RE: Microsoft Software Auditing ?

["Dubber, Drew B" <drew.dubber () eds com>]

In case it helps I believe the Microsoft Application Compatibility Toolkit have an auditing utility which you can 
"leverage" for your audit. I guess it depends on the complexity of the audit results but this should identify known 
applications on the clients etc.

Kind regards
Drew

-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm () ornl gov] 
Sent: 07 April 2005 16:37
To: Jacob Bresciani
Cc: security-basics () securityfocus com
Subject: RE: Microsoft Software Auditing ?

I'm not sure why this is so "incredibly daunting and scary."  You can parse the output with a script, remove all the 
known programs that you don't want to worry about, such as all the OS executables, and you are left with a much more 
managable set of files.  Also if you parse the output on the machine that generates the file, you can look at the 
attributes of the file to gather additional infromation. I'm not saying this would be the best, but it is not an 
impossible task simply because of the number of .exe files this would find.

Dennis 

-----Original Message-----
From: Jacob Bresciani [mailto:jacob () bresciani ca]
Sent: Thursday, April 07, 2005 11:20 AM
To: Depp, Dennis M.
Cc: security-basics () securityfocus com
Subject: RE: Microsoft Software Auditing ?

simple inefficiency. I just did a search on a windows 2000 (sp4) server.
The only thing installed is an AV program and some minor tools to help me maintain the server. A search for exe files 
returned 2100 hits.

Now you have to figure out which exe file matches what program. And as we've all seen not all programs follow a 
standard install routine. i.e.
some of the exe's in c:\winnt where put there by installers from other applications, these applications might not have 
anything anywhere else.

Some tools are simply dll's and a few registry entries to extend functionality, again they may not have their own 
directory somewhere to make them distinct.

I'm not saying this way would not work, I'm takes a relatively simple task (once you find the tools) and makes it 
incredibly daunting and scary.

On Thu, 2005-04-07 at 07:31 -0400, Depp, Dennis M. wrote:
> So why is that a problem.  Store the file on a network share and parse 
> the file with a perl or vbscript program.  It woln't be elegant, but
it
> will work.
>
> Dennis
>  
>
> -----Original Message-----
> From: Jacob Bresciani [mailto:jacob () bresciani ca]
> Sent: Tuesday, April 05, 2005 11:21 AM
> To: security-basics () securityfocus com
> Subject: Re: Microsoft Software Auditing ?
>
> Dear god, I can only imagine how many exe files that would bring up.
>
> On Tue, 2005-04-05 at 08:23 -0500, Robert Holtz wrote:
> > You could do something as simple as:
> >
> > dir *.exe /s > foo.all.of.the.exe.files.txt
> >
> > On Apr 1, 2005 10:36 PM, Michael Gale
<michael.gale () bluesuperman com>
> wrote:
> > > Hello,
> > >
> > >        Does any body know of any free / cheap Microsoft auditing
> software ?
> > > Ideally I would like something that could be run from a login
> script,
> > > that would find all the software currently installed and either:
> > >
> > > store it in a network drive (excel, html,txt) e-mail the data
> > >
> > > I do not want to have to take out a loan to buy this software.
> > >
> > > preferably open source :)
> > >
> > > Michael
------------------------------------------------------------------------
> ---
> > > Earn your MS in Information Security ONLINE Organizations 
> > > worldwide are in need of highly qualified
information
> security
> > > professionals.  Norwich University is fulfilling this demand with
> its MS in
> > > Information Security offered online.  Recognized by the NSA as an 
> > > academically excellent program, NU offers you the opportunity to
> earn your
> > > degree without disrupting your home or work life.
> > >
> > > http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
> ----
> > >
------------------------------------------------------------------------
> ---
> > Earn your MS in Information Security ONLINE Organizations worldwide 
> > are in need of highly qualified information
> security
> > professionals.  Norwich University is fulfilling this demand with
its
> MS in
> > Information Security offered online.  Recognized by the NSA as an 
> > academically excellent program, NU offers you the opportunity to
earn
> your
> > degree without disrupting your home or work life.
> >
> > http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
> ----
> >
------------------------------------------------------------------------
> ---
> Earn your MS in Information Security ONLINE Organizations worldwide 
> are in need of highly qualified information security professionals.  
> Norwich University is fulfilling this demand with its
MS
> in
> Information Security offered online.  Recognized by the NSA as an 
> academically excellent program, NU offers you the opportunity to earn 
> your degree without disrupting your home or work life.
>
> http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
> ----


---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information 
security professionals.  Norwich University is fulfilling this demand with its MS in Information Security offered 
online.  Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree 
without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------