Tech Bulletin 1076

NetKeeper help desk software, CRM software and Network Management and Inventory Software

Home | Product Information |

Tech Bulletin - 1076

Auditing a MS NT^®4.0 Network with NetKeeper 16 bit utilities

Summary: This technical bulletin describes the steps required to setup the logon script name and batch files to automatically audit your network stations. You will need to change the example’s drives and mappings to match your network. The audit utilities run from a batch that automatically run at logon time. This tech bulletin applies only to the 16 bit version of the NetKeeper Audit Utilities.

The steps required to setup NetKeeper Express or Configuration manager to automatically audit your LAN attached workstations are:

1-Create a user group called NETKEEPER

2-Set the Logon Script Name for group members

3-Create a batch file to run the audit utilities

4-Test the setup

NOTE: Only properly trained personnel should implement the operations described in this bulletin. Modifying a network’s setup requires advanced training in network operations and network setup.

1-Create a local user group called NETKEEPER and add a few members to the group. This will allow you to test the automatic audit functions on just the members of the group. Once you are satisfied that the automatic process is going well, use the same process described here to modify all your user’s accounts or add all your users to the NETKEEPER group.

2- Set the Logon Script Name for group members

Logon scripts are optional batch files that are run at logon time on a Windows NT network. Logon scripts must match the type of client operating system. For example, all operating systems for INTEL® based PC use the ".BAT" extension on the logon batch file.

By default, all logon scripts are stored in the folder (directory): \winnt\system32\Repl\Import\Scripts

\\ServerName\ winnt\system32\Repl\Import\Scripts (as seen from an attached workstation)

ServerName is the UNC (Universal Naming Convention) of the primary domain controller for the domain you are administering.

Because all scripts are stored in a central folder, only the name of the script file needs to be entered (not the full path or UNC) in the Logon Script Name text box. If you place your scripts in a subdirectory of the scripts folder, enter the relative path and the script file name in the Logon Script text box.

Note: You can use the Server Manager program to change the default locations of the logon scripts.

Note: Logon Script File name for NetKeeper must follow DOS 8.3 file name convention since the batch file must be able to run in any version of DOS or Windows.

To set the Logon Script Name for a group:

At the server start User Manager (usrmgr.exe)
From the USER menu select "Select Users"
Select the NetKeeper group that you created before
Press ENTER
Select Profile
Enter "auditnt.bat" in the Logon Script Name text box
OK to save the profile
OK to save the changes

Note: The above procedure will override any Logon Script Name already defined for the users members of the NetKeeper Group.

Hint: You can substitute another batch name instead of "auditnt.bat". Use the existing Logon Script file name if your network setup already uses Logon Scripts.

3-Creating batch files to run the audit utilities

We will create two batch files, the Logon Script batch file and audit batch file. The Logon Script batch file will call the audit batch file.

Note: Always check with your network administrator to insure that you are following policies consistent with the level of security required by your network.

Sample Logon Script batch file (auditnt.bat):

	rem - NT Logon batch file 8-5-98
	rem - Place this file in \winnt\system32\repl\import\scripts
	p:
	cd \nk\express
	REM remove the next two lines once you have the audit running correctly
	pause
	call audithcs.bat

The above batch assumes the following setup:

NetKeeper is installed in the \nk\express folder
The work stations will access the drive where this folder is located through the mapped P: drive.
The name of the audit batch file is "audithcs.bat"

The lines above containing "dir /w" and "pause" must be removed before you place the batch file in full service. These lines are useful to detect that the batch file is running and that you are switching to the right folder before starting the audit.

Sample Audit Batch File

NetKeeper includes a sample audit batch file, audithcs.bat, that you can modify to match the example below. The AUDITHCS.BAT file will run the hardware, configuration and software audits. Note that the configuration and software audit are disabled (by the REM command). We suggest that you first setup to audit hardware only until you are satisfied that the audit process is operating correctly. You can modify this file as needed.

