Asset Audits

The Asset Management module has several options that you can use to import configuration information from PCs and Macs. The audits can be performed as part of an automated process or they can be manually run when needed. Either process will write the configuration information to an XML file that can be automatically uploaded to your Issuetrak site. You have the flexibility to choose the method that works best for you, or you may choose a combination of both methods.


 

Auditing PCs

The auditing of PCs is done by a program named TrakPC.exe, which can be manually run from a command line or it can be automated by using a login script. Another option is by using the Scan PC option within Issuetrak. This allows users to easily initiate and upload an on-demand audit from the Issuetrak user interface.


TrakPC General Usage

The TrakPC.exe file can be found in the TrakPC folder within the Issuetrak web folder. It can be copied to a network shared drive, and can be run from a command line or via a batch file with no installation needed.

When running the TrakPC.exe file, you will use the following general command format:

TrakPC.exe [filename] [/options]

This command will run TrakPC and automatically produce an XML file containing audit information about the PC. If no [filename] is specified, the twelve characters after “TrakPC-” will be the MAC address of the NIC. This forms part of the file name to be sure that it is unique.

Example default filename:

TrakPC-00-08-82-AE-41-25.xml

In most situations you'll specify a command line parameter to send the output of TrakPC to the server running Issuetrak, using the “/u” option.

Example:

TrakPC.exe/u"https://www.Issuetrak.com/support/Inv_TrakPC_URLSubmit.asp"

The ASP page Inv_TrakPC.asp receives the audit data and writes a record to the audit table in Issuetrak. Once that has been done, you can apply the audit records to your asset records via the Asset Audits page on your Issuetrak site.

Usage Examples:

Example 1: This runs the TrakPC.exe from the same location as the batch file.

TrakPC.exe /u"https://Issuetrak/inv_TrakPC_URLsubmit.asp"

Example 2: This runs the TrakPC.exe from the root of the C:\ drive and has a frequency set for weekly.

C:\TrakPC.exe /fw /u"https://Issuetrak/inv_TrakPC_URLsubmit.asp"

Example 3: This runs the TrakPC.exe from a shared folder and has a frequency set for monthly.

\\share\TrakPC.exe /fm /u"https://Issuetrak/inv_TrakPC_URLsubmit.asp"

Example 4: This runs the TrakPC.exe from the same location as the batch file, but outputs the XMLfile to the C:\Temp\ folder and has a frequency set for quarterly.

TrakPC.exe C:\Temp\ /fq /u"https://Issuetrak/inv_TrakPC_URLsubmit.asp"

These examples provide a few different scenarios of frequency, executable location, and XML file output location. Note that although we are specifying an SSL site to POST to as a best practice, TrakPC will also work with non-SSL sites.


Output Location

By default, TrakPC will place the XML file in the current user's temp folder. For most people, this will be fine. However, if multiple users use the same computer, then a login script could potentially run multiple times for the same computer even if you have a frequency set. To set a universal location for the XML file, simply place the universal location after trakpc.exe.

Make sure that your users have permission over this location, otherwise they will receive an error because they don't have the appropriate permissions to create a file there. 

Example: This will output the XML file into C:\Temp with the name TrakPC.xml.

C:\Trak\TrakPC.exe c:\Temp\TrakPC.xml /u"https://yoursitename/inv_TrakPC_URLSubmit.asp"

Setting Frequency

It is up to you to determine how often the TrakPC script should run. As a best practice, set a weekly frequency by using the /fw switch.

Frequency options for TrakPC:

Frequency Switch Switch Values Additional Comments
Once /fo N/A Directs TrakPC to post a one-time audit.  This is the default behavior of TrakPC when a frequency switch is not specified.
Daily /fd N/A Directs TrakPC to post an audit if there is no existing XML file file or if it is not today's date.
Weekly /fw null, 0-6

Directs TrakPC to post an audit every week on the day specified by the switch value:

  • 1 - Monday
  • 2 - Tuesday
  • 3 - Wednesday
  • 4 - Thursday
  • 5 - Friday
  • 6 - Saturday
  • 7 - Sunday
Monthly /fm null, 1-31 Directs TrakPC to post an audit every month on the day specified by the switch value. If the specified switch value exceeds the number of days in the current month, then TrakPC will post on the last day of the month.
Quarterly /fq null, 0-92 Directs TrakPC to post an audit every quarter on the day specified by the switch value. If the specified switch value exceeds the number of days in the current quarter, then TrakPC will post on the last day of the quarter.
Yearly /fy null, MMDD Directs TrakPC to post an audit every year on the month and day specified by the switch value. Replace "MMDD" with the month and day of the year.

