Unauthorised software and devices & asset mgmt

A couple of questions:

1) Is there any way to audit in your AD:

1a) Non approved devices that have connected to your Network - and report immediately to an admin for investigation?

1b) Non approved software that has crept on to either one of your Servers or Workstations (do you create an approved list of allowed software)

1c) And major change to say a baseline workstation, such as opening ports, changing services, changing user perms etc

1d) Exact versions of software running on devices

In terms of 1b - If users dont have local admin authority, is there still a need to audit what software has crept onto their machines

What tools would you recommend can cover the above?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Leon FesterSenior Solutions ArchitectCommented:
Is there a way to see this information from Active Directory?
No, AD doesn't store this information.

But, you can do all of the above with system management tools like SCCM, Altiris, Radia, etc
But none of them are free.

There are free tools though are none enterprise tools and need to be run against local machines.

All of these software requires that you baseline your infrastructure first, then report on deviance's afterwards.

Your actions would be to:
1. Get the tool,
2. Deploy the tool for inventory gathering
3. Run scheduled scans and report on additions.

I think the biggest challenge you will have is that you currently don't have any control on your network. So creating a baseline for all systems wouldn't be possible, you'd have to baseline per machine.

You'll notice a common thread in my post about standardizing and getting control over your network by putting in the correct processes and procedures. Only THEN will you be able to effective manage your network and pass your PCI compliance.

Often when people learn that they will be audited they go into a flat panic and want to fix each item that broken....I've seen people pull out their hair over not getting things done before AUDIT. STOP!

You can get through audits, but recording where your problems and as long as you can mitigate the risk then you're fine, until the next audit.
Risk mitigation is as simple as telling them why it's broken, how you intend to fix it and by when you'll fix it.

If you have a decent auditor then he/she will followup on your dates.
This not a plan to NOT do the work, but by showing them that you're planning to fix it you can give yourself some time to breath and fix it properly...not just patch the hole each time.

Ultimately you want to get to a managed network.
That way, once you're compliant, you shouldn't need to spend 4 months getting ready for audit..because you've got the right procedure in place to extract the required information.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.