	@echo off
	REM Batch file to run the NetKeeper audit utilities
	REM AUDITHCS.BAT
	REM DIR .
	REM PAUSE
	REM Sample batch file to test for available memory before running
	REM audit
	REM You may need to change the RAM requirements, see you user manual
	REM This batch file runs config and software audits every 30 days
	REM The hardware audit is run daily
	REM Run batchram to check the amount of free base memory
	batchram
	IF ERRORLEVEL 39 GOTO AUDIT1
	IF ERRORLEVEL 35 GOTO AUDIT2
	REM less than 350K of free memory, don't run audit
	SET >> LOWMEM.LOG
	GOTO END
	:AUDIT2
	REM at least 350K of free memory, setup some virtual memory
	SET CLAVM0=C:\,128
	:AUDIT1
	REM at least 400K of free memory
	HARDADT
	REM CFGADT
	REM SOFTADT
	GOTO END
	SET CLAVM0=
	:END

4. Test the setup

Note: Insure that you have at least two stations logged into the network with administrator privileges. If you create an invalid logon script you could lock yourself out of the network since you can’t login. Having a second station already logged in with administrator privileges will let you correct the logon script since you are already logged into the network or the server.

The hardware audit should run as you login.

Troubleshooting:

If the hardware audit won’t run or you get errors try:

Step 1: Open a command (DOS) prompt and make the NetKeeper directory (where you installed the program) the default directory. Example:

	P:\> cd \nk\express
	P:\NK\EXPRESS>

Step 2: Run the hardware audit from the command line in manual mode. Example:

P:\NK\EXPRESS> hardadt [m

If the utility HARDADT.EXE runs, then the problem is either in the audit batch file or in the logon script batch file. Check that the file HARDADT.EXE is in the NetKeeper directory by running a directory. Example:

	P:\NK\EXPRESS> dir hardadt.exe
	Volume in drive P is APPS
	Directory of P:\NK\EXPRESS
	HARDADT EXE 328,544 04-28-97 5:43a

If the file is not in the directory (FILE NOT FOUND) then you may be in the wrong directory or the HARDADT.EXE file was not installed properly.

Step3: Run the audit batch from the command line. Example:

P:\NK\EXPRESS> audithcs.bat

The batch file should run without errors.

If the batch file does not run:

Check that the BATCHRAM.EXE file is in your NetKeeper directory.
Check that you have sufficient rights in the directory
Check that you have the correct version of the audit utility for your network:
For Novell networks the version of the audit utility should include the letters NV
For netbios networks (NT, LAN Man, OS/2, Lantastic) the version of the audit utility should include the letters MS
For Vines networks the version of the audit utility should include the letters VI
For all other networks the version of the audit utility should include the letters NN

Step 4: Run the batch from the logon script.

To run the audit from the logon script, logoff the network and reboot your machine. Then log back in.

If the batch won’t run:

If you get a "File not found error", you may not be moving the NetKeeper directory before running the batch file. Uncommenting (remove the REM keyword) the 4th and 5th lines of the audit batch will display the directory from which you are executing the batch. The directory should be the NetKeeper directory.

You may not have enough free base memory to run the batch

Make the AUDITHCS.BAT read only and hidden to prevent accidental deletion

Other hints:

Error message : BAD COMMAND OR FILE NAME

Check for misspellings in your batch files or for missing executable files.

You can map drive letters in the Logon Script if you don’t want to set permanent drive mappings at the workstations. The following Logon Script file maps the drive P: to the share drive where NetKeeper is installed. The drive mapping is deleted at the end of the script. Substitute ServerName for the name of your server and ShareName for the name of the shared drive.

	rem - NT Logon batch file 8-6-98
	rem - Place this file in \winnt\system32\repl\import\scripts
	net use p: \\ServerName\ShareName
	p:
	cd \nk\express
	REM remove the next two lines once you have the audit running correctly
	dir /w
	pause
	call audithcs.bat
	c:
	net use p: /delete

The NT command SUBST can be used to create a drive mapping at the server that to test the audit batch files at the server. For example, if you want to create a P: drive at the server (just for temporary use at the server) mapped to the NetKeeper Directory:

At a command prompt type:

SUBST P: d:\nk\express

Return to Tech Bulletin Menu