Enterprise User Manual

Chapter 18

Audit Clients

---

Audit mode allows you to collect inventory data and user prompts from PCs without installing the Enterprise Client application. It enables the Console to provide comprehensive information management for PCs where it is not appropriate to install the Enterprise Client, or that are not connected to a network.

Audit mode is supported on all Windows platforms. It is not supported on DOS-only PCs.

The Audit Process

In a standard Enterprise installation, the Client application runs in Offline mode. It is installed on networked PCs, and automatically copies snapshots of the PCs' hardware and software data to an intermediate Offline Area at specified intervals. This enables Console users to collect Client information even when the Client PCs are not currently available.

Audit mode uses a similar process, but, instead of being installed on a PC, the Client application is run manually from a compressed, self-extracting file on network share, or removable media, such as a diskette, or writable CD. The Audit is triggered by executing a single command with no subsequent user configuration required. The data is then captured to removable media or a network share and copied to an Offline Area using the Load Audit Data operation in the Console. From there, the data can be saved to the Site database and used as normal.

Audit Client Architecture

The amount data captured from a PC depends on the number of files installed. A typical PC requires approximately 250KB, with hardware data comprising about 20KB of the total, and the directory snapshots of the software on each fixed drive being responsible for the remainder. (Directory snapshots store the names, sizes and dates of files, but no file contents.)

When the audit is executed from a removable device, it first copies the executable files to the Windows TEMP directory. This enables the audit to continue even if it needs a second disk to store the captured data. These copied files are deleted when the audit is complete.

Configuring the Audit Procedure

By default, the audit process collects hardware inventory, software inventory and user prompt information, and saves it to the audit PC's A: drive. If you want to select which information is collected, or specify the location of the saved files, you can edit the LUCLIENT.INI file in the Console's
AuditClientKit directory with a text editor, such as NOTEPAD, before using the Audit procedure to collect data.

The installed audit kit works only with Windows 95 or later. If you want to edit an audit kit for a Windows 3.x system, you must first copy the 16-bit audit kit from the \LU32\AUDIT\16-bit directory on the Enterprise CD.

If you are running the audit from diskette or a network share, LUCLIENT.INI must be located in the same directory as the other audit files.

Specifying the Data Collection Area

Capturing data to diskette is only necessary for non-networked PCs. You can collect data from networked PCs by copying the Audit executable area to a file server and editing the LUCLIENT.INI file to specify the server area in which you want to save the audit data. The Audit executable area must be read-only; the data area must allow full read/write access.

By default, LUCLIENT.INI specifies A:\ as the root directory for collected Audit data. To change the data collection area, edit the following entry in LUCLIENT.INI:

 [Offline Mode] OfflineDirPath=a:\

You can specify an alternative collection area by entering its drive letter and directory path, or its UNC location (including a username and password if required).

For example:

 OfflineDirPath=\\aws\push%guest:secret

This specifies an alternative collection area on a server called AWS, with a share called PUSH. The Audit executable accesses the area using the guest account with a password of secret.

We recommended you setup a new server share with full read/write access for collecting Audit data. Do not save Audit data directly into an Offline Area. The audit data must be placed in this area using the Load Audit Data operation in the Console.

Do not specify Disabled=Yes in the [Offline Mode] section. This disables the entire audit process and is used for debug purposes only.

User Prompted Information

By default, the Audit process does not collect information from the user of the target PC. If you want to use prompting in Audit mode, you can enable it by changing the User Prompting entry in the LUCLIENT.INI file to:

 [User Prompting] Disabled=No

The prompt file in the Audit kit includes the standard questions for the user's name, department and telephone number. If you want to change these questions, double-click Audit LUTINFO.REF from a Console PC and enter the new prompts before starting the audit.

Enterprise uses node names to identify Clients in the Site database. If you audit a non-networked PC that does not have a node name, Enterprise assigns it a unique identifier starting _STD. Alternatively, you can assign your own name to an audit PC by creating a user prompt with a database key of $NODENAME. The Load Audit Data operation uses this response as the PC's node name.

Software Inventory Directory Snapshot

The Audit process scans all directories on all fixed drives of each PC and writes a compressed snapshot file for each drive. To restrict the audit to specific drives, edit the Drives entry in LUCLIENT.INI. For example:

 [Directory Snapshot] Drives=C,D,E,F    

The audit process skips any removable drives (such as CD-ROMs), and any drives that are not present.

