WinAudit Documentation

WinAudit comes with its documentation. To view the help, on the menu bar, select Help -> Using WinAudit.

For the latest unstable version download   WinAudit v3.0.33

For the latest 64-bit unstable version download WinAudit64 v3.0.31

1) Introduction

WinAudit is a free software utility that collects information about Windows® based personal computers. The programme is a single file that requires no installation. WinAudit is designed to produce a comprehensive audit with virtually no effort in a few seconds. You can save the output in web page, rich text and comma separated formats. Exporting to popular database is supported. WinAudit can be run at the command line allowing you to automate your data gathering.

2) What's New

Version 3.0.8

Bug Fix: Missing Automatic Updates in SQL report (thanks RedErik)

Version 3.0

Bug Fix: Monitor detection bug (thanks Jiri S.)
Bug Fix: Missing Windows product ID on some systems (thanks Jiri S.)
Bug Fix: ISO8601 conformat timestamps for SQL Server (thanks Miroslav P.)
Added: IP Routing table (thanks James R. for suggestion).
Dropped: Support for Windows version prior to XP.
Dropped: Printing.
Dropped: Export data to Oracle™ database.
Dropped: Save report in chm, pdf and formatted text and xml formats.
Dropped: The lengthy tasks of finding files and listing system files.
Changed: Command line options.
Added: OLE DB Drivers.
Added: Timestamps in the command line (thanks Aaron J. for suggestion and testing).
Added: Support for PostgreSQL (thanks Lukasz Dargiewicz for suggestion and testing).
Bug Fix: Missing manufacturer name in data posted to database (thanks Aaron J.)
Bug Fix: Output file path truncation at full stop (thanks Ken C.).
Added: Additional security related policies and settings.
Added: Detect software installed by the current user.
Bug Fix: Missing data for executables in XML output of (thanks Satu K.).
Bug Fix: Invalid characters in XML output (thanks Satu K.).

Version 2.29
Change: On XP and newer the Maximum Swap File is the system wide value.
Added: Display resolution in pixels.
Bug Fix: Missing processor information (thanks Perry M.).
Bug Fix: Incorrect processor counts (thanks Stuart).
Change: List physical rather than logical processors.
Bug Fix: Updated list of Windows Editions (thanks Trevor L.).
Bug Fix: Missing logon statistics in XML output (thanks Volker S.).
Bug Fix: Incorrect characters in hard drive serial number (thanks Stephen R.).
Bug Fix: Typo 'Communication' in the database table Display_Names (thanks Eric O.).
Bug Fix: Failure when creating SQL Server 2000 database (thanks Fabien M.).
Bug Fix: Missing error log data when run from command line (thanks Trevor D.).
Bug Fix: SQL Server database now created in auto-commit mode (thanks Greg H.).
Bug Fix: Missing SMBIOS information (thanks Christophe M.).
Bug Fix: Duplicated number of bits in operating system name (thanks Christophe M.).

Version 2.28
Finnish translation of the user interface contributed by Rami Aalto.
Bug Fix: Missing printer information in XML output (thanks Joao G.).
Added: The Operating System's bit size.
Bug Fix: Incomplete image names for HTML pages(thanks Steven F.).
Bug Fix: Missing serial number on some systems (thanks Brian G. and Tom H.).
Bug Fix: Removed duplicate software titles (thanks David R.).
Added: Find non-Windows executables.
Added: The operating system's installation language.
Added: User logon statistics.
Added: Software metering.
Added: Open Database Connectivity drivers and source names.
Added: Tabular format for export of audit to a database.
Bug Fix: Hard drive information missing on some systems (thanks Ismael S.).
Added: Added account name and file path to the Services category.
Bug Fix: System Management BIOS missing on some systems (thanks Ismael S.).
Updated: French (Belgium) translation of the user interface by Pierre Bierwertz.
Change: Some network data items now require Windows 2000 with Service Pack 4.
Updated: Turkish translation of the user interface by Nejdet Acar.
Bug Fix: Mal-formed XML output of binary data (thanks Josh K.).
Added: Command line switch to specify the maximum event log entries to be reported.
Change: Horizontal page breaks for PDF, Preview and Printing.
Change: Report only unique messages from system error logs.

Version 2.27
Traditional Chinese translation of the user interface contributed by Minson (Unicode only).
Bug Fix: Incorrect version of Spybot reported under certain conditions.

Version 2.26
Danish translation of the user interface contributed by Rasmus Bertelsen.
Slovak translation of the user interface contributed by SlovakSoft (Peter).
Updated: Korean translation (sushizang).

Version 2.25
Japanese translation of the user interface contributed by Nardog (Unicode only).
Bug Fix: Missing hard drive details (thanks Stephen R.).

Version 2.24
Thai translation of the user interface contributed by Pongsathorn Sraouthai.
Added: Security permissions on shared folders and printers (NT4+)
Added: Identification of multiple displays.
Change: Restructured the category Installed Software.
Change: Removed the Last Access Time of a file in the category Find Files.
Checked: Windows® Server 2008 Beta.

Version 2.23
Korean translation of the user interface contributed by sushizang (Unicode only).
Added: When a file was last accessed in the category Find Files.
Bug Fix: Incorrect command line timeout of 1 minute (thanks James B.).

