Web Tracks
    Help and Documentation
BookmarkPrint
Display Legacy Contents

Home > Windows Applications > Web Tracks Audit

Web Tracks Audit

Executable Name: WTAudit.exe
Default Location: C:\Program Files\Gritware\Web Tracks\WTAudit
Requirements: .Net Framework Version 2.0 through 3.5.1 (will also run on .Net 4 or 4.5 if the WTAudit.exe.config file is present.
Purpose: Perform unattended Audits,  Audit single workstations, Audit computers in different domains, Import Audit Files. 

Remarks: WTAudit.exe may be copied to other computers meeting the above requirements.

COMMAND LINE PARAMETERS:

 MODE

NORMAL

Audit runs and user must press Close to end the program.

SILENT

Audit runs hidden and closes when completed

AUTO_CLOSE

Audit runs visible but closes when completed

NETWORK

Triggers a network audit.  When using this mode you must specify either LDQ, COMPLIST, or IPRANGE.  In addition you must also specify the USERID, DOMAIN and PASSWORD parameters.

IMPORT

Open a graphical user interface used to import XML files into the database.  The WEB_SERVICE_URL parameter is required for IMPORT mode.

WEB_SERVICE_URL (may be abbreviated as WSU)

The URL to the Web Tracks Web Service (RootOfWebTracksSite/Services/WebTracksServices.asmx)

Example:  WEB_SERVICE_URL=http://YourServer/WebTracks/Services/WebTracksServices.asmx

NOTE:  This parameter is required when the MODE is set to NETWORK or IMPORT.  If this parameter is SET for NORMAL, SILENT, OR AUTO_CLOSE the program will use the Web Service to record the audit directly to the Web Tracks database.  If this parameter is not supplied the audit will be written to a file named <ComputerName>.xml.

LDQ (NETWORK MODE)

This must be a valid LDAP Query String.  Use Quotes if the query contains spaces.

 Examples:

LDQ= LDAP://DC=yourdomain,DC=com

Retrieves all computers from the yourdomain.com domain

LDQ= LDAP://MYLDAPSERVER

Retrieves all computers listed on the MYLDAPSERVER server

LDQ=LDAP://OU=IT,DC=hq,DC=yourdomain,DC=com

Retrieves computer from the IT organizational unit in the domain hq.yourdomain.com

"LDQ=LDAP://OU=Accounts,OU=Finance,DC=hq,DC=yourdomain,DC=com"

Retrieves computers from the Accounts organizational unit contained within the Finance organizational unit in the domain hq.yourdomain.com.  Note the quotation marks surrounding the entire parameter.  This is required if your LDAP Query contains spaces.

NOTE:  The order of the items is important. For example if you have an Organizational Unit Named Accounts that contains the Organizational Units Accounts Payable and Accounts Receivable you would need to list the end node of the tree first and work your way up. The valid order for the tags is OU, then DC.
(Correct)
LDAP://OU=Accounts Payable,OU=Accounting,DC=yourdomain,DC=com
(Incorrect)
LDAP://OU=Accounting,OU=Accounts Payable,DC=yourdomain,DC=com

Note: specifying the LDQ parameter forces MODE=NETWORK

IPRANGE (NETWORK MODE)

The 4th octet specifies the range with a dash (-).  Do not include spaces in this string.

Example: IPRANGE=192.168.0.100-200

Note: specifying the IPRANGE parameter forces MODE=NETWORK

COMPLIST (NETWORK MODE)

Use a comma with no spaces to separate computer names.

Example: COMPLIST=ComputerA,ComputerB,ServerC

Note: specifying the COMPLIST parameter forces MODE=NETWORK

USERID (Only applies and is required when MODE=NETWORK)

A User ID with Administrative Access to the computers in the Domain.

Note: You may also specify the USERID in the domain\username format.  If you specify it in this manner the DOMAIN parameter is not needed.

