Codenica logo
     IT Audit and Inventory Software
CODENICA - 11 YEARS
 
User Guide
main user guide menu »
Chapter: Audit
(Codenica Audit)

 
Auditing Procedure
 
 

Codenica Audit allows audits (one-time and recurring audits and monitoring) to be performed both by specialists from a company's IT department and by specialized external auditing companies.

 

Preparation - An audit procedure starts with collecting licensing attributes, i.e. copies of invoices for software and license purchase, software media, license certificates, booklets accompanying software, COA (Certificate of Authenticity) labels, and other proofs of licensing (depending on the software manufacturer's requirements).

Scanning of Computers - The first audit should always be based on visual examination of each computer within a company and a verification of seals and COA labels (Microsoft).

To perform a computer scan from a USB drive, Desktop Scanner (a small program for scanning computers from a USB drive and saving results to file) has to be set up in the Codenica Audit software.
Menu > Audit > Set up D-Scanner for USB drive
More about using Desktop Scanner »

Codenica Audit - available auditing methods:

Agent-based remote audit
DCOM-based remote audit (agentless connection)
Computer audit with a desktop scanner (scanning from a USB drive, saving results to a file)
Manual Audit (possibly direct data input)

 

License Inventory - Introduces information collected about owned licenses including attached images of invoices into the Codenica Audit software.

 

Note: Codenica Audit does not presume license possession on the basis of detected applications or by reading application keys. Such a mechanism would only simulate a proper audit and mislead the user, which can result in serious legal consequences for the person in charge of corporate IT assets, compared to an inspection performed by a qualified authorized organization. Always remember that owning a license means having all the indispensable material elements of the license (an invoice confirming purchase and all licensing attributes required by a given manufacturer: media, certificates, booklets accompanying software, etc.).

 

User Inventory - An additional procedure that has immense impact on the completeness of the final audit result. The user inventory makes it possible to create list views and detailed reports in a manner that is much more transparent and comprehensive for the final recipient of an audit. Users may be imported from Active Directory.

The application will create hosts corresponding to scanned computers, save their scan source data, and perform the data identification process (conversion of scanned WMI, registry and file data into IT-Sets (computer sets), hardware, and software). After the scan results are loaded, the software licensing audit process must be performed, consisting of assigning owned licenses to detected software. When the audit is performed remotely (recurring or monitoring audit), the process of assigning licenses to software is carried out automatically, based on matching licenses assigned to hosts. During the first audit, it is better to assign licenses to software manually. (This method ensures 100% certainty of software licensing.)

Printouts of List views and Reports - Codenica Audit provides a huge collection of various types of list views that can be used in a final report. You can generate summary list that show licensed and unlicensed software in an easy-to-read quantitative manner, as well as general lists for software, licenses, hardware, and IT-Sets, detailed reports for each object, a comprehensive audit report that shows all identified objects, etc. The best method is to try as many lists and reports available in the application as possible and then to select the most relevant ones that can be implemented in creating a customized audit summary.

Audit Conclusion - The most important stage of an audit. This step consists in generating the final audit report (with attached printouts of relevant lists and detailed reports) that contains conclusions regarding a performed audit, proposals for corrective action to provide the missing licenses, guidelines, or even proposed training courses for IT specialists. A concluded audit procedure should also determine a future procedure for software management (preparation of documents concerning a settlement between an employer and an employee on the use of software, detailed reports on computers with information on a particular user's responsibility, etc.). This objective can be achieved by using Codenica Inventory, an IT inventory management system. At this stage, you can also establish company procedures for purchasing new software and licenses. An audit should end with setting up a monitoring audit that will verify the software licensing status again and check the progress of corrective measures.

 
 
Agent - description
 
 

Go to Agent description page »

 
 
DCOM - configuring Hosts
 

This described configuration of computers for remote scanning (DCOM) may require minor modification depending on the operating system. Most of the options described here for remote scanning are default settings, and there is no need to modify them. Remember to set a password for remotely logging in as Administrator and to set appropriate Authorization parameters (Administrator login and password) for each host in Codenica Audit (to be defined in the properties of a given host). You can also search the Internet for scripts that automate the processes described below, but such scripts should be used carefully and responsibly.

Windows Firewall - enables remote management
1. Press the "Start" button, select "Run", and type "gpedit.msc".
2. Select path: Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
3. Doubleclick the options indicated below in the panel on the right and set them to Enabled.
- Windows Firewall: Allow remote administration exception
- Windows Firewall: Allow ICMP exceptions
- Windows Firewall: Allow local port exceptions
- Windows Firewall: Allow local program exceptions

WMI - default security
1. Press the "Start" button, select "Run", and type: "wmimgmt.msc".
2. Right-click WMI control (local), and select Properties.
3. Select the Security tab, select Root, and click the Security button.
3. Select the Administrators group, and click the Advanced button.
4. Select the Administrators group, and click the Edit button.
5. In the "Apply to" field, select "This namespace and sub-namespaces". In the Privileges field, make sure all options are checked in the Allow column.