Version 2.22
Updated: Russian translation of the user interface contributed by Valeri Kruvyalis.
Bug Fix: Programme crash in Installed Software step on Vista™ (thanks to many).
Bug Fix: Start-up failure with the message 'Failed to set a property' (thanks Clever M.).
Bug Fix: Document font style error (italic/bold).
Updated: Detection of product identifiers in Software Licenses section.
Change: Name changes consistent with the Common Information Model specification.
Updated: Specification updates and minor changes to System Management BIOS.
Change: Timeout on listing of updates via the Windows® Update Agent.
Typo: Fixed error on PDF dialog (thanks Hug).

Version 2.21
Portuguese (Brazilian) translation of the user interface contributed by Roman Dario Cuattrin.
Updated: Portuguese translation of the user interface contributed by Dick Spade.
Hebrew: Fixes for right-to-left word ordering.

Version 2.20
Hebrew translation of the user interface contributed by Eli Ben David.
Greek translation of the user interface contributed by George Kaub.
Added: Bi-Directional user interface.
Bug Fix: Bad font name results in empty PDF pages, print preview failure and permanently hidden menu bar (thanks Timo A.).

Version 2.19
French (Belgium) translation of the user interface contributed by Pierre Bierwertz.
Re-instate: Hard disk details in non-administrator mode on Windows® NT4, 2000 & XP.
Added: ANSI version runs in the pre-installation environment.
Bug Fix: Display capabilities missing when Extended Display Identification Data is unavailable.
Change: Report domain membership in preference to authenticating domain (Windows® 95, 98 & Me).

Version 2.18
Polish translation of the user interface contributed by Marek Kordiak.
Rollback: Incorrect build procedure causing crashes and aborts (thanks Jac H./Earnie D.).
Bug Fix: Potentially invalid XML document if unable to obtain Update Agent data.
Added: Export data to Microsoft® Access 2007 and Firebird® 2.0 databases.
Added: Report the computer's dynamic site name.
Bug Fix: Missing network information on certain systems.

Version 2.17
Bug Fix: Incorrect hard drive information (thanks I. Stern!).
Database: Export at command line via a DSN-Less connection.
Added: Display adapter/graphics card information.
Added: Printer driver details.
Added: Environment variables.
Added: Selected Regional Settings.
Bug Fix: Command line ODBC error (introduced in v2.16).
Bug Fix: Missing data when there are many items (introduced in v2.16).

Version 2.16
Indonesian translation of the user interface contributed by Teguh Ramanal.
Vista™: Implement/fix software usage, system restore and WMI authorisation.
Added: Database export via machine independent data sources (File DSN).
Added: Support for Remote Desktop/Terminal Services environment.
Added: Support for the pre-installation environment (Unicode version).
Accessibility: Visually impaired colour scheme behaviour.
Added: Popular anti-spyware software to the Security category.
Added: Display identification to the Display Characteristics category.

Version 2.15
Serbian(Latin) translation of the user interface contributed by Pera Konc.
Vista™ ready (provisional). This operating system is being developed.
Detect Internet Explorer® 7 and Windows® Mail.
Support for Task Scheduler 2.0 .
Windows Update Agent information added to Installed Software.
Save output in compiled html (chm) format.
Bug Fix: Incorrect line colour in normal contrast mode.

Version 2.14
Save output using Media Access Control (MAC) Address.
User interface improvements.
Change: Html output in command line mode is now saved as frames.
Update: Turkish translation.

Version 2.13
Turkish translation of the user interface contributed by Nejdet Acar.
French translation of the user interface contributed by Fabrice Cherrier and Pages Ludovic.
Bug Fix: Replaced Non-ASCII characters in URI attribute of FRAME tag in html document.

Version 2.12
Hungarian translation of the user interface contributed by Viktor Varga.
User interface visual and presentational style changes.
HTML copy, bitmap compression and PNG format for images.
Scaleable fonts for PDF document.
Set translation language on command line.

Version 2.11
Dutch translation of the user interface contributed by Ivan Laponder.
Additional system wide and user account password information.
Save report in XML format with associated xml-to-html style sheet.
Disk and memory usage image filenames use the computer's name as a prefix.

Version 2.10
Russian translation of the user interface contributed by Valeri Kruvyalis.
Improved handling of non-Latin characters.
Added a facility to save diagnostic disk and storage information.
Bug Fix: Incorrect and/or duplicate disk information on certain multi-disk systems.
New Features in Version 2.09
German translation of the user interface contributed by Michael Klein-Reesink.
New Features in Version 2.08.2
Bug Fix: Missing network shares on some operating systems.
Added site name to the System Overview section.
Added discovery of 'Media Edition' for Windows® XP.
Added computer description to the System Overview section.
System restore points displayed in descending sequence of creation.

Version 2.08
Portuguese translation of the user interface contributed by Dick Spade.

Version 2.07
Czech translation of the user interface contributed by Karel Michal.
Changes: A few data item names have been modified.
Bug Fix: Missing uptime statistics in CSV output.
Bug Fix: Missing user accounts on some operating systems.

Version 2.06.x
Minor updates and bug fixes:
- Security: added programmes permitted to execute data.
- Security: added dates of system restore points.
- PDF: added bookmarks to document.
- Database: improved concurrency.
- Bugs: fixes for PDF permissions and processor numbering.

Version 2.06
Italian translation of the user interface contributed by Roberto Tresin.

Version 2.05
Added a facility to log audit messages and activity.
Added a facility for user friendly message in command line mode.
Fixed wide/international character bugs.

Version 2.04
Added processor APIC physical identification, logical count and number of cores.
Added detection of Windows® 2003 Server R2.
Added a facility to save raw processor data (CPUID) to a text file.
Corrected a System Management BIOS bug.

Version 2.03
Export report to Microsoft® SQL Server 2005 database.

