NetKeeper help desk software, CRM software and Network Management and Inventory Software
        Home            |      Product Information          |    

Tech Bulletin - 1076

Auditing a MS NT® 4.0 Network with NetKeeper 16 bit utilities

Summary: This technical bulletin describes the steps required to setup the logon script name and batch files to automatically audit your network stations. You will need to change the example’s drives and mappings to match your network. The audit utilities run from a batch that automatically run at logon time. This tech bulletin applies only to the 16 bit version of the NetKeeper Audit Utilities.

The steps required to setup NetKeeper Express or Configuration manager to automatically audit your LAN attached workstations are:

1-Create a user group called NETKEEPER

2-Set the Logon Script Name for group members

3-Create a batch file to run the audit utilities

4-Test the setup

NOTE: Only properly trained personnel should implement the operations described in this bulletin. Modifying a network’s setup requires advanced training in network operations and network setup.

1-Create a local user group called NETKEEPER and add a few members to the group. This will allow you to test the automatic audit functions on just the members of the group. Once you are satisfied that the automatic process is going well, use the same process described here to modify all your user’s accounts or add all your users to the NETKEEPER group.

2- Set the Logon Script Name for group members

Logon scripts are optional batch files that are run at logon time on a Windows NT network. Logon scripts must match the type of client operating system. For example, all operating systems for INTEL® based PC use the ".BAT" extension on the logon batch file.

By default, all logon scripts are stored in the folder (directory): \winnt\system32\Repl\Import\Scripts

or

\\ServerName\ winnt\system32\Repl\Import\Scripts (as seen from an attached workstation)

ServerName is the UNC (Universal Naming Convention) of the primary domain controller for the domain you are administering.

Because all scripts are stored in a central folder, only the name of the script file needs to be entered (not the full path or UNC) in the Logon Script Name text box. If you place your scripts in a subdirectory of the scripts folder, enter the relative path and the script file name in the Logon Script text box.

Note: You can use the Server Manager program to change the default locations of the logon scripts.

Note: Logon Script File name for NetKeeper must follow DOS 8.3 file name convention since the batch file must be able to run in any version of DOS or Windows.

To set the Logon Script Name for a group:

Note: The above procedure will override any Logon Script Name already defined for the users members of the NetKeeper Group.

Hint: You can substitute another batch name instead of "auditnt.bat". Use the existing Logon Script file name if your network setup already uses Logon Scripts.

3-Creating batch files to run the audit utilities

We will create two batch files, the Logon Script batch file and audit batch file. The Logon Script batch file will call the audit batch file.

Note: Always check with your network administrator to insure that you are following policies consistent with the level of security required by your network.

Sample Logon Script batch file (auditnt.bat):

rem - NT Logon batch file 8-5-98
rem - Place this file in \winnt\system32\repl\import\scripts
p:
cd \nk\express
REM remove the next two lines once you have the audit running correctly
pause
call audithcs.bat

The above batch assumes the following setup:

The lines above containing "dir /w" and "pause" must be removed before you place the batch file in full service. These lines are useful to detect that the batch file is running and that you are switching to the right folder before starting the audit.

Sample Audit Batch File

NetKeeper includes a sample audit batch file, audithcs.bat, that you can modify to match the example below. The AUDITHCS.BAT file will run the hardware, configuration and software audits. Note that the configuration and software audit are disabled (by the REM command). We suggest that you first setup to audit hardware only until you are satisfied that the audit process is operating correctly. You can modify this file as needed.

@echo off
REM Batch file to run the NetKeeper audit utilities
REM AUDITHCS.BAT
REM DIR *.*
REM PAUSE
REM Sample batch file to test for available memory before running
REM audit
REM You may need to change the RAM requirements, see you user manual
REM This batch file runs config and software audits every 30 days
REM The hardware audit is run daily
REM Run batchram to check the amount of free base memory
batchram
IF ERRORLEVEL 39 GOTO AUDIT1
IF ERRORLEVEL 35 GOTO AUDIT2
REM less than 350K of free memory, don't run audit
SET >> LOWMEM.LOG
GOTO END
:AUDIT2
REM at least 350K of free memory, setup some virtual memory
SET CLAVM0=C:\,128
:AUDIT1
REM at least 400K of free memory
HARDADT
REM CFGADT
REM SOFTADT
GOTO END
SET CLAVM0=
:END

4. Test the setup

Note: Insure that you have at least two stations logged into the network with administrator privileges. If you create an invalid logon script you could lock yourself out of the network since you can’t login. Having a second station already logged in with administrator privileges will let you correct the logon script since you are already logged into the network or the server.

The hardware audit should run as you login.

Troubleshooting:

If the hardware audit won’t run or you get errors try:

Step 1: Open a command (DOS) prompt and make the NetKeeper directory (where you installed the program) the default directory. Example:

P:\> cd \nk\express
P:\NK\EXPRESS>

Step 2: Run the hardware audit from the command line in manual mode. Example:

P:\NK\EXPRESS> hardadt [m

If the utility HARDADT.EXE runs, then the problem is either in the audit batch file or in the logon script batch file. Check that the file HARDADT.EXE is in the NetKeeper directory by running a directory. Example:

P:\NK\EXPRESS> dir hardadt.exe
Volume in drive P is APPS
Directory of P:\NK\EXPRESS
HARDADT EXE 328,544 04-28-97 5:43a

If the file is not in the directory (FILE NOT FOUND) then you may be in the wrong directory or the HARDADT.EXE file was not installed properly.

Step3: Run the audit batch from the command line. Example:

P:\NK\EXPRESS> audithcs.bat

The batch file should run without errors.

If the batch file does not run:

 

Step 4: Run the batch from the logon script.

To run the audit from the logon script, logoff the network and reboot your machine. Then log back in.

If the batch won’t run:

If you get a "File not found error", you may not be moving the NetKeeper directory before running the batch file. Uncommenting (remove the REM keyword) the 4th and 5th lines of the audit batch will display the directory from which you are executing the batch. The directory should be the NetKeeper directory.

You may not have enough free base memory to run the batch

Make the AUDITHCS.BAT read only and hidden to prevent accidental deletion

Other hints:

Error message : BAD COMMAND OR FILE NAME

rem - NT Logon batch file 8-6-98
rem - Place this file in \winnt\system32\repl\import\scripts
net use p: \\ServerName\ShareName
p:
cd \nk\express
REM remove the next two lines once you have the audit running correctly
dir /w
pause
call audithcs.bat
c:
net use p: /delete

At a command prompt type:

SUBST P: d:\nk\express

Return to Tech Bulletin Menu