Workstation and User Auditing the Simple Way
Novell Cool Solutions: Trench
By Andrew White
Digg This -
Posted: 15 Jul 2004
Note: An alert reader sent in this little heads up for those of you who wish to use Andrew's Cool Solution. Feedback: Andrew White's solution is nice, but PSInfo is not licensed for free use when run from a file server. I nearly got burned bad by that one once. See http://www.sysinternals.com/licensing.shtml
I've seen a few requests on forums recently for people asking the best way to do some basic workstation or user auditing so I thought I'd share my solution here. I'm also on a quest to get all 8 colours of t-shirts ;-)
Being at a college, I'm often asked by lecturers to tell them who was the last user on a certain PC or what the usage stats for a particular lab has been. I started thinking that not only would it be good for our helpdesk to hold such information, but if we could do a workstation audit at the same time then the information would have some real use.
So I started looking round for free tools (hey, I'm a college, even free is too expensive) that would help and I wrote a batch file that each user calls from their container login script. (I must point out that all PC's here are Windows 2000 so this won't work for W9x users.)
The batch file uses two free utilities.
- Firstly, it uses HFNetChk from Shavlik, which is a command line tool that scans a Windows workstation or server and reports on any outstanding OS patches.
- Secondly, I use PSInfo from SysInternals which is also a command line utility that scans a windows workstation or server and performs an audit of hardware, OS versions and installed software.
Finally, I use a few system variables and pipe the results into three log files which gives me the following reports:
- A rolling log of usage by user
- A rolling log of usage by workstation
- A snapshot log file by workstation that gives me the name of the current user of the workstation along with the login date and time as well as a report on the IP address of the workstation, all the OS information and patch levels and a hardware audit.
Extracting information is as easy as using Search in Explorer and using the containing text option. So, for example, searching on 172.19.250.8 would produce one result, which would be the name of the workstation.
The batch file I wrote is shown below with comments and notes.
Start Batch file - info.bat @echo off echo Performing a quick Workstation audit - Please wait.... rem The following line creates a rolling log file of usage of workstation by user (Thor being the server, Helpdesk being the volume) echo %Date% %TIME% %USER% >> \\THOR\HELPDESK\LOGFILES\STUDENT\PC\%COMPUTERNAME%.log rem The following line creates a rolling log file of usage by user echo %Date% %TIME% %COMPUTERNAME% >> \\THOR\HELPDESK\LOGFILES\STUDENT\USER\%USER%.log rem The following line performs a OS patch audit and creates a new log file See Note 1 for an explanation of the switches used z:\hfnetchk -x "z:\mssecure.xml" -f \\THOR\HELPDESK\LOGFILES\STUDENT\CURRENT\%COMPUTERNAME%.log rem The following line pipes the date, time and user ID to the above log file echo %Date% %TIME% %USER% >> \\THOR\HELPDESK\LOGFILES\STUDENT\CURRENT\%COMPUTERNAME%.log rem The following lines pipes in the workstation IP information to the above log file ipconfig /all >> \\THOR\HELPDESK\LOGFILES\STUDENT\CURRENT\%COMPUTERNAME%.log rem The following line performs a hardware and software audit of the workstation and pipes the information into the above log file rem See Note 2 for an explanation of the switches used. z:\psinfo -h -d -s >> \\THOR\HELPDESK\LOGFILES\STUDENT\CURRENT\%COMPUTERNAME%.log echo Audit finished. Continuing to load Windows rem See Note 3 for files used and their locations CD Z:\ exit End batch file - info.bat
Note 1 - Command line switches for HFNetChk
HFNetChk by default tries to download a new copy of the patch database each time it loads. To stop our workstations permanently downloading the cab file, I regularly download the latest version from http://xml.shavlik.com/mssecure.xml and copy the latest xml file to all the student file servers. The -x switch is used to stop the workstation trying to download the latest file and instead specify the local location of the xml file, in my case z:\mssecure.xml The -f switch is used to redirect the output to a text file.
Note 2 - Command line switches for PSinfo
I use the following switches to gather the workstation audit.
-h Show installed Windows hotfixes
-d Show disk volume information
-s Show installed software
The output is piped into the snapshot log file by using the dos >> command that appends the information into an existing file (as opposed to > which creates a new file).
Note 3 - Files used and their location
All the files needed I personally store in z:\ but as long as the workstation can see then, you can put them anywhere. The files needed are:
info.bat (my batch file from above)
pdh.dll (the psinfo support file)
winhttp.dll (the hfnetchk support file)
Hopefully all that makes some sense and someone out there may find it of use.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com