Enterprise User Manual

Chapter 15

Audit Clients

---

You can use PC-Duo Enterprise's Client software to perform an audit of a PC population. This is typically used on standalone PCs which are not connected to the network at all.

This chapter describes the Audit mode with regard to running the Audit capture process on the Clients, configuring it, and loading the resultant data into the Console Host. Audit mode is intended to be used only when it is not appropriate to install the PC-Duo Enterprise Client software indefinitely on the desktop PCs, or when there is no network connection to support standard Client configurations.

The Audit mode allows Client software to be run from a floppy disk and for inventory data to be captured back to a floppy. Networked environments can benefit from higher performance by running the Audit capture process from a network drive, and writing results back to a network location.

Audit mode does not require the Client software to be left installed on the Client PCs and it is triggered by executing a single command with no subsequent user configuration required - data capture is automatic.

Audit mode captures Hardware Inventory data and user-prompted information, and Software Inventory is supported by collecting compressed directory snapshots for all hard disks. This allows a PC-Duo Enterprise Host to provide comprehensive Hardware and Software Inventory reports for audit Clients, exactly as for normal online or offline Clients.

The Audit process overlaps with PC-Duo Enterprise's offline Client support. Offline Clients use an intermediate area on a file server as a repository for data that cannot be accessed in real-time on the desktop PCs themselves. Audit data is handled in a similar manner. Once the data capture has been completed, the Console is used to load the Audit data into an area on a file server; this area would often be the same as the Offline repository used by standard Clients.

Audit mode is supported on all Windows platforms. It is not supported on DOS PCs which do not run Windows.

Understanding the Audit Architecture

PC-Duo Enterprise's Audit mode exploits the Offline mode that is used for networked Clients. The programs that perform the data capture are exactly the same as those used in normal installation, but they are delivered in a different way to allow easy configuration and to provide fast execution from a single floppy disk.

To support these requirements, the data capture programs are compressed and packaged in special self-extracting Zip files which are built with a variant of the WinZip product.

Audit Client Architecture

 

Furthermore, the 16-bit and 32-bit data capture executables are delivered in different self-extractors to avoid needless extraction of files that are not required on any individual platform.

The self-extracting Audit executables are built with the full version of WinZip Self Extractor and they cannot be modified reliably with the PKZIP or normal WinZip utilities.

The use of self-extracting Zip files increases the CPU load in accessing the applications within them, but this is normally outweighed significantly by the file access delay that would be incurred if they were delivered uncompressed on a floppy disk, since floppies are so slow. Indeed, many of the faster CPUs will give better performance with this approach than if the discrete files were uncompressed on a network drive.

Audit data is often captured onto floppy disk. Some organizations even do this when they are Auditing a network, because it can be easier to have staff with minimal training walking around with floppies and not having to deal with network connectivity issues.

Audit data for each PC typically takes less than 100KB, with the Hardware Inventory data representing approximately 20KB of that total, and the Software Inventory compressed directory snapshots taking the rest. The directory tree snapshots store the filenames, sizes and dates, but no file contents, for all files on local hard disks.

The size of the snapshots depends on the number of files present on each drive. When capturing Audit data onto a removable device, such as a floppy disk, PC-Duo Enterprise ensures that there is at least 200KB free before it starts the capture process. This is a conservative figure for most desktop PCs. If there is insufficient space available, the Audit operator is prompted to insert a fresh disk. (If the Audit data requires more than 200KB, which is very unusual, and the output device runs out of space during the capture process, PC-Duo Enterprise prompts the user to restart with a fresh floppy.)

In the specific case of running the Audit executables from a floppy drive (or any other removable device), PC-Duo Enterprise must take extra actions if a disk swap could occur for the captured data. So, if you run the Audit code from A:\, and the captured data is also directed to A:\, then a disk swap must be allowed in order to insert an Audit data disk. The Audit code prepares for this by copying extra files to the Windows TEMP directory so that the executables floppy is not required again and floppies can be swapped freely.

Files copied to the TEMP directory are deleted afterwards (sometimes the file deletion occurs when the PC is rebooted), so the main Client software does not remain installed on the PCs.

