Audit Does not Transfer via script the Software Updates

Aug 29, 2016 at 6:44 PM
Edited Aug 29, 2016 at 6:45 PM
On this Windows Server 2008 R2 (64-bit) Server, the Software Updates "Category_ID = 600" does not transfer to the MS SQL server during a script. The flags that are run after the WinAudit.exe are:

/r=gsoPxuTUeERNtzDaIbMpmidcSArCO /o=ODBC /f=DRIVER=SQL Server;SERVER=MSSQLSERVERNAME;Trusted_Connection=Yes;DATABASE=Audit

When I manually run on the desktop of the server and connect back to this same MS SQL server it will transfer the Software Updates correctly. Do you see anything wrong with the script or is there some other issue going on?

The WinAudit version 3.1 and 3.1.3 were doing the same thing.
Aug 29, 2016 at 7:27 PM
I just noticed I has have issue with some Windows 2012 R2 Servers that only running the EXE manually will get the full data.
Aug 30, 2016 at 4:13 PM
Hi jperrygodfrey

The command looks good. WinAudit can create a logfile. At the GUI, on the menu select Help -> Start Logging then run the audit and send it to SQL Server. Next, append /l=log.txt to the command line thus:

WinAudit /r=gsoPxuTUeERNtzDaIbMpmidcSArCO /o=ODBC /f=DRIVER=SQL Server;SERVER=MSSQLSERVERNAME;Trusted_Connection=Yes;DATABASE=Audit /l=log.txt

WinAudit will write out a log in the same directory containing WinAudit.exe. View it in notepad, do you see any database type warnings or errors? Also, compare it with the one shown in the GUI. Do you see any material differences? If you are unsure what you are looking at, send them to me at w i n a u d i t AT p a r m a v e x . c o . u k

Aug 30, 2016 at 5:01 PM
Thank you. This log showed the problem:
2016-08-30 10:53:17 Information Application 0 Windows Updates(R) not at registry path 'SOFTWARE\Microsoft\Updates\Windows '
2016-08-30 10:53:17 Error COM 0x80070005 Error logged by function 'WinAuditFrame::DoAuditInCommandLineMode'. Access is denied.

I ran the script with "higest privileges" and now the script is working. It seems some servers removed this check for some reason. I will check this next time.

Thank you once again.