The directory snapshot is compressed and encrypted by default. You can disable snapshot compression by changing the Directory Snapshot setting. To disable compression on Windows 3.x PCs, set the Win16CompressThreshold to 32000; to disable compression on Windows 95 or later, set Win32CompressThreshold to 32000. For example:

 [Directory Snapshot] Win16CompressThreshold=32000 Win32CompressThreshold=32000 

The default setting of 1 forces the compression of data for drives that have more than one file. The threshold settings are separated because PCs running 16-bit operating systems are usually less powerful than 32-bit systems.

To completely disable the directory snapshot, change the Disabled parameter in the Directory Snapshot section:

 [Directory Snapshot] Disabled=Yes

Segregating PCs

Like offline mode, audit mode enables you to split PCs by category, such as department, or network domain. Each group of PCs can be assigned a different prefix by editing the OfflinePrefix parameter in LUCLIENT.INI:

 [Offline Mode] OfflinePrefix=AU

Offline IDs are prefixed with this string, and it is stored as a property value for each Client in the Site database. You can specify a prefix of up to four characters.

The Load Audit Data operation assigns fresh IDs when it loads audit data. You must customize the operation to set the offline prefix before loading audit data from a group of PCs.

Although prefix settings are not preserved by the Load Audit Data operation, they can be used to separate the audit data. For example, if you collect audit data into a network location using prefixes of ENG for the Engineering department and MKTG for the Marketing department, the audit data is captured into ENGnnnn and MKTGnnnn subdirectories. You can then copy these subdirectories to a different location and load them into the Site database separately.

Pre-Process and Post-Process Commands

The audit process can execute a command before data capture begins and another after the capture is completed. You can use this facility to map a drive letter to a server share when Enterprise is unable to do this automatically. The drive letter can then be used to specify the Offline directory path in LUCLIENT.INI.

The default LUCLIENT.INI includes pre- and post-process examples. To enable these features, set Disabled=No and enter the command line you want to execute.

Debug Mode

Debugging displays information windows during the data capture process and generates extra logging information to help identify problems. To enable debug mode, change the Boot Control section of LUCLIENT.INI to:

 EnableDebug=Yes

Performing Audits

Auditing can be performed by any user who has access to the target PC. The process is automatic and prompts only for the correct disk to be inserted; if there is an error (for example, if the audit results disk is full); and on completion of the audit sequence. If you have specified user prompts, the audit also displays the prompt questions.

When using a diskette or writable CD, the audit checks that there is at least 300KB of free space before starting the capture process. If there is insufficient space available, users are prompted to insert a fresh disk.

The Audit kit is initially configured to capture data to the PC's A: drive, and to display the default user prompts supplied with Enterprise. To save the audit data to another drive or a network share, or to customize user prompting, edit the LUCLIENT.INI file before performing the audit. For more information, see "Configuring the Audit Procedure".

You can perform an audit on a PC, in several ways:

To perform an audit from removable disk:

1. Create an audit disk by copying the audit software to the root directory of a blank diskette or writable CD.

   For PCs running Windows 95 or later, copy the contents of the AuditClientKit directory from the Console's installation directory.

   For PCs running Windows 3, copy the contents of \Enterprise\Audit\32-bit directory.

2. Insert the disk in the PC and run AUDIT.EXE.

   If the Audit requires more than 300KB and the output device runs out of space, Enterprise prompts you to restart with a fresh disk.

To perform an audit from the Enterprise CD:

1. Insert the PC-Duo Enterprise CD and a blank disk in the PC.
2. Run AUDIT.EXE. from the CD's \LU32\AUDIT\32-bit or 16-bit directory.

To perform an audit from a network share:

1. Copy the contents of the Audit Client Kit to a network share that is accessible to all the PCs you want to audit.
2. On the PC you want to audit, run the appropriate version of AUDIT.EXE from the share.

Loading Audit Data into Enterprise

When the data capture is complete, you must copy the audit data to the Offline Area of a Site using the Load Audit Data operation in the Hardware Scan folder of the Console. Once there, you can save the data to the Site database using hardware and software inventory operations as normal.

Before using the Load Audit Data operation, you must customize it to specify the Offline Area to which you want to copy the audit data.

To customize the Load Audit Data Operation:

1. In the Console, right-click the Load Audit Data operation and choose Customize from the shortcut menu. The Customize Load Audit Data dialog is displayed.
2. Select the Audit Loader tab.
3. In the Audit device path field, enter the device and path of the root location of the audit data:

   To load the data from a diskette, enter the location of the drive (for example A:\).

   To load the data from a share located on your network, enter the Offline Directory Path used at the Client during the audit data capture process.

4. In the Offline path list, select the location of the Offline Area in which you want to store the audit data. The audit data is loaded from the Audit Device Path and saved in subdirectories within this area. It can then be collected using a standard inventory operation.
5. In the Offline Prefix field, enter a prefix for data collected using this operation. By default, the OfflineID of Clients begins with LU. If you want to identify the Audit Client data in the Console or group it using a SQL expression, enter a new prefix of up to four characters.
6. Click the OK button to save your changes and close the dialog.