The /fw, /fm, /fq, /fy options are subject to "date creep".

For example, suppose you’re using the /fw switch and the current XML file is dated for Tuesday. If for whatever reason TrakPC isn't run on the following Tuesday, The next time TrakPC is started (say, on Wednesday), it notes that the XML file is more than a week old and generates a new file.

The XML file is now dated on a Wednesday, and next week's run will also be on Wednesday; shifting the day of the week when the audit will run. Over time it is possible for an entire week to be skipped if the date "creeps" to Friday and then the machine isn't started on a Friday.

To avoid date creeps, you can specify a particular day or month.


How to Create a TrakPC Login Script or Batch File

If you wish to run TrakPC on a periodic basis, one method is to use the Windows Task Scheduler. However, this would require that you setup a task on every asset you wish to audit. An easier option is to run TrakPC via a logon script.

Anonymous Authentication needs to be enabled for a single ASP file on your Issuetrak site in order for TrakPC to successfully POST its audits. 

You will need to identify a location where the TrakPC executable will reside. If you wish to use this as part of a login script, then you will need to identify a shared network drive location that all of your users will be able to access.

Copy the TrakPC.exe file found in your Issuetrak web directory's "TrakPC" folder to the location you've found most suitable.

Steps:

  1. Right-click on your Desktop, choose New, and then Text Document.
  2. Name the file "TrakPC.txt".
  3. Open the text document, then copy and paste the following:
     
    location\TrakPC.exe /u"https://yoursitename/inv_TrakPC_URLSubmit.asp"
    pause
  4. Keep the structure of the lines above the same. Spaces and quotes should be retained.
  5. Update location to reflect the full folder path to your TrakPC executable.
  6. Update yoursitename to reflect the URL/hostname of your Issuetrak site.
  7. Save the file.
  8. Rename the text file to TrakPC.bat.
  9. Execute the batch file by double-clicking on it.  You should receive a message similar to the following:
     
    Gathering information
    Posting data to "https://yoursite/inv_TrakPC_URLSubmit.asp"
    POST successful, data sent
    Done
  10. If you do not see a "POST successful" message, then you'll need to troubleshoot the error it specifies. 
  11. If you do see "POST successful", then edit the file and remove the line "pause" and save the batch file again.

Note that although we are specifying an SSL site to POST to as a best practice, TrakPC will also work with non-SSL sites. If your site is not using SSL, ensure that you change the https in the batch file to http.


ScanPC

Your users can import their own PC information into Issuetrak if Use ScanPC – On Demand Audits was selected when activating the Asset Management Module on the Features page.

Once that option has been enabled, a menu option called Scan PC will be included on their Home menu. Clicking on it will bring them to the ScanPC page.

ScanPC functionality is currently only available for PCs. The only audit capability for MACs is TrakMac at this time.

 


 

Auditing Macs

TrakMac is a program that audits the current state of a Mac on your network and then posts that audit to your Issuetrak web server.  It is the Mac counterpart to TrakPC.  Both TrakMac and TrakPC are extensions to Issuetrak's Asset Management module. 

TrakMac requires a minimum OS version of 10.13 in order to work properly.

While we describe the available command line options, syntax, and general use of TrakMac here, we do not describe the actual deployment of TrakMac.  You will need to deploy TrakMac using the method that best suits your environment, needs, and established methods of system administration.


Initial Setup

This is a set of instructions to get started with TrakMac.

  1. Find TrakMac. It is included in the Issuetrak web folder as TrakMac.zip, which is found within the TrakPC folder.
  2. Transfer TrakMac.zip to the Mac that will be hosting TrakMac for the other Macs on the network. It is important that the file is hosted on a Mac and not on a Windows machine.
  3. Create a shared network folder on the Mac that will be accessible from the other Macs, and then extract TrakMac.zip within that folder. This will create a folder called TrakMac.
  4. Open a terminal and run the _prepareTrakMak.sh script found within the TrakMac folder. This will take a few seconds, and removes the quarantine file attribute from all files within this folder, allowing the files to be executable.
  5. Ensure the Folder and has read permissions for group and other via the command: ls -al
    • Permissions may be granted to the folder with the command: chmod ugo+r -R ./
  6. As a test, run TrakMac from a terminal and direct it to your Issuetrak site using the URL command line option found below.

