Setup and Configuration Guide
Configuring SOSOS
The run-time settings for each member of the SOSOS suite are contained in XML-based configuration files with a file extension of “.config”. For example, the settings for the SOSOS.exe application are contained in a file called SOSOS.exe.config.
To launch the configuration utility inside the SOSOS application, you use the main menu to select Setup and then click on Configure SOSOS. Changes made are not effective until the program is restarted.
Required Settings
The first configuration “tab” contains settings that must be configured prior to running many of the SOSOS applications.
The Database Provider and Connect String information is required for database functionality. The Use Ping Validation setting determines if an ICMP “ping” will be used to verify that a remote PC is online prior to attempting a connection.
Database Settings:
- Database Provider – Pull-down list of supported providers
- Connection String – The location and login information to the database
- Encrypt the Connection String – Should the Connection String be encrypted in the application’s config file
Note: Use the button to the right of the pull-down to launch a utility that will help you choose a database provider and build the connection string.
Error logging Settings:
- Error Log File – The path to a file that everyone can access and write to
- Error Logging Level – Full, Errors Only, None
Ping Remote PCs before connecting:
- Use Ping Validation – Use “ping” to verify that a remote PC is online
Feature Selection
The Feature Selection “tab” allows an administrator to select which features should be used when collecting data. This can be useful in speeding up the collection of data by disabling features that are not required.
Note: The feature selection settings are useful for performing a “one-off” scan of the network, where you are only concerned about a few features. This technique works best when you collect the data into a separate database (otherwise existing entries in the database will be deleted and replaced with just the few features selected).
Polling Defaults
The Polling Defaults “tab” will set the defaults used by SOSOS to control polling options, set the location and detail level of the log file, and set the default settings to be used to generate the list of PCs to be polled.
Note: Not all settings are applicable to every polling method.
Set the default values used during polling:
- Poll Timeout – Number of minutes to wait before SOSOS will “abandon” the polling of a “stuck” PC and move on to the next PC on the list.
- Concurrent PCs – Number of PCs to concurrently scan. Increasing this setting will make the polling of PCs run faster, but will put additional strain on the one PC performing the polling.
- Poll Log Directory – Path to a directory where that poll log file will be generated. The file name portion of the poll log file is generated automatically and contains the current date (i.e., PollSOSOS_yyyyMMdd)
- Poll Logging Level – The level of details that will appear in the log file (choices are Full, Errors and Summary, Summary Only, or None)
- Domain – Name of the domain/workgroup to be used to generate the list of PCs
- OU Filter – The “distinguished name” of an Organizational Unit used to generate the list of PCs, i.e., OU=Sales,OU=NorthAmerica,DC=SomeDomain,DC=com (used in Poll By AD Domain only)
- PC Name Filter – The name of a single PC or wildcards used to “filter” the list of PCs, (i.e., SALES*)
- Age of the Record – the age of the database records used to generate the list of PCs (used in Poll By Age only)
- Path to PC List File – The full path to a text file that contains a list of PCs (one per line) that will be polled (used by Poll By File only).
Note: These settings are just the defaults… they can be changed during run time.
The SOSOS application provides an opportunity to change these setting via a form prior to polling. See the User’s Guide for additional details.
Note: You may need to experiment with the value for the Concurrent PCs to file the optimum setting for your environment.
Feature Settings
The Feature Settings tab is used to change the way certain features work. The settings for the Events control how much event log data is collected. The File/Server settings are used for gathering login, version, and server status. The File Information List and Registry List allow an administrator to gather information about an ad-hoc list of files and registry keys.
Note: Event log data is often huge and might take several minutes to collect (particularly on servers). Use these feature settings to limit the amount of data collected and thereby speed up the collection process.
Events:
- Filter by number of lines – stop collecting event data after this many rows. A setting of 0 means to collect all events.
- Filter by number of days – collect only the event data for the previous days indicated. A setting of 0 means to collect all events.
Note: When used together, data gather stops when either filter condition is “satisfied” (a logical OR condition).
Files/Servers:
- Last Login Filename – The path to a text file on each PC that contains information created during login. The last modification date of the file is used by SOSOS to determine the last time anyone logged into the PC.
- Install Version Filename – The path to a text file on each PC that contains a description of the PC’s “Revision Level”. Organization might use a master image of a PC for “cloning” other PCs. This provides a method of keeping track of the version of the master image applied to each PC.
- SUS Server – The URL to the Microsoft Windows Server Update Services (WSUS) server. Corporate organizations often provide their own server for distributing updates. If your organization doesn’t use WSUS, leave this field blank.
File Information List
- Ad-hoc list – A list of files that SOSOS uses to collect size, version, and modification date information for the FileInfo table. Enter one file name per line.
Registry List
Ad-hoc list – A list of registry keys that SOSOS uses to collect registry values for the Registry table. Enter one registry key per line.
The File Information List and Registry List features are designed to satisfy the needs for information that might be specific to your organization without the need to modify and recompile the application. Administrators can merely edit the configuration file to start gathering this “ad-hoc” information.
User Settings
These settings control the program’s visual defaults that each user may customize.
Note: The user’s default settings are automatically saved when exiting the program. These settings are retrieved and applied the next time the application is launched.
Default User Setting:
- Default View – Which SOSOS view is the default. Choices are Report, Text, and Grid
- Include Details – Determines if the Text view, saved Text Report, or printed Text Report includes a lot of details. Use this setting to reduce the size of the report by not including details.