DOMAIN (Only applies and is required when MODE=NETWORK)

The Domain of the USERID

PASSWORD (Only applies and is required when MODE=NETWORK)

The Password of the USERID in the specified DOMAIN

REAUDIT (optional – default is true – only applies when the LDQ parameter is specified)

If set to true the Audit process will update computer records which are already in the Web Tracks Database.  If this value is set to False the Audit process will only audit computers which do not currently exist in the Web Tracks database.  Typically you would set REAUDIT to false only if you were only wanting to discover new computers.  This parameter is only available when auditing using a LDAP Query (the LDQ parameter).

CONCURRENT (optional – default is 4 – only applies when MODE=NETWORK)

Specifies the number of audits to run concurrently (valid values 1-10)

EMAIL (optional – only applies when MODE=NETWORK)

If an email address is supplied a summary report will be mailed to this address upon completion of the audit. For this option to work make sure you have configured the Email Settings (Mail Server Tab) from Web Tracks in the Admin section.

EXAMPLES:

Use this example to audit all computers in your domain and email a summary report to myemail@myDomainName.com:

WTAudit.exe MODE=NETWORK LDQ=LDAP://MYDOMAINNAME USERID=myUserID DOMAIN=myDomainName PASSWORD=myPassword EMAIL=myemail@myDomainName.com WEB_SERVICE_URL=http://YourServer/WebTracks/Services/WebTracksServices.asmx

Use this example to create an XML audit file on the computer which the program is running.  You may want to run the audit program in this manner when the computer does not have access to the Web Tracks website.

 WTAudit.exe

Use this example to Audit computers which do not currently exist in the Web Tracks database from the Accounting organizational unit contained within the Finance organizational unit in the domain hq.yourdomain.com:

WTAudit.exe MODE=NETWORK LDQ= LDAP://OU=Accounting,OU=Finance,DC=hq,DC=yourdomain,DC=com USERID=myUserID DOMAIN=myDomainName PASSWORD=myPassword EMAIL=myemail@myDomainName.com REAUDIT=FALSE WEB_SERVICE_URL=http://YourServer/WebTracks/Services/WebTracksServices.asmx

This sample will silently audit the computer on which the program is running and automatically record the information to the database.

WTAudit.exe MODE=SILENT WEB_SERVICE_URL=http://YourServer/WebTracks/Services/WebTracksServices.asmx

This sample will audit the IP Addresses between 192.168.0.100 and 192.168.0.200.  This sample also uses a few shorthand notations by specifying the root of the site, including the domain in the USERID, and omitting the MODE parameter (MODE=NETWORK is forced since the parameter IPRANGE was supplied).

WTAudit.exe IPRANGE=192.168.0.100-200 USERID=myDomain\myUserName PASSWORD=myPassword WSU=http://YourServer/WebTracks

AUTOMATING:

The real power of WTAudit.exe comes from automating the audit process.  To automate this process, simply copy the command into a batch files (e.g., audit.bat).  You can also create a scheduled task to run this batch file.  See How to Schedule Tasks for additional information.

TIP: You may copy the WTAudit.exe and WTAudit.exe.config files to USB drives and/or shared network locations for convenience.

RUNNING WTAUDIT.EXE FROM A REMOTE DRIVE

The audit program was written in .NET and conforms to the managed code security enforced by Windows Operating Systems. Due to the fact that the audit program reads registry information the application must run as 'FullTrust'. By default applications which are executed from a local file path on the computer receive FullTrust. For this reason we recommend auditing computers that are not on your network using a USB flash drive or other portable disk.

If you wish to run WTAudit.exe from a disconnected network you will need to elevate the share from which the program will be run to a 'FullTrust' share. Below are the steps to enable a computer to fully trust managed code from a network share…
1.  Open a command prompt
2.  Type "cd %windir%\Microsoft.Net\Framework\2.0.50727
3.  Type "CasPol.exe -m -ag 1.2 -url file://\\YourServer/YourMtAuditShare/* FullTrust"
For more information on caspol.exe visit…
http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx

 

See also

 Trouble Shooting RPC Errors when Auditing Computers 
Auditing Computers