|
|
| Subject: | Monitoring windows clients for software auditing purposes |
| Author: | [Not Specified] |
| Posted: | 2015-01-22 04:41 |
Hi,
I am trying to use Zenoss to build a list of software installed on virtual machines hosted in our data center. We are a managed service provider and as such getting an administrative account in our clients domains is not an issue but asking them to install SNMP or make all of the Group and local policy changes to enable WinRM would be an issue.
On top of this I have actually configured a couple of test machines, one with SNMP enabled and one with WinRM and neither of them have a complete list of the software The WinRM one is significantly better than the SNMP one but not complete when compared to competing products which I believe use WMI.
Can anyone tell me if it is possible to get a comprehensive list of installed software without making changes to the client machine and definitely not installing a client
Apart from not getting the installed software Zenoss appears to be a very mature and capable project which I think will meet all of our needs.
Regards,
Alan.
| Subject: | Re: Monitoring windows clients for software auditing purposes |
| Author: | Dave Bouchillon |
| Posted: | 2015-01-22 13:18 |
Hi,
In previous versions of the ZenPack we were querying WMI for Win32_Product, however this query causes the MSI provider to begin a consistency check of installed software, which will verify and attempt to repair the installations. Also, this will send out several event messages which clogs the event log. Using this query also only finds software that was installed using the MSI.
We aim to be as unobtrusive to the monitored server as we can be so we have moved to an alternative query which is to query the registry for uninstall information. If a product is missing information then we cannot display it which may be one of the reasons you are not seeing certain installed software. We are always looking to improve our product and will continue to fine tune the software query process.
Can you check your registry under "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" for the software that is missing from the software list that we are showing The string values that we look for are DisplayName, InstallDate, and Publisher. If the DisplayName is absent then we skip over the entry. If the software you are looking for has a registry key, can you check for these options
We'd like to present as comprehensive a list as we can so any help you can provide will help us.
Thanks
Dave
| Subject: | Hi, |
| Author: | [Not Specified] |
| Posted: | 2015-01-23 04:07 |
Hi Dave,
Thanks for getting back to me.
I've had a look on my example machine and it does have more entries in 'Programs and Features' than Zenoss is detecting. I have looked at the registry hive you have listed and that location does appear to tie up with the list Zenoss presents. It looks like there is an additional uninstall location 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall' which is where I have more items, presumably because they are 32 bit applications installed on a 64 bit server.
As for actually monitoring the clients, is there any way around making all of the GPO and local changes on the client machines Most monitoring products just require an account with local admin rights
Regards,
Alan.
| Subject: | Software |
| Author: | Dave Bouchillon |
| Posted: | 2015-01-27 15:12 |
Hi Alan, thanks for the info! That is definitely a bug that we'll need to look into correcting.
Because we use WinRM, we need http or https port access to send/receive messages. To enable and configure WinRM, it is best done through a group policy. We can use either an admin or "Least Privileged User" accounts. We also do not install anything on the client machine and I would imagine that other products may require an agent to be installed in order to gather information. We also use kerberos to encrypt/decrypt the messages sent between Zenoss and the client servers. As far as I know, we're the only ones using this method.
Dave
| Subject: | Monitoring Windows clients |
| Author: | [Not Specified] |
| Posted: | 2015-01-30 08:48 |
Hi Dave,
Looking back at the code for version 2.0.2 it appears that it used to run the query 'Get-WmiObject -Class Win32_Product' which on my test system appears to give a much more accurate list of what software is installed than querying the uninstal registry hive.
Do you know if this was the previous query and if so why it was changed
Regards,
Alan.
| Subject: | Win32_Product |
| Author: | Dave Bouchillon |
| Posted: | 2015-02-09 15:20 |
Hi Alan, yes we changed that because the query 'Get-WmiObject -Class Win32_Product' causes the MSI provider to begin a consistency check of installed software, which will verify and attempt to repair the installations. Also, this will send out several event messages which clogs the event log. Using this query also only finds software that was installed using the MSI.
We will be updating the powershell query to look at the ''HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" registry key in one of the next releases.
Dave
| Subject: | Windows software list. |
| Author: | [Not Specified] |
| Posted: | 2015-02-10 03:38 |
Hi Dave,
I've been doing a bit more research and it looks like some applications will only be listed in HKCU\Software|Microsoft\Windows\CurrentVersion\Uninstall so you may want to take a look at that key too.
Alan.
| Subject: | Software |
| Author: | Dave Bouchillon |
| Posted: | 2015-02-10 15:59 |
Hi Alan, we just put out a maintenance release that will pick up software information from both HKLM:\Software\microsoft\windows\currentversion\uninstall and HKLM:\Software\wow6432node\microsoft\windows\currentversion\uninstall. As a test I installed Wireshark on a server. When running the wmi query on the Win32_product class wireshark does not appear in the list. When using the registry method, it does show up in our modeled list.
Thanks
| < |
Previous Problem with WMI Connection |
Next monitoring zenoss with zenoss |
> |