DCOM - Default settings and security
1. Press the "Start" button, select "Run", and type "dcomcnfg.exe".
2. Select path: Component Services > Computers, right-click My Computer, and select Properties.
3. Select Default Properties, and check the "Enable distributed COM on this computer" option. Set "Default Authentication Level" to "Connect" and "Default Impersonation Level" to "Identify".
4. Select the COM Security tab, and click "Edit Default" in the "Launch and Activation Permissions" group.
5. Select Administrators. Check that all options are checked in the Allow column, and click OK.
6. Click "Edit Limits" button in the "Launch and Activation Permissions" group on the COM Security tab.
7. Select Administrators. Check that all options are checked in the Allow column, and click OK.

Check the information below if the connection does not work with the above settings.

Local Security Policies
1. Press the "Start" button, select "Run", and type "secpol.msc".
2. Select path: Security Settings > Local Policies > Security Options
3. In the panel on the right, find Network Access: Sharing and Security Model for Local Accounts and make sure the option is set to Classic.

Computers with Windows 9x / Me
1. Download and install WMI core.
Download from Microsoft Download »
2. Run the system registry (regedit), and find the path: HKLM\SOFTWARE\MICROSOFT\OLE. Enter the following values: EnableDCOM = "Y" and EnableRemoteConnect ="Y".
3. Find the path: HKLM\SOFTWARE\Microsoft\wbem\cimom. Enter the following values: AutostartWin9X = "2" and EnableAnonConnections = "1".
3. Find the path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Enter the following value "MicrosoftWBEMCIMObjectManager"="C:\WINDOWS\System\WBEM\WINMGMT.EXE".

Launching a Scan from Windows 2003
WMI Windows Installer Provider is an optional component in Windows 2003 that should be added using "Add/Remove Programs", in the Control Panel (Windows Components\Management and Monitoring Tools\WMI Windows Installer Provider.

Known Compatibility Limitations
1. Because Windows XP Home does not support remote management, it cannot be audited remotely.
2. It is impossible to connect to Windows 2003 Server from Windows 9x.
3. It is impossible to connect from Windows NT to systems running a more recent operating system than Windows 2000.

 

Note :

Perform the following actions to verify that the Local Administrator account is enabled and active :
Start->Run->cmd
net user administrator /enable:yes
net user administrator /active:yes

 
 
D-Scanner (desktop scanner)
 
Audit - Desktop Scanner
 

Desktop Scanner (Codenica D-Scanner) is a small application with an interface, used for scanning computers from a USB drive with results saved to a file. Launch the application on each scanned workstation, and click the Start button. The scanning procedure is fast (depends on the audit settings in Codenica Audit) and ends with automatic saving of results to file (in binary form) in the Audit\Scans subfolder. Files with scan results should be loaded into Codenica Audit.

To set up a folder with files required for the Desktop Scanner, select the following option in Codenica Audit:
Menu > Audit > Set Up D-Scanner for USB drive

The Desktop Scanner Set Wizard will copy the files that are required for launching the scanner:
1. PCScanner.exe - Application executable file
2. PCScanner.exe.manifest - Informs Vista and Windows 7 operating systems that the application should be run with Administrator privileges
3. Codenica.Core.dll - Required executable library
4. File with currently selected language for the Lang subfolder
5. Audit.config - Current audit configuration file to be saved in Audit\Config subfolder

 

Remember to update the desktop scanner files (with the wizard) after each upgrade of Codenica Audit and after each modification to the audit configuration.

 

Requirements for a Scanned Workstation
1. Windows Vista / 7 / 8 (32 / 64 bit)
2. Microsoft .NET Framework 4.0

Additional Uses of the Desktop Scanner
Apart from using the desktop scanner within a company, it can also be packed (the entire generated folder with its required files) and sent to users in company branches, who can perform scans and return the generated result files (Audit\Scans subfolder) by e-mail.

 
 
Audit Settings
 

Audit is configured using the Settings dialog box:
Menu > File > Settings

Application settings are described in detail in a separate chapter: Settings »
The topics covered in the chapter are presented below and accompanied with links to the relevant chapter sections.

• Audit > General »
• Audit > Scanning: WMI »
• Audit > Scanning: Registry »
• Audit > Scanning: Files »
• Audit > Scanning: Alerts »
• Audit > License Auto-Matching »
• Audit > Software Identification »

• DCOM - Remote Authorization »
• Software Definitions »

 
 
New Audit Wizard
 

New Audit in Codenica Audit - This is a data space where any number of hosts can be added to be scanned as many times as needed.

Create a new audit only once. Multiple audited spaces can be created, such as when professional audits are performed for multiple companies (a single audit space represents a given company in such case – the AUDITOR license is thus required) or when there is a need for an audit in a company to be broken down into several parts.

To launch the New Audit Wizard, select the following option:
Menu > Audit > New

The New Audit Wizard consists of three steps:

Host Adding »
Agent Installation »
Host Scanning »

Once an audit space is created, you can add any number of hosts at any time using:
New Host Wizard »

To perform a scan and identification process on selected hosts at any time, use:
Scanning and Identification Wizard »

 
 
New Host Wizard
 
Audit - New Host Wizard
 

To launch the New Host Wizard, select the following option:
Menu > Host > New
The host-adding control is also available inside:
New audit wizard »

Hosts representing scanned workstations can be introduced into the application using the following features:

• Find Hosts (Local area network) - Automatic search feature for finding hosts. The algorithm may occasionally be stopped (or may not work correctly) by restrictive network security settings.