- Default Font – The default font used throughout the program
Note: These settings are the defaults for new users of the application. They have no effect on existing users who may have already saved these settings.
Additional Text File Configuration
The SOSOS suite uses several text files that may need to be created or text files that may require permissions to be set.
Error Log: The Error Log file needs to be created on a network share where it is available to all users on the network. This file requires read and write permissions for users of the application.
Last Login: The text file used by the Last Login feature is typically created from a login batch file. The batch file might include the following commands:
echo %USERDOMAIN%\%USERNAME% > C:\Utils\User.txt 2>nul
Note: The contents of the file are not relevant…SOSOS only uses the last modification date of the file.
Appropriate permission would be required for all users to create or overwrite this file.
Install Version: The text file used by the Install Version feature is created when the PC is first loaded. It contains the “signature” of the master image used to clone the PC. The format of the file looks like this:
v1.2.1<tab>
<tab><tab>Short description of image v1.2.1
<blank line>
v1.2.2<tab>15 Jan 2006
<tab><tab>Changes made from v1.2.1 to v1.2.2
Note: Only the last line that starts with the letter “v” is used.
Users only need read access to this file.
Database Setup
The SOSOS suite does not have a built-in database… instead it relies on a 3rd-party database application to store its information.
Note: A database is not absolutely required. However a lot of SOSOS functions are designed around a database and will be disabled when a database is not configured.
SOSOS is designed to record the most current information into the database. This means that older records are completely replaced with new records. Therefore, the database does not contain a “history” of previous data. If your organization requires historical data, then you should consider downloading the optional BackupSOSOS source code from the SOSOS web site to create archive copies of the live database.
Supported Databases
SOSOS can use any database that is supported by the .Net Framework. The choice of database “providers” and “drivers” (particularly with the OLEDB and ODBC driver) allows support for practically every database. The more common databases used are:
- Microsoft Access Database File
- Microsoft ODBC Data Source
- Microsoft SQL Server
- Microsoft SQL Server Database File
- Oracle Database
Microsoft SQL Server Express Edition is an excellent choice and is available as a free download at: http://msdn.microsoft.com/vstudio/express/sql/download/.
Prototype Files
As part of the setup of SOSOS, you will be required to create a database. To aid in the creation of this database, the SOSOS Distribution Kit includes two files that can be used as a “prototype”.
- Empty.sql – SQL script suitable for Microsoft SQL Server
- Empty.mdb – Microsoft Access database (use “as is” or as a prototype)
Most databases have a migration tool that will take a Microsoft Access “mdb” file and convert it into the native structure. Alternately, you can use the provided set of SQL scripts to create the database.
The exact steps required to create a database is highly dependent upon the database vendor and is beyond the scope of this document. It is recommended that an experienced database administrator perform these tasks.
Note: When migrating, make sure that the primary key and foreign key constraints are successfully converted from the prototype.
Additional Requirements for Remote PCs
In order to successfully obtain SOSOS data from a remote PC, all of the following must be true:
- You are an administrator on the Remote PC
- Firewall settings must allow “Remote Administration” traffic to pass
- Remote Registry services are installed (Not preinstalled on Win9x clients)
- An “administrative” share (i.e., C$) is available (Not preconfigured on Win9x)
Administrator Account
The account used on the local PC to gather information on a Remote PC must be in the administrators group on the Remote PC. Typically, you’d use an account that’s in the Domain Administrators group to remotely gather SOSOS data.
The User Account Control (UAC) feature of Windows Vista doesn't allow for a connections to a remote Windows Vista PC when the user in logged in via a local account. This isn’t normally a problem, since members of the Domain Administrators group are “domain accounts” and not a “local accounts”. However, in a Workgroup environment (where you only have local accounts), you must disable UAC on the Remote PC.
From the Control Panel, click on User Accounts, and click on “Turn User Account Control on or off”. Clear the checkbox and press the OK button. (This change will require a reboot).
Firewall Settings
A common requirement is to configure the firewall settings for Windows XP SP2 clients to allow for “Remote Administration”. You can use a Group Policy Object (GPO) or use the following command line on each PC:
netsh firewall set service RemoteAdmin enable
For additional information on configuring the WinXP Firewall to allow Remote Administration traffic, see: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp.
For Windows Vista, the technique used to allow remote connections via WMI is a bit different.
From the Control Panel, click Security, click Windows Firewall, click Change Settings, and then click the Exceptions tab. In the Exceptions window, put a check for the item Windows Management Instrumentation (WMI). Alternately, you use the following command line:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
For additional information, see: http://msdn2.microsoft.com/en-us/library/aa822854.aspx
The Windows Vista firewall may also need to be configured to allow File and Print Sharing.
Remote Registry Services
By default, Windows Vista has the "Remote Registry" service set to Manual and it is stopped. So, in order to connect to a remote Windows Vista PC, you'll have to set the service “start type" to Automatic (and start the service).
From the Control Panel, click Administrative Tools and then click Services. Select the “Remote Registry” service and change the Start Type to Automatic.
Administrative Share
All modern operating system have a C$ “Administrative Share” that is configured to allow administrators to gain access to the drive remotely. SOSOS typically does not require any changes to the default configuration.
Additional Notes
Some Microsoft operating systems do not allow Remote Administration at all. Both Windows XP Home Edition and Windows Millennium have the Remote Administration feature deliberately disabled.
Note: That means that you can not use SOSOS to gather information remotely from a PC running WinXP Home. But, obviously SOSOS works just fine when run locally on WinXP Home.