Command Line Options

You can pass command line options to TrakMac, which will allow you to target a Issuetrak site to post audits to, as well as determine how often audits should be posted from the current machine. It is also possible to run TrakMac without command line options, which will result in an XML audit file being generated locally without posting it to a site.

TrakMac supports two command line options: URL and Frequency.

URL Option

The URL option is passed to TrakMac with a /u switch. The URL must immediately follow the /u without any spaces. TrakMac supports posting to both SSL and non-SSL sites. The URL should be the root of your Issuetrak site.

Usage Example:

./TrakMac /uhttps://myissuetraksite

The example above tells TrakMac to post its audit to https://myissuetraksite.

Frequency Option

The Frequency option is passed to TrakMac with a variation of the /f switch. There are several rules to be aware of for this option:

  1. The Once and Daily variations have no possible switch values.
  2. When switch values are specified, it must be specified immediately after the switch without a space.
     
    • Incorrect Syntax
      ./TrakMac /uhttps://myissuetraksite /fw 0
    • Correct Syntax
      ./TrakMac /uhttps://myissuetraksite /fw0
  3. If no switch value is specified, then TrakMac will use the last-modified date/time of the ~/.trakmac-last-run file as the last run date when determining if it should run now. 

Frequency options for TrakMac:

Frequency Switch Switch Values Additional Comments
Once /fo N/A Directs TrakMac to post a one-time audit. This is the default behavior of TrakMac when a frequency switch is not specified.
Daily /fd N/A Directs TrakMac to post an audit if there is no ~/.trakmac-last-run file or if it is not today's date.
Weekly /fw null, 0-6

Directs TrakMac to post an audit every week on the day specified by the switch value:

  • 0 - Sunday
  • 1 - Monday
  • 2 - Tuesday
  • 3 - Wednesday
  • 4 - Thursday
  • 5 - Friday
  • 6 - Saturday
Monthly /fm null, 1-31 Directs TrakMac to post an audit every month on the day specified by the switch value. If the specified switch value exceeds the number of days in the current month, then TrakMac will post on the last day of the month.
Quarterly /fq null, 0-92 Directs TrakMac to post an audit every quarter on the day specified by the switch value. If the specified switch value exceeds the number of days in the current quarter, then TrakMac will post on the last day of the quarter.
Yearly /fy null, MMDD Directs TrakMac to post an audit every year on the month and day specified by the switch value. Replace "MMDD" with the month and day of the year.

The /fw, /fm, /fq, /fy options are subject to "date creep".

For example, suppose you’re using the /fw switch and the current XML file is dated for Tuesday. If for whatever reason TrakMac isn't run on the following Tuesday, The next time TrakMac is started (say, on Wednesday), it notes that the XML file is more than a week old and generates a new file.

The XML file is now dated on a Wednesday, and next week's run will also be on Wednesday; shifting the day of the week when the audit will run. Over time it is possible for an entire week to be skipped if the date "creeps" to Friday and then the machine isn't started on a Friday.

To avoid date creeps, you can specify a particular day or month.

Frequency Option Usage Examples:

Example 1: This example tells TrakMac to create and post an audit every Sunday to https://myissuetraksite.

./TrakMac /uhttps://myissuetraksite /fw0

Example 2: This example tells TrakMac to create and post an audit every month, based on the last-modified date of the current user's ~/.trakmac-last-run file.  If the last-modified date of .trakmac-last-run is last month on the 15th, then TrakMac will not post another audit until it is the 15th of the current month.

./TrakMac /uhttps://myissuetraksite /fm

Example 3: This example tells TrakMac to create and post an audit on the 80th day of each quarter.

./TrakMac /uhttps://myissuetraksite /fq80

Example 4: This example tells TrakMac to create and post an audit every year on May 10th.

