and password
11 Account type as domain account

2000 Client Configuration

Right click Mycomputer --> Manage--> services and Applications -->select WMI Control--> Rt click -->properties -->
Go to Security Tab -->navigate to RootCMIV2-->select security tab -->Add InventoryAdmin user and give remote enable permission
Alan McCay
Junior
 
Posts: 9
Joined: Mon Mar 14, 2005 11:17 am

Postby Alan McCay on Tue Jul 26, 2005 4:13 am

HI All, I have found the answer, and i will post it in the "network audit tips" section.

Regards, Alan
Systems Engineer
Alan McCay
Junior
 
Posts: 9
Joined: Mon Mar 14, 2005 11:17 am


Return to Alloy Network Inventory 4

Who is online

Users browsing this forum: No registered users and 1 guest

cron