As mentioned above, the Audit data handling overlaps with PC-Duo Enterprise's Offline Client support. Whether Audit data has been captured to floppy disk, or to a network location, use the PC-Duo Enterprise Console to load data into the Offline repository (hence the use of the term Offline directory path). Once the Audit data is available, you can use the normal Host Inventory Operations to analyze the data and generate reports in the normal way.

The Audit architecture is designed to provide maximum performance, especially when the Audit is executed from a floppy disk, and to allow ready configuration of the capture process.

Performing Audits

To Perform an Audit on a PC, you must run LUAUDIT.EXE in one of the following ways:

• Run the file LUAUDIT.EXE from the Audit floppy disk, or:
• Run the file from the PC-Duo Enterprise CD via D:\LU32\AUDIT\LUAUDIT.EXE, assuming D: is the PC's CD-ROM drive, or:
• Run the LUAUDIT.EXE file from a network drive which holds a copy of these files.

Make sure you run LUAUDIT.EXE for both 16-bit and 32-bit platforms. Do not try running LUAUD16.EXE, LUAUD32.EXE, or any of the other Audit executables directly as this will cause the Audit process to fail.

The Audit kit is pre-configured to capture data to A:. It can be used immediately without requiring any configuration.

Running the Audit executables from a hard disk or network server location is possible, as is collecting the data back to a network server. In fact, you can copy the entire Audit kit area onto a file server and run the executables from there.

The root directory for Audit data (the Offline directory path) is specified by editing the LUCLIENT.INI file before starting the first audit process.

Do not attempt to aim Audit data directly into the Offline area used for offline Clients. The Audit data must be placed in this area under the control of the Console's Audit Loader Operation.

The Audit process is automatic and, apart from deliberate user prompted questions, such as department and phone number, it prompts the user only if data is being captured back to a floppy disk. PC-Duo Enterprise prompts for the correct disk to be inserted, if there is an error (for example, if a network connection could not be made to deliver the Audit results to a server location), or on completion of the Audit sequence.

Auditing would normally be performed by an audit operator, who requires minimal training, or it can be performed by individual desktop PC users, as the process is simple.

The Audit process can be customized to specify the location for collected data, to ask specific user prompted questions, and to select categories of information to be collected. If you are happy with the default user-prompted questions and the other customization settings, you can proceed with capturing data from a selection of machines onto a set of floppies. Once the capture has been completed, use the PC-Duo Enterprise Console to prepare for data analysis.

Loading Audit Data

Once the data capture has been completed, you use the Console to load the Audit data into an area on a file server; this area would typically be the same as the Offline Area repository used by offline Clients, but it can be an independent location.

Customizing the Audit Loader Operation

Before running the Audit Loader Operation to load the data, you must customize it to specify the Offline path. Additionally, if you have collected data to a network location rather than to floppy, you must specify the path of that location instead of A: in the Audit device path field. You can browse to both of these locations using the browse (...) buttons in the Audit Loader tab of the Customize Audit dialog.

Running the Audit Loader Operation

After customizing the Audit Loader Operation, you can load the Audit data. To do this, double-click on the Audit Loader Operation.

Auto-populating your Site with Audited Nodes

Once the Audit Loader Operation has been performed, you can use the other operations in the Console's Operations View to analyze and report the data.

PC-Duo Enterprise automatically loads data from the Offline Area when required. You can perform a Software Inventory scan, for instance, across a mixture of standard Clients, online Clients and audit Clients.

To Load Fresh Data for Audited Nodes

The Audit Loader must be performed only once for each floppy disk. In some situations, re-running the Audit Loader Operation with the same floppy disk copies the data into fresh subdirectories each time, but the new copies are ignored during the Auto-Populate phase, as the Nodes are already published in the Database.

If you need to load updated data for previously published Nodes, use the following procedure. If you have repeated the Audit data capture to get revised data, such as after a change to the user prompted questions, you must follow this sequence to make it visible to the PC-Duo Enterprise Hosts:

1. Find the "OfflineArea'' and "OfflineId'' Properties for the Node.
2. Combine these in the form OfflineArea\OfflineId to get the Offline subdirectory for the Node.
3. Delete all of the files in that subdirectory and remove the subdirectory itself.
4. Delete the Node from the Nodes View.
5. Delete all files from the Audit data floppy used previously.
6. Repeat the Audit data capture process on the Client PC, using the new Audit settings and user prompt questions, as appropriate.
7. Check the Audit Loader Operation is suitably configured, then re-run this operation to load the data from floppy.

