This Document applies to AuditWizard™ Standard and SQL Versions Overview- This document explains how to create User Defined Applications. There are cases where there are possibly applications that have not been detected through the conventional scanning method (via scan32.exe). Since there is no ‘Standard’ in which software vendors will install applications to the Operating System, some applications may be missed. AuditWizard has the ability to create custom applications within the interface. We have outlined information on what the scanner collects and how to configure it to find other applications for complete reporting on all applications you are licensed for. Scanning MethodsAuditWizard uses two distinct methods by which the applications installed on a PC can be identified. Registered Applications These are applications that have been installed on to the PC using a ‘standard’ Windows installation. In the majority of cases, this will be a full and comprehensive list of the software on the PC. The information for the Registered Applications is read from the Windows System Registry and is equivalent to that displayed by the Add/Remove Programs control panel applet. While comprehensive and efficient, Registered Applications occasionally do not provide sufficient information as to the exact version of the application. This is because the information read from the registry, is defined by the application vendor and may not be very comprehensive. In more recent versions of AuditWizard (V5 and above), we now recover the ‘DisplayVersion’ and other values for each application where available, which will add this to the end of each application name as follows: ‘Application Name [1.1.0]’. Page 1 How to Create User Defined Applications Knowledge Base Applications The AuditWizard scanner recovers exact details on the specified file types from the PCs being audited. These details are then matched against AuditWizard’s internal knowledge base to establish the name and version of the application to which the file belongs. The Software Knowledge Base supplied with AuditWizard (SYSTEM.ADB) contains over 2000 separate application definitions, with multiple versions for each application. This however is only a fairly small percentage of the total number of applications on the market today. To circumvent this restriction, AuditWizard allows the user to define additional mappings between a file of a given name, size, date and CRC and its associated application. These definitions are known as User Defined Applications. Please note, there is currently no distinction between User Defined applications and Registered applications in the software list within AuditWizard however, the program does give you the ability to create User Defined Software fields. Although Knowledge Base and User Defined Applications can return very detailed information as to exactly which applications are installed on to your PCs, they do require either a partial or full scan of the hard disk drives on the PC. This can significantly increase both the time taken for the audit to complete, the amount of data created by the audit, and additional time to upload into the central database. For this reason, by default, the AuditWizard file scanner and the Knowledgebase is disabled and therefore knowledgebase and user defined applications will not be audited. Step 1 - Enable the AuditWizard file scanner 1. Start the main AuditWizard program and log in with an account that has Auditor, or Admin rights, if security has been enabled. 2. If the Startup screen is displayed, select Close, then proceed to the Profile Tab at the bottom of the main interface. From the Profile tab, there will be an Active Profile (usually Default, unless otherwise configured). As of version 5.2 onwards, there is now a ‘FileAudit’ profile, which is usually not active. If you are on this version and do not see this profile, try downloading this file: http://laytontechnology.com/pub/updates/fileaudit.zip. Unzip the file, and then place this file in the root of the AuditWizard program folder. A close and relaunch of the program may be required so the new profile is recognized. If you plan to keep all of the same scanner settings as the current Active scanner profile, you may want to right clic k on the Active scanner profile and select the Copy option, then name the profile ‘FileScan’ or similar and set this to be the active profile. 3. Right click on the ‘FileAudit’ Profile then click on the L ‘ oad’ option (or other profile intended for use with the file scanner). This will make it ‘Active’. Page 2 How to Create User Defined Applications 4. Expand the Profile, then click on Software Collection option. On the right hand pane (the view pane), will be some options to configure. Tick the ‘Specified Folders’ option. 5. In this example, we will use the executable for Solitaire, which is located in ‘C:\Windows\system32’ (for 95/98/ME/XP), or C:\Winnt\system32’ (for NT/ 2000). You can specify both paths if there are varied Operating Systems on the network. These paths above will need to be entered in the ‘Folders’ box. The default entry can be changed by double clicking on the name (‘Program Files’), and then will allow you to rename the current entry. To add a new entry in this box, click the dotted square box icon in the Folders bar, which will create a new entry to be populated in this window. In this case, we will also use the ‘Specified Files’ option to define the exact name of the executable (SOL.exe). **Note- We highly recommend specifying exact locations of a folder where an executable may reside. Please be aware that if the ‘All Folders’ option is enabled, it will scan the entire PC’s hard drive structure (excluding Mapped drives). For PC’s that have larger hard drives, it can take a good deal of time to complete the file scan, and also creates larger data files, which can take longer to upload to the database. Page 3 How to Create User Defined Applications You can reduce the over-head of the file scanner by restricting either the range of folders that the AuditWizard scanner has to check, or by restricting the types of file checked. For now though we will simply enable full file scanning. 6. Click on the ‘Scanner Deployment’ section on the left. This area will allow you to define the scanner path and the data path. The original paths used in the previous active profile can be used here, or a new scanner path can be specified if you would like to run a manual scan on a PC with this Scanner configuration. 