./TrakMac /uhttps://myissuetraksite /fy0510

Example 5: This example tells TrakMac to create and post an audit every year, based on the last-modified date of the current user's ~/.trakmac-last-run file.  If the last-modified date of .trakmac-last-run is last year on October 15th, then TrakMac will not post another audit until it is October 15th again.

./TrakMac /uhttps://myissuetraksite /fy

These examples provide a few different scenarios of frequency, executable location, and XML file output location. Note that although we are specifying an SSL site to POST to as a best practice, TrakMac will also work with non-SSL sites.


File Structure Considerations

Since Macs are descended from UNIX-based systems, it is important to know a few properties of the file structure as it relates to Macs and TrakMac:

  • Any path that is specified with a tilde (~) at the beginning refers to the home directory of the user that is currently signed into the Mac.
  • Any file or folder that begins with a period (.) is hidden when the ls command is given in a terminal window, as well as when viewing files and folders from within Finder (the file system navigation tool found on every Mac). The period is actually part of the file or folder name, and does not just specify the hidden file property.
  • Therefore, all references to ~/.trakmac-last-run indicate a hidden file named .trakmac-last-run that is located in the current user's home directory.


 

Managing Audits

The Asset Audits option in the Asset Management section of the Settings Lightbox will display the Audit Summary page. This page will show the status of your audit items at a glance. If audit records have been received by Issuetrak, but have not yet been applied, the totals for each type display as links. These links allow you to drill down to a list of the individual audit records for review if desired.

The Pending Items will be split into two groups:

  • Audits without a matching Asset
    • Applying these Audits will create a new Asset record.
  • Audits with a matching Asset
    • Applying these Audits will update the existing Asset record.

The Audit Summary screen also displays the Total Records Currently On Hold and Total Records Applied To Date.


Importing TrakPC Files

TrakPC .xml files can also be manually imported to your Issuetrak site. If TrakPC.exe is executed locally, an .xml file will be created and saved in the local user’s temp folder.

Steps:

  1. Click the gear icon in the upper right > Click on Asset Audits beneath Asset Management.
  2. Click Import TrakPC File on the right context menu.
  3. Click Choose File.
  4. Navigate to the location of the file.
  5. Click to select the file.
  6. Click Open.
  7. Click Import File.

Automatic Asset Audit Application

Issuetrak creates a scheduled task on the Web server during deployment for the purpose of automatically applying asset audits on a regular basis. The scheduled task is set to run once per day and is staggered with other Issuetrak tasks on the Web server.

If it is not desired to have audits automatically applied to the site, then you can disable the scheduled task from Task Scheduler in Windows.


Manual Asset Audit Application

You can manually apply audits on your site either in bulk or individually.

How to apply audits in bulk

Steps:

  1. Click the gear icon in the upper right > Click on Asset Audits beneath Asset Management.
  2. Click the appropriate link to apply the desired audits.
    • apply new will apply all audits for new assets and create the assets records.
    • update will appply all audits for existing assets.
    • apply all will apply all audits for both new and existing assets.

A confirmation message will appear when this process is complete.

Working with individual Audits

There may be times when you wish to review audit records and put off applying them, or apply only a few of the records in the queue.

Steps:

  1. Click the gear icon in the upper right > Click on Asset Audits beneath Asset Management.
  2. Navagate to the Work List page either by clicking the number of audits in the Summary or by using the Work List Output Option on the Search Audit Records page.
  3. You can view the Audit details for individual audits by clicking on the Computer Name.
  4. Once you identify the audits you would like to take action on, check the boxes for those Audits.
    • If you would like to select all audits on that page, you can click Select All.
  5. Click the appropriate button.
    • Apply Items will apply all selected Audits.
    • Place Items On Hold will put the selected Audits in a Hold status and prevent them from being automatically applied.
    • Delete Items will permanently delete the selected Audits. This will not affect any Asset records.
  6. Click OK on the confirmation message.

Archive Audits

Audits can also be archived, which will export the audit details to comma-separated values (CSV) files on the web server and will delete the Audits from the database.

Steps:

  1. Click the gear icon in the upper right > Click on Asset Audits beneath Asset Management.
  2. Click Archive Audits on the right context menu.
  3. Either select an option from the Archival Range dropdown list or enter a custom date range using the Start and End fields.
  4. Click Archive.

A confirmation message will appear when this process is complete.


Search Audits

You can search for specific audits to either take action on them or export them for reporting purposes.

