Logo WinAudit Computer Audit Software
   
 
WinAudit Freeware - Documentation
WinAudit  | Contents | Previous Topic | Next Topic |
 
WinAudit :: Command Line Usage

You can invoke WinAudit from the command line, in this mode the programme executes without showing its main window. In this manner, you can automate the auditing of computers using batch files or login scripts on a domain controller. If need be, you can post the results directly to a database or save them to a centralised networked drive in a variety of formats.

WinAudit collects security related data, therefore it does not run in silent mode. A small window is displayed informing the user that information is being collected. This behaviour will not be changed. If this window is closed, the audit is not stopped, it continues to execute in the background. No provision is made for sending an e-mail in command line mode. When WinAudit is started from a batch file, control passes asynchronously to the next line of the file. You will need to wait for WinAudit to finish if you intend to post-process the output.

Some tips:
- Try to use WinAudit in user interface mode before invoking it via the command line.
- Ensure you have included the report switch '/r=' with some category letters.
- The category letters are case sensitive
- Use only backslashes slashes '\' for file path separators.
- It is not necessary to quote output or log file paths even if there are spaces.
- WinAudit returns a code of zero (0) on success or non-zero if an error occurred.
- A logging facility is provided to help you diagnose problems.

The command syntax (all on one line) is:
WinAudit.exe /h /r=gsoPxuTUeERNtnzDaIbMpmidcSArCHGBLJF /o=format
/f=file /u=user /p=pwd /e="extensions" /l=log_file /m=msg /L=Language /E=event_log


All switches are optional, if none are supplied the programme runs in Windows® mode. See examples below.

Switch Options Comment
/h   Show a help message and exit.
/r   Report content, default is NO sections, i.e. nothing is done.
  g Include System Overview
  s Include Installed Software
  o Include Operating System
  P Include Peripherals
  x Include Security
  u Include Groups and Users (Window® NT4 and above)
  T Include Scheduled Tasks
  U Include Uptime Statistics (Window® NT4 and above)
  e Include Error Logs (Window® NT4 and above)
  E Include Environment Variables
  R Include Regional Settings
  N Include Windows Network
  t Include Network TCP/IP
  n Include Network BIOS
  z Include Devices (Windows®98 and newer)
  D Include Display Capabilities
  a Include Display Adapters (Windows®98 and newer)
  I Include Installed Printers
  b Include BIOS Version
  M Include System Management
  p Include Processor
  m Include Memory
  i Include Physical Disks: Caution
  d Include Drives
  c Include Communication Ports
  S Include Startup Programs
  A Include Services (Window® NT4 and above)
  r Include Running Programs
  C Include ODBC Information
  H Include Software Metering
  G Include User Logon Statistics
  B Include Loaded Modules
  L Include System Files
  J Include Non-Windows Executables
  F Include Find Files
/o   Output format, if none is specified will default to formatted text (TEXT).
  CHM Save as compiled html.
Requires Html Help Workshop installed. The locations of hhc.exe and hha.dll must in the PATH environment variable.
  CSV Save as comma delimited
  HTML Save as a web page without images
  HTMLi Save as a web page with images
  ODBC Export to a database in columnar format
  ODBC2 Export to a database in tabluar format
  PDF Save in portable document format
  TEXT Save as formatted text
  TEXTt Save as tab delimited text
  TEXTu Save as unicode text ( UTF-16, little endian)
  XML Save as extended markup language
/f   Output file, data source name or database connection string.
The audit report will be saved to this file. The default is 'computername.ext'. macaddress is a reserved word (case insensitive). If specified, the output will be written to a file named using a Media Access Control (MAC) address. If no MAC address can be resolved, then the computer's name will be used. On systems with multiple network adapters, the address of the first one discovered will be used.

If /o is specified as ODBC supply a data source name (DSN) or a connection string. If neither is supplied the default is WinAuditDSN. If the DSN is a File DSN, supply its name only. It must have an extension of .dsn and be located in the user's default DSN directory. If this directory is not specified in the registry, the File DSN must be in the ODBC\Data Sources directory. If a connection string is supplied, it must have the ODBC keyword DRIVER=, no forward slashes and not end with .dsn .

