Firstly you need to BUILD YOU COMMAND WITH SWITCHES
In the documentation [https://winaudit.codeplex.com/documentation]
find command line switches; and ensure you know which attributes you want to log. You probably won't care about everything..
and having everything takes longer and fills the database disks up quickly... so be careful. Turn on ONLY what metrics you need.
Here is my command:
\\servername\sharename\WinAudit\WinAudit.exe /r=gosG /f=DRIVER=SQL Server;SERVER=SQLSRV.DOMAIN.LOCAL;UID=LOCALSQLUSER;PWD=PASSWORDGOESHERE;DATABASE=WinAudit; /l=%userprofile%\winaudit_log.txt
NOTE I'm using local SQL authentication as Domain-Integrated Auth was not permitted on my SQL server.
Next up... building a TARGET AUDIENCE of clients:
Which machines do you want to deploy to? I made application security groups in AD, and added the clients into it [APP_WINAUDIT] was my AD security group. But this could just as easily been [Domain Computers].
Finally you need a METHOD OF DEPLOYMENT
If you can manage the machine remotely (domain-joined machines on a VPN for example) then you can use the in-build management interface called WMI (windows management interface). This will allow you to communicate with the host - i'm ignoring firewall complexities,
or even L2TP type VPNs.. it's gonna add a lot of pain if you get lost on this track.
Here are the suggested methods:
- Group Policy for Machine Startup or User logon
Create a Group Policy, apply it to the OU you want, ensure the filtering is for the correct Target Audience. Finally edit the policy.. and put the command in either Computer Startup or User Logon. I chose logon...
User Configuration > Policies > Windows Settings > Scripts > Logon
Name = \servername\sharename\WinAudit\WinAudit.exe
Parameters = /r=gosG /f=DRIVER=SQL Server;SERVER=SQLSRV.DOMAIN.LOCAL;UID=LOCALSQLUSER;PWD=PASSWORDGOESHERE;DATABASE=WinAudit; /l=%userprofile%\winaudit_log.txt
- VBScript - ask each computer to run it now..
Email me for this file if you want it [admin at jacksonfamily dot me] - I spent weeks developing a script to do this.. and it worked perfectly.
I've not used this method yet - but I guess it's well documented online if you hunt for 'executing a program remotely using powershell'.
You can use various programming languages to interact with WMI. Powershell seems to be the way to go these days. but some of the legacy methods (such as VBScript) explain it in more detail.