Version 2.02
Added command line timeout option.

Version 2.01
Spanish translation of the user interface contributed by Juan Miguel Martí.

Version 2.0
This version of WinAudit is a significant improvement upon earlier releases. The programme reports on virtually every important aspect of computer inventory, configuration and operation. WinAudit displays results in web-page format, categorised for ease of viewing and text searching. Whether your interest is in software compliance, technical support, security or just plain curiosity, WinAudit has it all. The programme now has advanced features such as service tag detection, hard-drive failure diagnosis, network port to process mapping, network connection speed, system availability statistics as well as Windows® update and firewall settings. WinAudit is able to export audits to enterprise level databases such as Oracle®, SQL Server® and Firebird®. The programme auto-detects transaction capabilities to optimise record insertion and can be used in bulk insertion mode where concurrency and network traffic issues are important. Server side time stamping and logon authentication ensures that you have an audit trail of every audit posted to the database.
- Software licenses, usage and Windows® Installer data.
- Operating system details.
- Security settings, audit logs, open ports and updates.
- Groups and user accounts.
- Windows® networking details.
- Hardware devices and their state.
- System Management BIOS information.
- Extensive processor information.
- Physical disk detection.
- Information on services.
- List of loaded modules.
- File searching.
- Save report in portable document format.
- Enhanced printing and document previewing.
- Database export to Oracle® and SQLite.

Version 1.3
Added e-mail support.
Added BIOS information.
Additional drive information.

Version 1.2.4
Minor change to command line support.
Minor changes to help documentation.

Version 1.2.3
Included export of audit report to dBase™ and Firebird® databases.

Version 1.2.2
WinAudit issued under Freeware license.
Executable Compression by UPX.

Version 1.2.1
Minor ODBC bug fix on Windows® 98.

Version 1.2
Added ODBC database support.
Added XML support.
Added command line support.
Improvements to user interface.

Version 1.1
Overall improvements in performance.
Minor bug fixes.

Version 1.0
Initial release.

3) Install/Remove WinAudit

3.1) System Requirements
WinAudit runs on the Windows® operating system and requires XP or newer.

3.2) Installing WinAudit
WinAudit is 'ready to run'. It has been designed so that you do not need to go through a setup procedure. The programme neither installs files onto the computer nor modifies the system registry. WinAudit is a well-behaved auditing programme in the sense that it attempts not to alter the computer it is examining.
Tip: to create a shortcut on your computer's desktop select: File + Desktop Shortcut

3.3) Removing WinAudit
Because WinAudit did not install any files onto the computer, there is no un-install procedure. Delete the programme file WinAudit.exe and possibly WinAudit.ini that may have been created. If you created a desktop shortcut, you should delete that as well.

4) Frequently Asked Questions

Q1: How Much Does WinAudit Cost?
WinAudit is freeware, which means that it comes at no cost whatsoever. You may make as many verbatim copies of the programme as you desire and distribute them to anyone. Under no circumstances are you allowed to charge for the software itself. Parmavex Services retains the right to change its licensing policy for future releases of the programme.

Q2: Can I Send You a Message?
Send a message to winaudit_at_parmavex_dot_co_dot_uk. Be sure to include WinAudit in the subject otherwise it will be automatically deleted. We receive a lot of e-mail concerning WinAudit, so we tend to prioritise messages. Reported bugs and programme misbehaviours will receive our highest attention. Requests for feature additions or clarification of the report will generally get a prompt reply.

Q3: I Did Not Receive a Reply to My E-mail
To get a prompt reply be sure to send your message to winaudit_at_parmavex _dot_co_dot_uk and include WinAudit in the subject. If you did that, re-send your message as it may have been inadvertently deleted along with the daily dose of spam.
Parmavex Services automatically rejects email with suspect content or originating from mail servers known to send unsolicited e-mail. In general, neither you nor us will receive notification that this has happened. Some Internet providers, in an effort to reduce spam, are using 'white lists', that is they will only accept e-mail from people who have manually registered themselves on their list. Consequently, your Internet provider may block our reply to you.

Q4: When Is The Next Update Due?
We do not have a schedule of regular updates. Improvements are made on an ad-hoc basis depending on the time available and requests from users. In general, if a bug is found this is corrected as quickly as possible. We do not keep mailing lists or send e-mail alerts. If you are interested in programme updates you should check our website.

Q5: Can I Audit a Remote Computer?
No, for security and performance reasons WinAudit has been specifically designed not to audit a remote/networked computer. The programme's small size, no setup and Freeware license means that you can readily copy it to a networked computer. The programme can be executed in batch or user mode and reports obtained by means of a network save, database export or e-mail. Alternatively, run the programme in the remote desktop environment.

Q6: Why Does WinAudit Show IP Address 0.0.0.0?
Most probably, you are connected to the Internet via a dial up connection. Developing a robust method for determining the IP address while using a modem is problematic. Also, for computers configured to obtain a dynamic address from a DHCP server, this value may be 0.0.0.0 and the item DHCP IP Address will show the leased address in use.

Q7: Hey, That's Not Correct!
WinAudit reports information as found on your computer. If the original data is incorrect or missing, the report will simply reflect that. Some types of information, such as System Management, are known to be error prone. Further, if the operating system does not support certain functionality or forbids it, the programme cannot report it. If you are in doubt about something in the audit report send it to your IT support person for an opinion. If you think you have discovered a bug in the programme you can send us a message to winaudit_at_parmavex_dot_co_dot_uk.