• Active Directory - Imports hosts from a specified LDAP path.

• Find Hosts by IP Address - Pings a specified range of IP addresses and collects the relevant data from the DNS server.

• Entering Hosts Manually - You can manually enter a host and assign custom values to it. Remember that the Hostname property must contain a correct value.

• Import - Hosts can also be imported from another audit or from an inventory database (Codenica Inventory) based on the data from IT-Sets stored there (properties: Audited Host and Hostname).

• Scan Files Generated with the Desktop Scanner - A host can be created automatically and added to an audit by loading scan files generated with the Desktop Scanner.

When entering hosts, you can also add related objects.
To do this, enter host editing mode (by pressing the Edit button or by double-clicking the relevant host) and go to the Related Objects tab.

• License - A license added to a host is assigned to it in the Audit – auto-matching mode. In this mode, the application automatic matches a license to software detected during the identification process. Any number of licenses can be assigned to any number of hosts. The matching process will also depend on the number of free license seats. The licenses auto-matching function can also be force-executed after scan completion by calling the host identification command again. The license auto-matching feature can be configured by the following:
Settings > Audit > License Auto-Matching »

• User - A host dynamically collects location data (location, department, section, and room number) from the assigned user.

 
 
Scanning and Identification Wizard
 
Audit - Scanning and Identification Wizard
 

To launch the Scanning and Identification Wizard, select the following option:
Menu > Audit > Scan
The host scanning control is also available inside:
New audit wizard »

Before scanning computers, first select the Scanning mode by click the left mouse button in the Scanning mode cell for each host

Available scanning methods:

Local - only local host
Agent - requires agent installed
DCOM - requires DCOM configured

• Agent - description »
• DCOM - configuring hosts »
• Audit settings »

Adding Hosts to be Scanned - To add hosts to a scanning and identification process, select the "Add" button or use the context menu in the list and then select the Add to Scan option.

Editing Hosts - To modify host data (and the properties defining the hostname and remote authorization), press the "Edit" button or use the context menu for a given host (called by right-clicking the host selected in the list) and then select the Edit option.

Excluding Hosts from a Scan - To exclude hosts from the current scanning and identification process, click the "Delete" button and select one of the available options: Selected, All, or Only with connection errors. You can also use the context menu for the list or host and select one of the options in the Exclude from Scanning group.

Connection test - Before starting an auditing process, it is required for each host to successfully pass the connection test. It involves answering a ping and setting up a remote connection with remote authorization. The test is performed automatically after adding a host to be scanned, but it can also be carried out at any time by clicking the Connection test button and selecting one of the available options: Selected, All, or Only with connection errors. You can also use the context menu for a list or host and select one of the options in the Connection Test group.

 

DCOM - Most Frequent Connection Errors

No answer to ping
Check if the Hostname is correct and the computer is switched on. To change a hostname, enter host editing mode by clicking the "Edit" button or the host context menu and then select the Edit option.

The RPC Server is unavailable
Incorrect configuration of remote computer access over DCOM.
See configuring computers »

Access Denied
Incorrect settings of the Remote Authorization (administrator login and password for remote logging) for a given host. To change remote authorization settings for a given host, enter host editing mode by clicking the "Edit" button or the context menu for the host and then select the Edit option. The type of authorization for a host is set using the Remote Authorization property.

 

Starting an Auditing Process - To start the procedure of scanning and identifying hosts in the list, click the Start Process button. Each of the hosts is scanned in a separate thread. The total limit of threads can be set by the following option: Menu > File > Settings > Audit > General.
Settings > Audit > General »

If you experience connection difficulties in an overloaded or slow network, you may also customize the timeout for remote queries. The parameter can be modified in the general audit settings described above.

The auditing process can be interrupted with respect to all or only selected hosts. To stop the entire process, click the button labelled Interrupt Process (previously the "Start Process" button) again. To interrupt the process for a selected host, use the context menu and select the Interrupt Process (selected hosts) option.

Host Audit Log - You can perform a detailed real-time trace of what is going on when auditing each host. This is done with the Host Audit Log button or with the option of the same name in the host context menu (called by right-clicking the relevant host). The command generates a text window for a selected host that presents information in real time about the progress of the auditing process.

 
 
Audit Differences Report Wizard
 

To generate a report that compares any two scans of a single host, select the following option:
Menu > Audit > Audit Differences Report

Once a host and two comparable scans are selected, the wizard closes and application begins to analyze the data (in a separate thread). This process can take some time (depending on the amount of collected data). When completed, it displays a report that shows the analyzed data in the following modes: New, Modified, Missing.

See reports customization »

 
 
Comprehensive Audit Report
 

To generate a comprehensive audit report, select the following option:
Menu > Audit > Comprehensive Audit Report

See reports customization »

 
line