 |
Technical FAQ for E-Z Audit |
If you are evaluating E-Z Audit, your most common questions are answered in our
Pre-Sales FAQ
Troubleshoot the #1 most asked questions about getting started in our
Quick Start Guide.
Q.
Why are my users being asked by Windows if they want to allow the audit module
to run?
When entering path to launch E-Z Audit's audit module in your logon script you used an IP address for the server and not the server name.
Don't do: "\\192.168.1.1/ezaudit/ezstart.exe" /auto
Instead do: "\\ServerName\ezaudit\ezstart.exe" /auto
Windows treats an IP address, even on your domain, as a not-trusted source.
Microsoft changed some thing starting with Vista that can affect you as regards
logon scripts, be they batch files or VB Script due to how UAC interacts with
logon scripts. Basically, it breaks them and requires an ugly workaround
(more below). A very quick solution - disable UAC (User Account Control) on
your PCs. Problem solved.
Of course some of
you may actually like UAC and consider it a good thing to have. If so you
need this solution Nothing to do with E-Z
Audit, just how UAC works.
Q. Some of my machines are not showing antivirus, antispyware and firewall details. Why?
This information is available only on Windows XP SP2 or higher, Vista and Windows 7.
It is not available from Windows servers at all – a
design decision by Microsoft presumably for security reasons.
It is also dependent on whether the vendor for the particular product is
reporting its status to Windows. Reasonably current versions from most major vendors do
report it, although there may be some exceptions.
Microsoft has changed this functionality at least three times since XP SP2 and
provided scant to no documentation, so it's always subject to change. Most
vendors, most of the time, we can get the data. Also, the default Windows
firewall doesn't report anything.
Q. Some of my PCs are not reporting Make, Model, Serial Number or some other data.
If you bought "white-box" machines manufactured by a local vendor, VAR's, etc.,
they likely don't flash the BIOS with any of this data. This is normal as
generally they really don't have a Make or Model, and many do not even assign a
serial number. We have a machine we use for gaming (yes, we do have to relax
sometimes!) from a very big name in such PCs and those fields are blank.
If it's an XP or newer version of Windows and a "brand name" vendor, then likely
the WMI store may have gotten corrupted.
Read this to repair WMI
If the PC is Windows NT4, 2000 or 9x, we've decremented support for these legacy
systems and your results may vary. On your own with these, sorry as even
Microsoft won't touch them.
Q. I am using Windows 7 or Server
2008 and get "The
application failed to initialize properly 0xc000000F"
Microsoft has released a hot fix for this at
http://support.microsoft.com/kb/978869We've only seen this reported from
some rather obscure ways of launching E-Z Audit (e.g. an AS/400 was one such
example - really! Wow!), but here it is in case it happens to you.
Q. I am using Windows 7 (or Vista) and
can't find where E-Z Audit is saving the configuration file
Open Windows Explorer and click the Organize button, then Folder and Search
Options. Click the View tab and select the View Hidden Files and Folders
option. Close and re-open Explorer then go to
C:\ProgramData\EZAudit\{version #}\Network Scanner Configuration Files
Q. I have some Core Duo, XEON or Celeron processors that show incorrect information. Why?
This is very rare and has to do with Intel and Microsoft not really getting in
sync with some processor releases. One known example is documented here
http://support.microsoft.com/kb/952978For XP and Server 2003, there is a
Microsoft Hot fix at
http://support.microsoft.com/kb/953955
The other time we've seen this was with some "E"-series" processors,
usually present on servers.
They report as being Xeon processors, but the user is unaware of this as they
thought they'd purchased, say, an E8500 processor. It's the same thing,
its a Xeon processor with some mods.
Intel markets things with different names even when the underlying processor
is the same product with some features turned on or off as suitable for the
particular use.
We make no assumptions on what’s on the machine – what you see is what
Windows reports back to us.
Q. My audits are not being updated even though the scanner is running normally (or new audits not created until I delete the old audits).
Have you set an audit frequency of 0 (zero) days in your configuration file for
automated audits?
A zero days frequency only audits PCs one time and never again until the
existing audit has been deleted or moved to another folder.
If only some PCs are experiencing this, check the folder
where ezscan.exe is located on in your server's shared audit folder for
errorlog.txt and see what they are reporting. (Note, this file can only be
created and updated if your user have Create and Write and Modify permissions on the folder
where you are running the audits from, i.e. where ezscan.exe is located).
If a PC has remained logged in continuously for longer than the frequency
you set, it would not be re-audited. It is audited at login time, so if
your frequency is every day and the PC has been on and logged in for a two,
three or more days, then it is not being re-audited. You can implement our
E-Z Audit On-Demand and
get audits for these "perpetually-on" machines.
Q. Why are some of my audits being reported as 'bad' and renamed with a .badEZ{version} extension?
E-Z Audit does not support double-byte languages such as Chinese or Japanese.
While a machine can be running a non-double-byte iteration of Windows, some
programs that have header data or other data in such languages can result in
'bad' data. If the file is read-only or on a read-only media such as a
CD/DVD, move it to a read/write drive or change the read only attribute.
In rare cases there's a network bottleneck. Test by copying the audits
to your PC and open them from that local folder location. No errors means
likely network bottleneck problem.
|