This flushes the old data and makes the new data available. Audit support is principally intended for one-off Audits and not for repeated use on the same PCs unless the data is flushed in between.

If you want to use it for regular Auditing, perhaps once every six months, you may find that it is easier to delete all data from the Offline repository, and to create a fresh Site Database.

Configuring the Audit Procedure

The Audit sequence is controlled overall with the LUCLIENT.INI file which must exist in the same directory that contains the other Audit executables.

This text file is in a format that is also used by PC-Duo Enterprise's normal Client software as the Audit mode is just a variation on the normal Offline mode.

You can edit LUCLIENT.INI directly with a text editor such as Notepad, using the LUCLIENT.INI in the Audit directory as a template. This allows you to disable categories of inventory data collection and to set details for several items.

Note that PCs which are not part of a network do typically not have a Node name and, since the Node name is used as the principal means by which nodes are identified, it may be necessary to use the user-prompting facility to obtain an asset code, or a location, or user name, which can be used to identify PCs subsequently in PC-Duo Enterprise's database.

If you add a user prompted question that uses a database key of $NODENAME', the Audit Loader Operation uses the user's answer to that question as the Node name when the PC has no real Node name of its own. This is helpful for non-networked nodes which do not have a proper PC name.

Specifying the Audit Data Collection Area

The shipped LUCLIENT.INI nominates A:\ as the root directory for collected Audit data. The Audit process prompts the Audit operator to insert the correct floppy and checks that there is sufficient free space available. You can continue to use each floppy until it runs out of space, and then use a fresh disk.

Capturing data to floppy is suitable for non-networked PCs, but it does require a supply of blank, pre-initialized disks for the audit data. PCs that are on a network are normally handled better by copying the Audit executable area to a file server and editing the LUCLIENT.INI to nominate another server area to receive the data. The Audit executable area should be set read-only (write-protect any floppy disk copy), but the data area must allow full read/write access.

The Audit data collection area can be specified with a drive letter and directory path, or with a UNC style network path (potentially including username and password in normal PC-Duo Enterprise syntax). This is set by editing the following entry in LUCLIENT.INI:

 [Offline Mode] OfflineDirPath=a:\

The following entry would nominate an area on a server called "AWS", share "PUSH", using a username of "guest" and a password of "secret":

 [Offline Mode] OfflineDirPath=\\aws\push%guest:secret

It is recommended that you setup a new server share for collecting Audit data. Full read/write access is required.

Do not set "Disabled=Yes" in the [Offline Mode] section as this disables the audit process completely.

User Prompted Information

The Audit process would normally prompt the Audit operator to enter user-level information items, such as their name, department and telephone number.

The questions are specified in LUTINFO.REF, a text file which can be edited with the RefEdit application included in the Console kit. On a Console PC, double-click on the Audit LUTINFO.REF to automatically start and load this file.

The shipped LUTINFO.REF includes typical questions, but you can use the RefEdit program to customize these to suit your audit requirements.

Note that LUTINFO.REF must be present in the Audit executable directory if you want to use the prompting facility.

If you do not want to prompt the Audit operator for this information, you can disable user-prompted information with the following entry in LUCLIENT.INI:

 [User Prompting] Disabled=Yes

Software Inventory Directory Snapshot

The Audit process normally scan all directories on C:, D:, E:, F: drives on each PC and write a compressed snapshot file for each drive that exists.

You can control which drives are scanned by editing the following entry in LUCLIENT.INI:

 [Directory Snapshot] Drives=C,D,E,F

Note that drives which do not exist, and any that are removable (such as CD-ROMs), are skipped.