If /o is specified as ODBC2 then you must supply a connection string. You can specify the credentials in either the connection string as UID= and PWD= or as the switches /u= and /p=. For the sake of brevity on the command line, default values for timeouts and error control are used.
/u   User name for database login.
/p   Password for database login or PDF protection. Embedding passwords in a batch file is, of course, questionable but the functionality is available for those who wish to use it.
/e   Quoted list of file extensions to find on local hard drives. Separate each extension by a space.
/t   Timeout in minutes for audit. The audit will automatically stop if it has been running for more than the specified number of minutes. If unspecified, the default is 20 minutes. If a timeout occurs then some or perhaps all data will be discarded.
/l   (little L) The log file path to record diagnostic and activity messages. The log level is fixed at verbose and the output is tab separated machine readable.
If an empty path is specified i.e. '/l=' then the destination will be computername_log.txt in the programme's directory.
If only a directory is supplied e.g. '/l=\\server\audits' then the destination will be '\\server\audits\computername_log.txt'.
To avoid concurrency issues, multiple machines cannot log to the same file.
/m   The message displayed on the audit window. The user sees this window when the audit is running in command line mode. Try to keep this message brief as it must fit in the available space and still remain legible. The message does not need to be quoted. Avoid forward slashes '/' as your message will not display correctly. If no message is supplied then a default one will be shown.
/L   (Capital L) Set the language of strings used by the programme. By default the programme will use the language that matches the computer's regional setting or English if no translation is available. You can override this behaviour by specifying which language to use as follows:
/L=be - French (Belgium)
/L=br - Portuguese (Brazilian)
/L=cs - Czech
/L=da - Danish
/L=de - German
/L=el - Greek
/L=en - English
/L=es - Spanish
/L=fr - French (France)
/L=he - Hebrew
/L=hu - Hungarian
/L=id - Indonesian
/L=it - Italian
/L=jp - Japanese (winauditu.exe only)
/L=ko - Korean (winauditu.exe only)
/L=nl - Dutch
/L=pl - Polish
/L=pt - Portuguese (Portugal)
/L=ru - Russian
/L=sk - Slovak
/L=sr - Serbian(Latin)
/L=th - Thai
/L=tr - Turkish
/L=zh_tw - Traditional Chinese (winauditu.exe only)

This can help to ensure consistent reporting in a multi-lingual environment. Note, only translated strings are handled; any specific number or date formatting is still done according to the computer's regional setting. For CSV output, the programme will emit commas regardless of any regional setting. PDF document creation will use the code page associated with the specified language however, proper character translation is not guaranteed.

WinAudit ANSI: Choosing a language which has a character set (code page) outside of the one a computer is using may give rise to undesired results. For example, German and Czech are from the Western and Central European character sets respectively. Character number 163 corresponds to the Japanese Yen sign in the former and a variant of the letter A in the latter. In general, characters used in the English language are common across all character sets so setting /L=en would probably give the most consistent results.

WinAudit Unicode: Use this version in preference over the ANSI version if you are in an NT only environment. The Unicode version will automatically perform UTF-8 conversion of characters for HTML and XML output. Text files are saved in Unicode format (UTF-16 little endian) and database connectivity is via wide (2-byte) characters. Diagnostic logging will detect the log file's encoding scheme. You should also be able to set a message (/m) and use file paths in Unicode.
/E   (Capital E) The maximum number of unique error messages to display for a given event log. Permissible range is 1-99, if no value is supplied then the default is 25. These are reported in reverse chronological order with exact duplicates by description ignored. Note, only messages posted to an event log at a severity of 'Error' are reported. Processing will automatically stop after retrieval of 5000 entries of any severity level from the event log, regardless of the number of errors found.