Q8: A Software Product ID Is Not Shown
Guidelines exist for where software vendors should store their product information. Most vendors follow these but it is not a requirement. WinAudit looks in these recommended places and other specific locations used by popular software. If, for some reason, the software vendor has not followed the guidelines, changed their habitual storage location or simply chosen to store the information in some proprietary manner WinAudit will not be able report on it.

Q9: Does WinAudit Show Installation Keys?
No. WinAudit shows Product IDs, these are not installation keys. Typically, the product ID is presented to you during installation of the software. It is often found on the 'Help + About' box and is used to register the software. Installation keys are those that are found on original packaging, software certificates or license agreements. WinAudit does not attempt to recover lost installation keys.

Q10: Can WinAudit Search for Files?
No. That feature has been removed as it usually results in very lengthy run times.

5) Auditing Your Computer

Start Windows® Explorer and go to the folder where you saved WinAudit.exe, double-click on the programme to start it. Normally, the programme will automatically begin collecting data. If not, click the Audit button on the toolbar.

WinAudit can generate copious amounts of information that is of interest only to the specialist user. To tailor the audit report's content, on menu select View + Audit Options and check the boxes that interest you. Next, click Apply to start auditing your computer.

System Overview
The computer's identification, asset/service tags and an overview of its resources.

Installed Software
Itemised list of installed software, licenses, usage etc.

Operating System
Name, registration and version details.

Peripherals
Lists standard peripherals as well as network printers for which connection information is stored locally. WinAudit does not interrogate remote/networked peripherals.

Security
Entries from the security log, open ports, important security settings as well as software and updates.

Groups and Users
Groups and user accounts. Includes details on policies, password ages etc.

Scheduled Tasks
Lists the programmes set to run at scheduled intervals.

Uptime Statistics
Statistics based on system availability, start-ups and shutdowns.

Error Logs
Errors posted by the operating system, services and applications to system log files.

Environment Variables
The environment variables used for running process.

Regional Settings
Date, time and currency settings used by the current user.

Windows Network
Details of connected sessions, files in use and shared resources.

Network TCP/IP
Shows adapter names, IP addresses and other network related parameters.

Hardware Devices
A list of devices in and attached to the computer.

Display Capabilities
A summary of the displays characteristics and supported features.

Display Adapters
A list of the computer's display adapters, also known as graphics cards.

Installed Printers
Locally installed printers, network printers are ignored by design.

BIOS Version
System and video identification and dates.

System Management
Extensive information ranging from chassis to system slots to memory devices.

Processors
Name, speed, instructions, cache etc.

Memory
RAM and swap file usage.

Physical Disks
Disk detection showing capacity, manufacturer, serial number etc.

Drives
Details of usage and geometry. Network drives are ignored by design.

Communication Ports
Parallel and serial ports for peripherals.

Startup Programs
Itemised list of automatically started programmes .

Services
Itemized list of installed services

Running Programs
List of programmes currently in use with a brief description and memory usage.

ODBC Information
The Open Database Connectivity drivers and data source names found on the computer.

OLE DB Drivers
The OLE DB drivers installed on the computer.

Software Metering
Shows a list of programs that have been used and how often.

User Logon Statistics
Shows summary statistics of the users that have logged on to the computer.

6) Audit Report

6.1) System Overview

This category gives an overall summary of the computer's identification and resources.

Computer Name
The name that identifies the computer on a network. Names are usually in upper case and unique on a given network.

Domain Name
The domain or workgroup, if any, to which the computer belongs. A domain is a set of computers that has access to a centralised database of user account and other information.

Site Name
The site or location of the computer. This is Active Directory® functionality and requires. By design, only the local computer is interrogated for this information. If a dynamic site name can be discovered it will be reported in preference to a static name.

Roles
The services or functions that the computer fulfils such as Workstation, Server, Primary Domain Controller etc.

Description
An administrative description or comment about the computer.

Operating System
Combined description of the operating system using its name and edition or release.

Manufacturer
The system or chassis manufacturer as recorded in the BIOS.

Model
The model of the computer. This is the “Product Name” designated by the manufacturer in the BIOS.

Serial Number
The system or chassis serial number as recorded in the BIOS. Sometimes referred to as the service tag.

Asset Tag
The asset tag number as recorded in the BIOS.

Number of Processors
The number of physical processor packages detected.

Processor
Combined description using its name and speed. The name is obtained from the processor itself or is resolved from its signature and physical characteristics. Speed in is MHz and is either estimated over a number of processor cycles or taken from the registry. On multi-processor systems, only data for the first one is shown.

Total Memory
Amount of installed random access memory in MB. WinAudit adopts the most widely used convention that 1MB = 1024*1024 bytes = 1,048,576 bytes.

Total Hard Drive
Sum of the capacities of all local hard drives, commonly expressed in GB.

Display
A description of the display such as its size.

BIOS Version
The version of the system BIOS as reported in the system registry.

User Account
The name of the user logged onto the system.

System Uptime
The length of time since the system was turned on (booted).

Local Time
The date and time in YYYY-MM-DD HH:MM:SS format of the computer's local time.

6.2) Installed Software

This section shows the software installed on the computer. Installation usually involves some form of setup procedure. It may have occurred manually or automatically and may have used a generic installation programme or the one provided by the Windows® operating system. Because different software publishers adopt different procedures when installing software, WinAudit searches in several places to discover the information. Software that has simply been copied onto a machine (e.g. WinAudit) has not been installed, so it will not appear in the list. Necessarily, software that masks its presence will not be found.

