Auditor Help: Selecting for Windows

  1. In the Data Collections Options dialog box, on the Collection Options tab, click in the checkbox to enable gathering Users and groups information if you wish to collect user and group data.
  2. Click in the checkbox if you wish to enable gathering Modem information.
  3. Click in the checkbox if you wish to enable gathering Device driver information.
  4. Click in the checkbox if you wish to Select to gather information about your Active Directory infrastructure: Sites, OUs, Trust, FSMO Roles.
  5. Click in the checkbox if you wish to Use WMI to collect additional computer information, such as hardware and processes.
  6. Click in the Logon to SQL Server to collect detailed version/SP level for each database instance checkbox if you wish to collect additional version/SP information about installed SQL server instances.
    Windows options
  7. Click the checkbox if you wish to enable gathering NTFS Permissions for subfolders of shared folders.
  8. If you enabled NTFS Permissions, select Limited (recommended) or Unlimited (not recommended) and use the up/down arrows to set the subdirectory depth limit (directories below current level) at which to stop exploring.
  9. Click the checkbox if you wish to Report properties, permissions, and checksums for specified files (for details on using this option, see Reporting File Properties).
  10. If you enabled reporting properties, enter (or Browse... to) a path to your saved file list.
  11. Click the checkbox to Report custom registry keys to report registry data you've exported (for details on using this option, see Reporting Custom Registry Keys).
  12. If you enabled reporting registry keys, you can choose to Edit... to open currently selected .xml file.
  13. If you enabled reporting registry keys, enter (or Browse... to) a path to your exported keys.
  14. Click the checkbox if you wish to Report custom methods (for details on using this option, see Reporting Custom Methods).
  15. If you enabled reporting custom methods, enter (or Browse... to) a path to your saved file list.
  16. Click on the Advanced tab.
    Advanced tab
  17. Click the checkbox to Collect from all domain controllers (in the selected domains) found on the network Select this option to automatically collect from all domain controllers discovered without user intervention (chance to select). This uses available licenses, so verify that you have adequate licenses before proceeding.
  18. Click the checkbox to Collect from all servers (in the selected domains) found on the network Select this option to automatically collect from all servers discovered without user intervention (chance to select). This uses available licenses, so verify that you have adequate licenses before proceeding.
  19. Click the checkbox to Collect from all workstations (in the selected domains) found on the network Select this option to automatically collect from all computers discovered without user intervention (chance to select). This uses available licenses, so verify that you have adequate licenses before proceeding.
  20. Click the Collect WMC logs checkbox if you want to enable the ability to collect Who Made Change information. Please note that by enabling this feature you permit installing a WMC applet (small Ecora client tool) on target computers. To know more of this feature, please refer to the WMC help page.
  21. The Execute remote procedures option allows correct identification of CPU information by executing a remote procedure that is essentially a pushed, installed, run, output captured and de-installed program, to correctly distinguish between hyper-threaded and dual/multi-cored physical CPUs. If you have no such concerns, you may leave this option disabled.
  22. Click on the WMI Browser tab.
    WMI tab
  23. Enter the name of a WMI-enabled system and click on the Connect button.
  24. Select a namespace from the drop-down list and click on the Connect button.
  25. Use the left pane to select the WMI classes to report.
    Helpful Hint Tip: The Save button allows you to record your class selections. The Load button allows you to recall saved class selections.
  26. In the right pane, double-click on properties (or use the Select / Unselect buttons) to select them for the report.
  27. If you wish to limit collect information about the Windows event log, select it and click Filter....
  28. Click Next >.
  29. Proceed with network discovery.