7. Move to the General Settings section on the left. The ‘Software Recognition’ area defines exactly how the files are to be identified and collected. This section allows you to enable the CRC collection, and Time Stamp collection. Keep in mind that when these 2 options are enabled, it will upload each file that was collected with the CRC check and Time stamp, which means if you have the same program installed on several workstations with varied operating systems, you may find several slightly different instances of the same executable. When assigning files described in the next section below, it may not always find a match for the EXE automatically due to the differences found in the CRC check and Time stamp collection. 8. Move to the Upload Settings option on the left. Scroll down to the bottom of the View pane to the Settings section. There is an option here to ‘Auto-Assign files at upload’. This will take files that have vendor specific information and auto assign the collected files as an application. This can be useful for the next section that describes assigning files. If you wish to manually assign the files, ensure this option is not checked. 9. Once the options have been defined for this scanner, you can easily go to the Audit | Scanner | Build menu option to build the current changes to the scanner folder that was chosen in step 6 above. If you move to the Data or Admin Tabs, you may also be prompted to rebuild the changes to the scanner. If you have already gone to the Audit | Scanner | Build menu, this can be bypassed by clicking ‘No’. 10. Click on OK to close the Scanner Configuration window. You will be warned that the scanner must be re-built. Click on Yes to build the scanner, so copying the necessary files to the SCANNER network shared folder. 11. When your PCs are next audited, and the results of the audit uploaded into the AuditWizard database, you will see additional items in the audit tree that represent any Knowledge Base Applications identified and the contents of the disk drives on the PC. When expanding the Asset in the tree, a folder with C: will appear at the bottom of the asset’s list of items, as noted in the screen shot below. Expanding the C: folder and sublevels allows you to see the files that have been detected in a specified folder from the audit scan. Page 4 How to Create User Defined Applications Step 2 – Identify Applications that have not been recognized Once you have checked the list of knowledge base applic ations that have been recognized, the next stage is to set up definitions for any that have not. 1. Hide empty folder and recognized files, either by clicking the appropriate buttons on the AuditWizard toolbar, or by selecting View | Tree | Hide Empty Folders and View | Data | Hide Recognized Files. This will reduce the number of folders and files shown to only those containing unrecognized files. 2. Identify the primary file for the application that is to be assigned and browse through the remaining folders to locate the file. For example, consider the application ‘Solitare’ – its main executable is SOL.EXE, which is generally located in the Windows\system32 folder and therefore this is the file to look for. The primary file for an application can often be determined by looking at the shortcut for the application in the Start menu. This will usually point to the main executable for the application. Page 5 How to Create User Defined Applications Auto-Assigning an Application Right click on the file and check to see if the Auto-Assign option is enabled. AutoAssign reads the header information from the selected file and picks up the version information encoded into it by the application vendor. In some instances, this information has not been added to the executable and therefore Auto-Assign may not always be available. If Auto-Assign is available, click on it to create a user defined application from the file’s version information. If the UnAssign is enabled, it indicates the application has been Auto-Assigned, or previously Assigned and will show the application it is assigned to, to the right of the file in the View Pane. Manual Assignment of an Application 1. Where Auto-Assign is not available, or when you would prefer to define your own application names, you can Right click the executable and then select Assign To. 2. When clicking the Assign To option, it will pop up a window such as the one below, which allows you to configure the application name. Note, the application name chosen is the name that will later appear in the Software list. 3. Select the New App button. This will pop up a new window like the one below that allows you to specify the name of the application, as you would like it to appear. Page 6 How to Create User Defined Applications 4. Click the Add button to add the new application name to the list. This will appear in the Assign to Window with the list of applications, including the new one that has been defined. 5. The final step now is to click the Assign button, which will finalize the executable name to the application that was created. You should now see something similar below: After assigning a user-defined application, refresh the main AuditWizard view by pressing the F5 key. This will ensure that the new assignment is propagated through-out the tree. Both user-defined and knowledge base applications ma tch on the name of the file, its size, creation date and its CRC value. This ensures that the matching process is exact, and allows you to create assignments for multiple different versions of the Page 7 How to Create User Defined Applications same file. For example you can set up a mapping for Solitaire 5.1.2600.0 and Solitaire 5.1.2138.1 as the main application file SOL.exe is likely to have changed between the different versions. File Icon Definitions There are 2 different file Icons available when viewing the files in the Data tab. They are as follows: This icon represents a file that has be Automatically recognized, Assigned, or Auto assigned. This icon represents a file that has NOT been Automatically recognized, Assigned, or Auto assigned. This is the icon that represents an application in the Software list. Assigned applications also use this Icon. Document updated 10/12/04 Page 8 How to Create User Defined Applications