Active Setup Software

This section shows Active Setup software components. Active Setup is a method of downloading software to keep applications up-to-date. This normally happens when a user visits a software vendor's website. The components themselves often form part of a larger software application.

Name
The name of the software component.

Version
The version of the software component.

Installed
Indicates if the software is installed. Normally this item is 'Yes' or 'No'. However, if the software component has not registered its installation status this data item will be blank.

Installed Programs

This section shows software installed on to the computer using a setup programme. The amount of and how this information is stored during setup is at the publisher's discretion. In general, most publishers do not record the install date or version in a standard way. Where possible software usage data is also shown.

Software usage data presented in this is read from the operating system's so-called Add/Remove Programs cache. This data is of low quality hence it should be used with caution.

Name
The name of the software typically as recorded in the system registry.

Vendor
The publisher or manufacturer of the software.

Version
The version of the software, if any, This information is supplied at the discretion of the software vendor. Only a minority choose to record this in a standard machine-readable format.

Product Language
The language of the software, expressed in English e.g. Greek.

Install Date
The date on which the software was installed. Note, the recommended guidelines for installing software do not make provision for recording this date. If present, it usually takes a YYYYMMDD form, i.e. a four digit year followed by a two digit month then a two digit day. For example, 20050630 would be June 30, 2005. Other formats are not uncommon.

Install Location
The location of the installed software.

Install Source
The location from where the software was installed.

Install State
The state of the software e.g. Installed or Absent. Requires that the software was installed using Windows® Installer.

Assignment Type
The visibility of the software on the computer, either Per Machine or Per User. In the former case this means that the software is installed or advertised for use by all user accounts on the machine. Requires that the software was installed using Windows® Installer.

Package Code
The identifier of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Package Name
The name of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Local Package
Where the package is stored locally, from which the software was installed. Requires that the software was installed using Windows® Installer.

Product ID
The product identifier of the installed software. WinAudit shows product identifiers, not installation keys.

Registered Company
The company registered to use the software. Requires that the software was installed using Windows® Installer.

Registered Owner
The owner registered to use the software. Requires that the software was installed using Windows® Installer.

Times Used
The number of times the software has been used during the last 30 days. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Last Used
The date on which the software was last used formatted according to the user' settings. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Executable Path
The location of the executable file used for determining how often the software is being used as described above.

Executable Version
The file's version number. This data, if present, was embedded in the file when it was created by its vendor.

Executable Description
A description of the functionality the file provides. This data, if present, was embedded in the file when it was created by its vendor. Requires Windows® 2000 or newer.

Software ID
The identifier for the software, typically the name of a registry key.

Software Updates

This section shows the updates installed on the computer. Other installation event types, such as failures, are ignored. Both operating system and software application updates are presented here. Note, the operating system can be reported as an update if it has been itself upgraded, e.g. Windows® 98 to Window® XP.

Update ID
The identifier of the update, not necessarily unique. Typically a Knowledge Base (KB) number but can be in any format.

Installed On
The date the update was installed. If possible dates are presented in ISO format (YYYYMMDD).

Description
A description of the update as specified by the publisher.

6.3) Operating System

Administrative and compliance details concerning the operating system.

Name
The name of the operating system. e.g. 2008.

Edition
The edition, also known as the release, specifies the variation of the operating system. For example, Home Edition, Professional Edition or Enterprise Edition. Note, there many editions and WinAudit has not been, nor is ever likely to be validated on all possible name-edition combinations of the Microsoft® Windows® operating systems.
A computer that has had the Small Business Edition of the operating system installed will continue to identify itself as such, even if it has been upgraded to another edition such as Standard or Enterprise.

Install Date
The operating system installation date formatted according to the user's settings.

Registered Owner
The person to whom the operating system is registered as recorded in the system registry.

Registered Organization
The organization to which the operating system is registered as recorded in the system registry.

Product ID
The Product ID of the operating system. Note, the product ID is not the same as the installation key.

Major Version Number
The major version of the operating system.

Minor Version Number
The minor version of the operating system.

Build Number
A number to identify the version of the operating system as it is being developed, e.g. 2600.

Service Pack
Description of the service pack or Corrective Service Diskette (CSD) installed on the computer, e.g. Service Pack 3.

Service Pack Version
The version of the service pack expressed as a 'major.minor' string, e.g. 3.0 .

Plus! Version Number
The Plus! version number as recorded in the system registry.

DirectX® Version
The version of DirectX® installed on the computer. This application is comprised of several components such as DirectDraw® and DirectSound®. The version number shown refers to the overall DirectX installation. Individual component versions may be shown in the Active Setup and Windows Installer sections. In some cases, a system library file version may be shown.

Windows Directory
The directory that contains the operating system's applications, help files and other information.

System Directory
The directory containing the files required by the operating system, hardware and software applications.

Temporary Directory
The current user’s directory used for temporary storage of files and data.

Operating System Language
The installation language of the operating system.

Number of Bits
The bit size of operating system, e.g. 32 or 64.

6.4) Peripherals

This section lists the common types of peripherals attached to or installed on the computer.

Name
The name or type of peripheral. WinAudit reports the following common ones: mouse, keyboard, display, local and remote printers, mapped drives and if a network is installed.

Description
A description appropriate to the peripheral in question. For example, if a mouse is installed the number of buttons is shown as well as if those buttons are reversed. By design, WinAudit does not directly interrogate networked resources such as printers and mapped drives. Instead, it reports locally stored information concerning previous connections made to networked resources. This is a performance consideration, if the network is down or if a resource no longer exists then the programme would have to wait for a network time out (typically 30 seconds per resource).