Examples of command line invocation

To view the command line usage, at the command prompt, type:
WinAudit.exe /h
To audit your computer showing only the System Overview and to save the report in the default TEXT format using the default filename of 'computername.txt'.
WinAudit.exe /r=g
To audit your computer showing the System Overview and Operating System sections and to save the report in TEXT format in directory C:\Temp
WinAudit.exe /r=go /f=C:\Temp
To audit your computer showing the System Overview, Operating System and Installed Software sections and to save the report in CSV format with filename 'computername.csv' on a remote computer called SERVER in the networked shared directory Audits
WinAudit.exe /r=gos /o=CSV f=\\SERVER\Audits
To save the audit as a PDF document with the password smith.
WinAudit.exe /r=gos /o=PDF /p=smith
To send the audit to an Access database specified by the Data Source Name (DSN) 'AccessDSN' that is not password protected.
WinAudit.exe /r=gos /o=ODBC /f=AccessDSN
To send the audit to a SQL Server(TM) database specified by the Data Source Name (DSN) 'SQLServerDSN' using the user name 'John' and the password 'Smith'.
WinAudit.exe /r=gos /o=ODBC /f=SQLServerDSN /u=John /p=Smith
To scan your hard drives for executables and zip files and save the information in MyFiles.html with images. Stop if this is taking more than 5 minutes.
WinAudit.exe /r=F /f=MyFiles.html /o=HTMLi /e="exe zip" /t=5
Get a System Overview and log the audit to a file called log.txt. The audit will be saved in 'computername.txt'.
WinAudit.exe /r=g /l=log.txt
Get a System Overview with the user seeing a custom message displayed in a window. The audit will be saved in 'computername.txt'.
WinAudit.exe /r=g /m=The network administrator is examining this computer.
Get a lot of categories using Italian translation strings where possible and save the output in XML format.
WinAudit.exe /r=gsoPxuTUeNt /o=XML /L=it
Get some data in html format and save the output using the MAC address as the file name. This enables data for machines that have the same name to be saved in the same directory. Image file names specific to the computer, such as memory usage, will be prepended with the MAC address.
WinAudit.exe /r=gsmd /o=HTMLi /f=%LOGONSERVER%\temp\macaddress
Get a report of the software on the computer and save it in compiled html format. The output will be saved to 'computername.chm'. For this to work the computer must have Html Help Workshop installed.
WinAudit.exe /r=s /o=chm
Send a system overview to a database specified by a machine independent data source (File DSN) named database.dsn. The File DSN must be in the user's default DSN directory which is specified in the registry as key DefaultDSNDir at HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\ODBC File DSN. If this registry key does not exist, the File DSN must be in the 'ODBC\Data Sources' directory below the system level directory specified as key CommonFilesDir at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, e.g. 'C:\Program Files\Common Files\ODBC\Data Sources'.
WinAudit.exe /r=g /o=ODBC /f=database.dsn
Send a system overview to an Access database using a DSN-Less connection string. The string must have the keyword DRIVER, have no forward slashes and must not end with .dsn.
WinAudit.exe /r=g /o=ODBC /f=DBQ=C:\access.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;
Send a system overview to SQL Server on a computer named PXSSQLSVR using a DSN-Less connection string. Connect as system administrator (sa) to a database named winauditdb and write out a log file to log.txt. On successful connect, the Completion Connection String will be reported in the log file. Note, there is a space between 'SQL' and 'Server'.
WinAudit.exe /r=g /o=ODBC /f=DRIVER=SQL Server;SERVER=PXSSQLSVR;UID=sa;DATABASE=winauditdb; /l=log.txt
Send a system overview to a MySQL database named winauditdb on the local computer using a DSN-Less connection string. Connect as root with a password.
WinAudit.exe /r=g /o=ODBC /f=DRIVER=MySQL ODBC 3.51 Driver;SERVER=localhost;UID=root;PWD=123456;DATABASE=winauditdb;
Scan the Event logs for (e)rrors, report up to a maximum of 50 entries per event log.
WinAudit.exe /r=e /E=50
Save a system overview using the ODBC2 switch to a password protected Access database. This is for Access versions from 97 to 2003. The records are stored in tabluar format in the Audit_Data table of the database. When using the ODBC2 you must specify a connection string.
WinAudit.exe /r=g /o=ODBC2 /f=DRIVER={Microsoft Access Driver (*.mdb)};DBQ=C:\Data\WinAuditDB.mdb;UID=admin;PWD=123456
Save many data categories using the ODBC2 switch to an Access 2007 database.
WinAudit.exe /r=gsopxuTUeERNt /o=ODBC2 /f=DRIVER={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=C:\Data\WinAuditDB.accdb;UID=admin;PWD=123456
Save a system overview using the ODBC2 switch to a MySQL database on the local machine with a root login.
WinAudit.exe /r=g /o=ODBC2 /f=DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=WinAuditDB;OPTION=2;UID=root;PWD=123456;PORT=0;
Save a system overview using the ODBC2 switch to a SQL Server database on a trusted connection.
WinAudit.exe /r=g /o=ODBC2 /f=DRIVER={SQL Server};SERVER=PXSSQLSVR;DATABASE=WinAuditDB;Trusted_Connection=Yes;
Save a system overview using the ODBC2 switch to an Oracle database.
WinAudit.exe /r=g /o=ODBC2 /f=DRIVER={Oracle ODBC Driver};DBQ=PXSNETSVR;UID=winaudit_user;PWD=qwerty;


 
 
©Copyright 2003-2011, Parmavex Services