The directory snapshot is normally saved in a compressed and encrypted format but the data compression process itself is quite CPU-intensive. This is not normally a problem but you can disable the compression by changing the threshold settings in LUCLIENT.INI:

 [Directory Snapshot] Win16CompressThreshold=1 Win32CompressThreshold=1

The default settings mean that any drive which has more than one file will have data compressed, hence all drives use compressed data. To disable compression on Windows 3.x PCs, set the Win16CompressThreshold to a high value (up to 32000). The other threshold is used by PCs running Windows 95, 98 and Me, and Windows NT, 2000 and XP. The threshold settings are set separately for these platforms as the 16-bit PCs often have less CPU power available.

You can disable the directory snapshot completely, if you want, with the following entry in LUCLIENT.INI:

 [Directory Snapshot] Disabled=Yes

Segregating PCs

PC-Duo Enterprise's Offline mode, and its Audit mode, enable you to split up PCs by department, network domain, or any other criteria which make sense to you. Each group of PCs can be assigned a different "offline prefix" by editing the following entry in LUCLIENT.INI:

 [Offline Mode] OfflinePrefix=LU

You can use up to 4 filename characters to replace the default prefix of "LU". Offline ids are allocated with this prefix, and it is entered as a property value for each node in the PC-Duo Enterprise database.

The Audit Loader Operation in the Console has to assign fresh IDs when it loads audit data, and this operation must be customized to set the offline prefix before loading audit data from that group of PCs.

Even though prefix settings are not preserved automatically by the Audit Loader Operation, they can still be useful because they cause the audit data to be captured into directories which can be manipulated as a group.

For example, if you collect audit data into a network location using a prefix of "ENG'' for PCs in the Engineering department and a prefix of "MKTG'' for the Marketing department, then the data is captured into subdirectories of the form "ENGnnnn'' and "MKTGnnnn''. You could copy a block of these subdirectories to a different location to load a subset into the Database.

Pre-Process and Post-Process Commands

You can cause the Audit process to execute a command before the data capture begins and another after it has completed. This can be used to map a specific drive letter to a server share if PC-Duo Enterprise is not able to do this automatically. This may be the case in non-Microsoft network environments, particularly on plain Windows 3 and maybe Windows for Workgroups PCs which are not integrated with an underlying network stack. The drive letter can then be used to specify the Offline directory path in LUCLIENT.INI.

The shipped LUCLIENT.INI includes example entries for pre- and post-process sections, but they are set to be disabled. If you want to use this feature, set "Disabled=No" in the appropriate section and specify the command line that you want to be executed. You can also configure PC-Duo Enterprise to prefix the command line with the path to the Audit executable area (but this isn't useful in Audit mode as the files are decompressed into a temporary area before execution).

Debug Mode

The shipped LUCLIENT.INI has the following setting:

 [Boot Control] EnableDebug=Yes

This causes the data capture process to display visible windows while it is executing. This applies particularly to the DOS-level inventory capture process which appears briefly as a DOS box. If there is a problem capturing DOS-level data, having the DOS box visible allows a more speedy determination of the problem.

Debug mode also generates extra logging information which can help to solve a data capture problem.

Debug mode is recommended when performing audits but you can disable it with the following entry in LUCLIENT.INI:

 [Boot Control] EnableDebug=No

Disabling Specific DOS-Level Inventory Tests

PC-Duo Enterprise's DOS-level inventory capture process does not normally cause any problems, but the sheer variety and inconsistency of PC clones can reveal

problems during this low-level analysis stage. The LUHDWCHK program which performs this function allows individual tests and sub-tests to be disabled if they cause a failure (typically a PC hang). This is controlled with the LUHDWCHK.CFG file.

If the LUHDWCHK.CFG file is created in the Audit executable area, it is interpreted and obeyed by subsequent Audit scans.

Warning of Incompatible Settings

Note that the following settings should not be changed in an LUCLIENT.INI that is used for Audit processing:

 [Install] ApplicationDirectory= DataDirectory= [Boot Control] EnableFileSharing=No [Offline Mode] 
  Disabled=No PushOnce=No [Software Distribution] Disabled=Yes

Changing any of these settings can cause problems in Audit mode.

Vector Networks http://www.vector-networks.com Voice: +44 (0) 1827 67333 Fax: +44 (0) 1827 67068 info@vector-networks.co.uk