6.5) Security

This section shows details relevant to the secure operation of the computer. WinAudit discovers various types of data and groups these according to functionality. Computer security is a large area and the content of the report emphasises those that are of key interest. Not all information is available on all versions of Windows® and in a few cases, administrator level privileges are required to report certain items detailed below.

Kerberos Policy
The currently defined Kerberos policy. Administrator privileges are required to view this information.

Enforce user logon restrictions
Validate every request for a session ticket against the user rights policy of the user account.

Maximum lifetime for service ticket
The maximum time that a granted session ticket can be used to access a particular service.

Maximum lifetime for user ticket
The maximum time that a user's ticket-granting ticket (TGT) may be used.

Maximum lifetime for user ticket renewal
The time during which a user's ticket-granting ticket (TGT) may be renewed.

Maximum tolerance for computer clock synchronization
The maximum time difference that Kerberos tolerates between the time on the client clock and the time on the domain controller that provides Kerberos authentication.

Kerberos Tickets

The list of Kerberos tickets currently in use by the logged on user. Administrator privileges are required to view this information.

Server Name
The name of the server the ticket applies to.

Realm Name
The name of the realm the ticket applies to.

Start Time
The time at which the ticket becomes valid. This data point is optional and is formatted to UTC in the user's locale.

End Time
The time when the ticket expires formatted to UTC in the user's locale.

Renew Time
If shown it is the time beyond which the ticket cannot be renewed. Formatted to UTC in the user's locale.

Encryption Type
Description or a defined constant of the encryption used in the ticket.

Ticket Flags
The properties of the ticket. This may be a combination of any or none of Forwardable, Forwarded, HW authent, Initial, Invalid, May postdate, OK as delegate, Postdated, Pre authent, Proxiable,Proxy and Renewable.

Network Time Protocol

The current settings for Network Time Protocol.

Name
The name of the setting.

Setting
Value as taken directly from the system registry at HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

Printer Permissions

This section shows the security on the installed printers. For each printer is displayed is a list of trustees. For each trustee is displayed a list of permissions. The same trustee may occur multiple times. The trustees, hence the permissions, are reported in the same order that the operating system uses when its determines a trustee’s access.

Name
The name of the printer to which the permission applies.

Object Type
The Windows® operating system maintains many types of objects on which permissions can be applied. In this context, the securable object is 'Printer'.

Trustee
The account on which permissions have been set. This is usually a group name but can be specia lname such as CREATOR OWNER. In some instances, for example if the trustee account has been deleted a string representation will be reported. This begins with S and is followed by a sequence of digits and hyphens such as S-1-2-32-544. This particular string is the default Administrators group (BUILTIN\ADMINISTRATORS)that was created when Windows was installed. For objects with no security the term 'No Trustee' will be shown.

ACE Type
ACE is an abbreviation of Access Control Entry, i.e. a set of permission for a given trustee. The type reported is usually Allow or Deny.

Permissions
A list of permissions that apply to the Trustee. For example, if the trustee is Guests, the ACE type is Allow and this list contains Print then Guests would be able to print. Typically the permissions are shown as common English Language words however, upper case strings may be reported. Their interpretation is Object Type dependent.

ACE Flags
A list that enumerated the behaviour of this permission set. The interpretation of this list is Object Type dependent but typically it describes how the permissions relate its parent and/or children.

Access Mask
A binary representation of the permissions that have been set on the trustee. This is 32 characters long with the least significant bit to the right. A one (1) indicates a permission is set. The exact meaning of each permissions Object Type dependent. This is the raw data from which the Permissions list is created.

Owner
The owner of the printer. This is at the securable object level, in other words it is the same for all trustees.

Registry Security Values

A list of security related values read directly from the registry. The values displayed are drawn from those typically reported by Microsoft's secedit.exe.

Subkey
The trailing part of the registry subkey as shown in bold below, their full paths are:
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled
HKLM\Software\Microsoft\Driver Signing\Policy
HKLM\System\CurrentControlSet\Services\Eventlog\Application\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Security\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\System\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Application\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Security\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\System\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Application\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\Security\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\System\MaxSize
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
HKLM\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
HKLM\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
HKLM\System\CurrentControlSet\Control\Lsa\DisableDomainCreds
HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
HKLM\System\CurrentControlSet\Control\Lsa\ForceGuest
HKLM\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing
HKLM\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
HKLM\System\CurrentControlSet\Control\Lsa\NoLMHash
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
HKLM\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
HKLM\System\CurrentControlSet\Control\Session Manager\ProtectionMode
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\optional
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine

Setting
The corresponding value found at the subkey, formatted as a string.

Security Log
The operating system can be configured to keep an audit log of security related operations. WinAudit examines this log and extracts those entries identified as audit failures. These entries generally arise when an operation is attempted and permission is denied. An example would be trying to read a file for which a user does not have sufficient privileges. The audit log can grow quite large, so only the twenty five (25) most recent unique entries are shown. Entries are reported in reverse chronological order with duplicates being ignored. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.
Source Name
The name of the programme which generated the audit entry.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

Security Settings
This section shows various configuration settings that are related to computer security.

Item
The type of application, configuration, service or policy to which the information pertains. One of Accounts, Account Lockout Policy, AutoLogon, Automatic Updates, Audit Policy, Execute Data, Internet Explorer, Network Access, Network Security, Password Policy or Screen Saver.

Name
The name of the configuration item.

