Support Center

<p>Can I audit the Windows 7 operating system using iInventory v7?</p><p><span id="bodyfont"> <p>iInventory v7 is fully compatible with Windows 7. The iInventory console may be installed on Windows 7 machines (x86 versions)  and used for both software and hardware data auditing (x86 and x64 versions). </p> <p>Audits can be achieved using either remote auditing or the Windows audit agents (agent32.exe). However because of the increased security levels provided by User Account Control within Windows 7 some configuration changes may be required to allow remote auditing to take place effectively.</p> <p>The article below from Microsoft explains which changes may be required to successfully audit your computers remotely.</p> <p><strong><u>Handling Remote Connections Under UAC</u></strong></p> <p> </p> <p>Whether you are connecting to a remote computer in a domain or in a workgroup determines whether UAC filtering occurs.</p> <p>If your computer is part of a domain, connect to the target computer using a domain account that is in the local Administrators group of the remote computer. Then UAC access token filtering does not affect domain accounts in the local Administrators group. Do not use a local, non-domain account on the remote computer, even if the account is in the Administrators group. </p> <p>In a workgroup, the account connecting to the remote computer is a local user on that computer. Even if the account is in the Administrators group, UAC filtering means that a script runs as a standard user. A best practice is to create a dedicated local user group or user account on the target computer specifically for remote connections. </p> <p>The security must be adjusted to be able to use this account because the account never has administrative privileges. Give the local user:</p> <ul> <li>Remote launch and activate rights to access DCOM. For more information, see <a onclick="javascript:Track('ctl00_LibFrame_ctl01|ctl00_LibFrame_ctl09',this);" href="http://msdn2.microsoft.com/en-gb/library/aa389290.aspx">Connecting to WMI on a Remote Computer</a>. </li> <li>Rights to access the WMI namespace remotely (Remote Enable). For more information, see <a onclick="javascript:Track('ctl00_LibFrame_ctl01|ctl00_LibFrame_ctl10',this);" href="http://msdn2.microsoft.com/en-gb/library/aa822575.aspx">Access to WMI Namespaces</a>. </li> <li>Right to access the specific securable object, depending on the security required by the object. </li> </ul> <p>If you use a local account, either because you are in a workgroup or it is a local computer account, you may be forced to give specific tasks to a local user. For example, you can grant the user the right to stop or start a specific service through the SC.exe command, the <a onclick="javascript:Track('ctl00_LibFrame_ctl01|ctl00_LibFrame_ctl11',this);" href="http://msdn2.microsoft.com/en-gb/library/aa390785.aspx"><strong>GetSecurityDescriptor</strong></a> and <a onclick="javascript:Track('ctl00_LibFrame_ctl01|ctl00_LibFrame_ctl12',this);" href="http://msdn2.microsoft.com/en-gb/library/aa393596.aspx"><strong>SetSecurityDescriptor</strong></a> methods of <a onclick="javascript:Track('ctl00_LibFrame_ctl01|ctl00_LibFrame_ctl13',this);" href="http://msdn2.microsoft.com/en-gb/library/aa394418.aspx"><strong>Win32_Service</strong></a>, or through Group Policy using Gpedit.msc. Some securable objects may not allow a standard user to perform tasks and offer no means to alter the default security. In this case, you may need to disable UAC so that the local user account is not filtered and becomes a full administrator. Be aware that for security reasons, disabling UAC should be a last resort. </p> <p>Disabling Remote UAC by changing the registry key that controls Remote UAC is not recommended but may be necessary in a workgroup. The registry key is <strong>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy</strong>. When the value of this key is zero (0), Remote UAC access token filtering is enabled. When the value is 1, remote UAC is disabled. </p> </span></p><h3>Alternate Questions/Keywords</h3><p></p><br><br><br><br><a target='_new' href='http://www.parature.com' style='font-family:Verdana;font-size:10px;color:999999;'>Help Desk and Customer Support Software by Parature</a>