How to secure your data

Alloy Network Inventory is a comprehensive, budget-friendly, easy-to-deploy network inventory solution that provides you with accurate and up-to-date information from every computer on your network.
 

How to secure your data

Postby Alan McCay on Tue Jul 26, 2005 5:04 am

Hi All

Below is the best method we could think of to allow the inventory tool to run with least risk to the network security.

1.Create a Service account on the domain controller called InventoryAdmin
2.install windows 2000 professional with SP4 / XP Professional and join to the domain and give local admin privilage to the InventoryAdmin user
3.Install the Network inventory software on to the PC
4.Create a share on the c drive called Alloy -> give everyone full access for NTFS and Share level permissions
5. create a folder called Agent in Alloy directory
5. create a folder called AuditData in Agent folder->
security perimissions -
Domain admins-full control
EveryOne - remove all permissions
Select Advanced – Select Evevryone – Click Edit
Select – Read Attributes, Create file / write data, Delete subfolders and files, read permissions
6. create a folder called logs in Agent folder
security perimissions -
Same as above
7.In Deployment path of NINA give the respective folders
SharedAgent folder : \\sytemnameAlloyAgent
SharedInventoryrepositery folder :\\systemnameAlloyAgentAuditData
Shared Logfile folder : \\systemnameAlloyAgentLog
8. Registery settings or adding null share ( this can be done in two ways)

a) run addnullshare.exe from bin directory of NINA folder
>addnullshare.exe <share name>
ex:
>addnullshare.exe alloy

or

b) edit the register using regedt32.exe ( not regedit.exe)

Naviagate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters
Add share name to the NullSessionShares value example add Alloy for this example

9. Make sure you set the HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaRestrictAnonymous value to 0.


10. In tools --> Options --> on-Demand Audit give the username : InventoryAdmin and password
11 Select Account type as Domain administrator


2000 Client Configuration

Right click Mycomputer --> Manage--> services and Applications -->select WMI Control--> Rt click -->properties -->
Go to Security Tab -->navigate to RootCMIV2-->select security tab -->Add InventoryAdmin user and give remote enable permission


These settings will allow a domain user account ( not domain admin) - "InventoryAdmin" to logon to the client pc. Run the scan and output the content to the Data folder. Note that the permissions deny any other domain users from accessing this folder ( view / write )
Alan McCay
Junior
 
Posts: 9
Joined: Mon Mar 14, 2005 11:17 am

Return to Alloy Network Inventory 4

Who is online

Users browsing this forum: No registered users and 4 guests

cron