Setting
The value of the configuration item. The value reported necessarily depends on the type of data. For example if the type is AutoLogon then the value will be either Yes or No to signify that this feature is enabled or disabled respectively.
Accounts: Shows the status and names of the built-in 'Administrator' and 'Guest' accounts.
Account Lockout Policy: Shows the account lockout policy.
AutoLogon: If enabled, at computer startup the logon screen is not shown and the logon takes place automatically using a domain/username/password combination stored in plain text in the registry.
Automatic Updates: Shows if Windows® is configured to perform scheduled downloads of updates. The periodicity of the schedule is shown. Requires at least Windows® 2000 with Service Pack 3 or newer.
Audit Policy: Shows the audit policy for the event security log.
Execute Data: Shows the programmes that are allowed to execute data. Data execution prevention is a processor-based feature that monitors programmes. It is available on Windows® XP with Service Pack 2 and Windows®2003 with Service Pack 1. The programmes listed in this section have been given permission to by-pass this security check thereby giving them access to normally protected areas of memory.
Network Access: Shows if anonymous users can translate Security Identifiers to account names.
Network Security: Shows settings from the Security Options section of Local Computer Policy.
Password Policy: Shows the password policy.
Screen Saver: Applies to the logged on user. Shows if enabled, the timeout and if it is password protected. On newer versions of Windows® local screen saver settings can be overridden by group wide policies.

System Restore

Sequence
The order in which the restore point was created. The first one is the most recent, regardless of the time setting of the computer's clock.

Creation Time
The time and date when the state of the system was saved. WinAudit attempts to display this date in yyyy-mm-dd hh:mm:ss format. It is the time of the computer's clock.

Description
A description of this particular restore point.

User Privileges

This section shows the privileges of the logged on user.

Privilege Name
The programme attempts to translate the privileges as understood by the operating system into a human readable form. On some systems, no translation may be available therefore, WinAudit presents the privilege's raw name. It will start with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

User Rights Assignment

The rights and privileges granted to accounts as specified in the User Rights Assignment section of the Local Computer Policy. Administrative level privileges are required to discover security related data.

Policy
The name or description of the right or privilege granted.

Security Setting
A comma separated list of grantees. If no name could be resolved, the Security Identifier will be displayed.

Windows® Firewall

Name
The name of an aspect of the firewall. One of Firewall Enabled, Authorised Application, Authorised Service or Authorised Port.

Setting
A description of a setting appropriate to the item in question. For example, Firewall Enabled might be Yes or No.
Firewall Enabled: Shows the state of the firewall, either Yes, No or Unknown.
Authorised Application: The name of an application that has been authorised to connect to a remote computer through the firewall. An example is Outlook Express.
Authorised Service: The name of a service that has been authorised to listen and accept incoming connections through the firewall. An example is File and Printer Sharing.
Authorised Port: A port that is authorised to be opened and to allow data to flow through it. The format is protocol:port_number:remote_address where the protocol is either TCP or UDP. If the remote address is an asterisk then the port can connect to any host. An example is TCP:80:*.

6.6) Groups and Users

This section enumerates the local groups, global groups and user accounts on the computer. By design, no attempt is made to discover account information held on remote computers. Administrator or Account Operator privileges are required to report on local groups. The distribution/mailing type groups as used by Active directory® are not enumerated.

6.6.1) Groups
The membership and permissions are shown for each local group. A local group is a set of users who have common permissions on the local computer. For security reasons, Administrator or Account Operator privileges are required to discover this information.
Group Type
Either a local or global group.

Group Name
The name of the group

Comment
Free formatted string typically entered by the system administrator.

 
6.6.2) Group Members

Group Name
The name of the group.

Member Name
The member name.

 
6.6.3) Group Policy

An enumeration of the policy privileges accorded to the group.

Group Name
The name of the group.

Privilege Name
The privilege name granted to the group. This starts with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

 
6.6.4) Users

A listing of the user accounts held on the system. Depending on the version of the operating system and the security policy in effect, some account information is securable and may require administrator privileges to view.

User Account
The user's name for this account.

Full Name
The full name of the user who uses the account.

Description
A description or comment of the user's account.

Account Status
The status of the account such as enabled, disable or locked.

Local Groups
A list of local groups to which this account belongs.

Global Groups
A list of global groups to which this account belongs.

Last Logon
The last time the user logged on. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Last Logoff
The last time the user logged off. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Number of Logons
The number of times the user has logged on. Information is obtained from the local machine only.

Bad Password Count
The number of times the user attempted to logged on but failed due to a bad password. Information is obtained from the local machine only.

Password Age
The age of the password, i.e. for how many days the user has been using the same logon password.

Password Expired
Indicates whether or not the user's password has expired, typically the user must supply a new one at next logon.

Account Expires
The date on which the account is due to expire. If blank, then it never expires.

6.7) Scheduled Tasks

This section enumerates the automated tasks that are scheduled to run on the computer.

Task Name
The name of the task.

Status
The current status of the task, such as ready, disabled, running etc.

Schedule
Textual description of the periodicity at which the task is scheduled to run.

Next Run Time
The next time that the task will run.

Run Command
The command(s) to perform, typically a path to an executable file or short cut. Any parameters passed to the executing programme will also be shown. On Windows® Vista this may also be an action such as 'Send e-mail'.

Maximum Run Time
The maximum time that the task is allowed to run.

Last Run Time
The time at which the task last ran.

Last Result
The result or exit code of the task when it last ran. Its interpretation is programme specific but often zero signifies success, assuming the task actually ran. Check the programme's documentation for the exact meaning of its exit codes to determine if the task ran successfully.