Steps:

  1. Click the gear icon in the upper right > Click on Asset Audits beneath Asset Management.
  2. Click Search on the right context menu.
  3. Select the desired criteria.
  4. Select the desired Output Option.
    • Count Only will just show the number of Audits that meet the specified criteria.
    • Paged List will display details regarding all Audits that meet the specified criteria in a paged list.
    • List Only will display details regarding all Audits that meet the specified criteria in a single page list.
    • Work list will display details regarding all Audits that meet the specified criteria with options to take action on those Audits.
  5. Click Search.

Several pre-built reports are available which list Audited Asset information in summary format with drill down capability. Comparison reports are also available to list configuration and software changes for Audited Assets. These reports can be accessed by clicking the gear icon in the upper right > the clicking on Asset Reports beneath Asset Management. The Asset datasets in Report Writer can be used to create custom asset reports.

Example Output:

TrakMac (Version 1.0.1)
Copyright (c) 2020 Issuetrak, Inc. All Rights Reserved.

Gathering information...
Output file: ./TrakMac-xx-xx-xx-12-23-34.xml
14:19:43 Info:
<html>
 <head>
<script src="js/app/modules.js?v="></script>
  <title>Audit Submit</title>
 </head>
 <body>
[NewItemID=10]<br />
 </body>
</html>

Done

The example output above shows the expected output when audit XML file is successfully posted.


Viewing Audits

While viewing a particular asset item record, you can click the View Audits link located in the top right corner of the screen. This screen displays the below information for each audit executed for that asset item.

  • Audit Date
  • Computer name
  • Operating System
  • Memory
  • Processor MHz

You can drill down into the individual audit records by clicking the Audit Date link. This can allow you to compare audits from different dates to determine if there were any hardware or software changes.


 

Configuring TrakPC/TrakMac/ScanPC for Single Sign-On

TrakPC/TrakMac/ScanPC requires that your Issuetrak Web server is configured to allow anonymous authentication in order for audit information to be POSTed to the site. If your Issuetrak site is configured to use SSO via an Active Directory connection over LDAP, then it will not allow anonymous authentication, thus preventing audits from being POSTed. This article describes how to enable anonymous authentication on a single ASP page to allow TrakPC to POST audit information without allowing the rest of the site to be accessible via anonymous authentication.

These steps are only necessary when your site is configured for SSO when using the Active Directory authentication type. No additional configuration is needed for sites that are utilizing other supported third-party Identity Management authentication methods, such as  AD Federation Services, Azure AD, or OAuth 2.0 / OIDC.

Steps:

From your Issuetrak Web server:

  1. Open IIS Manager and locate your current Issuetrak site.
  2. Right-click on your Issuetrak site and select Switch to Content View.
  3. You should see a list of all files and folders on your Web directory.
  4. Locate the Inv_TrakPC_URLSubmit.asp file.
  5. Right-click the file and choose Switch to Features View

You should now be viewing the Web server settings for only this file.  You can verify this by looking at the header near the top of the Features view.  The header should read "Inv_TrakPC_URLSubmit.asp Home". 

  1. Find and double-click the Authentication setting. 
  2. Enable Anonymous Authentication.
  3. Disable Windows Authentication.
  4. Select your Issuetrak site along the lefthand side and verify that it still has Windows Authentication enabled.
  5. Follow steps 2 through 6 again and verify that "Inv_TrakPC_URLSubmit.asp" still has Anonymous Authentication enabled.

Additional Steps for ScanPC

If you're using ScanPC, then it is necessary to verify that the site's Application URL is correct. Audits won't POST to the site if it is incorrect.

  1. Sign in to your Issuetrak site as a SysAdmin.
  2. Click the gear icon in the upper right > click on Defaults beneath System.
  3. Verify that the Application URL is correct.

Post-Configuration Testing

You should verify that audits will POST to the site after completing the steps above.

ScanPC (if enabled)

  1. Navigate to your Issuetrak site.
  2. Download and run ScanPC.
  3. Verify that the audit was successfully added to Issuetrak.

TrakPC/TrakMac

  1. If you have a TrakPC or TrakMac login script or batch file, locate it and manually execute it from the machine that you want to audit.
  2. Verify that the audit was successfully added to Issuetrak.