To load the audit data into the Offline Area, click the Load Audit Data operation. The audited PCs are automatically added to the All Clients groups and the Audit Clients group in the Custom Groups folder. To collect the audit data from the Offline Area and save it to the Site database, perform an Update Hardware Inventory and Update Software Inventory on the PCs. You can then analyze the data and create reports as for standard Offline Clients.

Audited PCs count against your license limit.

Re-auditing Clients

Audit support is intended for single collections of data. Rerunning the Load Audit Data operation with the same disk can copy the data into fresh subdirectories each time, but the new copies are ignored, as the Clients are already in the Site database.

If you want to load updated data for previously published Clients, or if you have repeated the Audit data capture to collect revised data, use the following procedure.

To update audit data:

1. Delete the Offline Area\Offline ID directory for each Audit Client.
2. Delete the Audit Clients from the Clients View.

   Clients created using the Audit method are listed in the Audit Clients Group.

3. Delete all files from the audit disk used previously.
4. Repeat the audit process on the Client PCs, using the new audit settings and user prompt questions.
5. Check the Load Audit Data operation is configured, then run the operation to copy the data to the Offline Area.

Auditing PCs from the Console

The Perform One-Shot Audit operation provides an alternative method for collecting hardware and software information from PCs where the Enterprise Client application is not installed. Using the LANdeploy component of Enterprise, the operation enables you to execute an audit on PCs directly from the Console, and to automatically copy the PCs' audit data to the current Site's Offline Area. Once there, the data can be saved to the Site database normally and accessed in the same way as for Offline Clients.

The Perform One-Shot Audit operation can only be used on Windows NT, 2000, XP, or 2003 systems. The PCs must be online and available across the network to perform an audit using this operation.

To perform a One-shot Audit:

1. In the Client Deployment & Maintenance folder, click the Perform One-shot Audit operation. The LANdeploy Wizard is displayed. Click the Next button to continue.

   The Package Definition displays the One-shot kit from the Site's Offline Area.

   If the Site has more than one Offline Area, the operation uses the kit from the first area listed in alphabetical order.

2. To view or edit the audit settings, click the Edit PD File button. Click the Next button to continue.

   For more information on configuring the audit settings, see "Configuring the Audit Procedure".

3. In the Install Type dialog, click the Next button to continue.

   The Select PCs dialog lists the domains that are currently available from the Console.

4. To select the PCs you want to audit:
   1. Choose Selected Nodes.
   2. Select an entry in the domain list.
   3. Select one or more PCs in the nodes list.
   4. Click the Next button to continue.

      The Installation Account dialog is displayed.

5. In the Installation Account fields, enter the User Name, Password and Domain details of the account that Enterprise can use to access the PCs during the audit and click the Next button to continue.

   The account must have Administrator privileges.

6. In the Kit Path dialog, click the Next button to continue.
7. To record progress messages from the audit, enter the details of the file you want to use in the Progress Log Path field. To record error messages from the audit, enter the details of the file you want to use in the Error Log Path field.

   The file locations must be network shares that are accessible to all target PCs. The locations must be specified as UNC paths, and include any access permissions required.

   Click the Next button to continue. The Installation Options dialog is displayed.

8. By default, audits are performed when users reboot or log on to their PCs. If you want to run the audit immediately, select the Real Time Mode check box.
9. If you want to record information to help debug unsuccessful audits, select the Debug Mode check box.
10. Select a run mode for the audit. Choose:

    Normal Mode to prompt users with start and end messages, and to display any messages on the target PCs.

    Silent Mode to suppress all information messages and only display errors on target PCs.

    Totally Silent Mode to suppress all information and error messages on target PCs.

    Click the Next button to continue.

11. In the Refusal Count dialog, click the Next button to continue.
12. In the Save Script dialog, click the Execute button to start the audit.

When the audit is complete, the PC data is copied to the Offline Area from which the One-shot kit was loaded. If the Offline Scanner is enabled, the data from the audited PCs is automatically saved to the Site database. If the Offline Scanner is not enabled, run the Find Clients operation to detect the audited PCs, then run Update Hardware Inventory and Update Software Inventory operations on the PCs to save the inventory data to the Site database.

PCs audited using the One-shot method are displayed in the Console's One-shot Client Group.

Vector Networks http://www.vector-networks.com Voice: +44 (0) 1827 67333 Fax: +44 (0) 1827 67068 info@vector-networks.co.uk