6.8) Uptime Statistics

This section shows information concerning the computer's availability based on records in the system's event file. As such, the reported values are dependent upon the quantity and integrity of the data in this file. If the reported period is short, the statistics may not give an accurate measure of the system's availability. Purging the event file means that no statistics can be calculated.

Data Start
The date of the earliest relevant entry in the event file. Reported values pertain subsequent to this date and are only valid for entries in strict chronological order.

System Uptime
The time elapsed since the computer was last started.

System Availability
A percentage measure of how often the computer has been powered up. Essentially, this is the total uptime divided by the time since the earliest relevant log entry.

Total Uptime
The total time that the computer was on.

Total Downtime
The total time that the computer was off.

Times Booted
A count of the number of times the computer has been turned on.

Clean Shutdowns
A count of the number of times the computer was properly shutdown.

Unexpected Shutdowns
A count of the number of times the computer was turned off abnormally, such as a power failure.

6.9) Error Logs

This section shows those errors posted by programmes into the computer's log files. These errors often require manual attention to rectify. On an NT type computer there are Application, Security and System log files. There may also be additional logs, such as Directory Service. These files can grow quite large and frequently the same errors repeat at regular intervals. To this end, only the twenty five (25) most recent unique entries are shown. These entries are reported in reverse chronological order with duplicates being ignored. Purging these logs necessarily means that no errors can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.

Source Name
The name of the programme which generated the audit entry.

Log File
The name of the event log file from which this record was taken, e.g. Application.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

6.10) Environment Variables

This section shows the defined environment variables for the current process. These are the same ones that are listed by using Set at the command prompt. For example, if a computer has a NetBIOS type name then the variable COMPUTERNAME normally maps to it.

Name
The name of the environment variable, e.g. COMPUTERNAME.

Variable Value
The value associated with the environment variable.

6.11) Regional Settings

This section shows computer specific settings that are typically associated with a particular region or culture such as time zone or language. The Windows® operating system has several such settings and an ad hoc list is presented. Omission of a particular setting does not negate its importance. Some data may be shown in the characters of the language for which it is intended. Choose a font that is appropriate to the language to view these characters.

Item
The type of regional setting. One of locale, number, currency, date or time.

Name
The name of the setting. For example, Country or Measurement System. The Language item is the user configurable setting found in Control Panel. To see the operating system's installation language refer to the Operating System section.

Setting
The value of the setting. For example, Country may be United Kingdom or the Measurement System may be Metric.

6.12) Windows® Network

This section shows the information typically associated with Windows® networking.

6.12.1) Network Files

A list of files on the computer that are being accessed by remote users. Administrator or Account Operator privileges are required to view this information.

Path
The full path to the file in use.

User Account
The user or possibly the computer that is using the file.

Locks
The number of locks the user has on the file.

Permissions
The permissions the user has on the file such as create, read and write.

6.12.2) Network Sessions

A list of remote computers and users connected to the computer.

Computer Name
The name of the remote computer that established the session.

User Account
The name of the remote user that established the session.

Connected Time
The number of minutes for which the connection has been made.

Idle Time
The number of minutes for which the connection has been idle, i.e. no network activity.

6.12.3) Network Shares
This section shows information about shared resources on the computer. For security reasons, to view the number of connections and the path, Administrator or Account Operator privileges are required.

Share Name
The name of the share. Share names that end with a dollar sign are for administrative purposes. Interprocess Process Communication shares are shown as IPC$.

Share Type
The type of resource shared, such as a disk drive or a print queue.

Connections
Number of connections to the share.

Share Path
The local path to the shared resource.

Path
The local path to the shared resource.

6.13) Network TCP/IP

This section shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration of the computer. For completeness, WinAudit reports all configurations found. For example, the Network Driver Interface Specification (NDIS) allows network cards to support multiple network protocols. Some data items such as Adapter Type require Windows Management Instrumentation (WMI) enabled.

6.13.1) Network Adapters

Adapter Number
A number to identify the adapter on systems with multiple adapters. Counting starts at 1.

Adapter Name
The name of the adapter.

DNS Host Name
The host name as specified in the Domain Name System (DNS) configuration.

DNS Servers
A list of the IP addresses of those computers used to translate domain names to IP addresses.

IP Address
The IP address of the computer. This may also be 0.0.0.0 if the network adapter obtains an address from a DHCP server, in this case refer to the DHCP IP Address for the last leased value.

IP Subnet
The mask used to determine to which subnet an IP address belongs.

Default IP Gateway
The IP address of the default gateway.

DHCP Enabled
Indicates whether DHCP is enabled.

DHCP Server
The IP address of the DHCP server.

DHCP IP Address
The IP address assigned to the computer by the server.

DHCP Lease Obtained
The timestamp, formatted in the user's settings, of when the dynamic IP address was assigned.

DHCP Lease Expires
The timestamp, formatted in the user's settings, of when the dynamic IP address assigned by the server expires.

Status Code
A numerical code indicating the status of the adapter, zero means OK. A readable description is also given. Requires the Windows Management Instrumentation service to be running.

Adapter Status
A textual description of the status code above. Requires the Windows Management Instrumentation service to be running.

Adapter Type
The type of network adapter, such as Ethernet 802.3. Requires the Windows Management Instrumentation service to be running.

MAC Address
The network adapter's Media access control address. Requires the Windows Management Instrumentation service to be running.

Connection Status
A textual description of the state of the network connection, examples are Connected and Media disconnected. Requires the Windows Management Instrumentation service to be running.

Connection Speed
The current speed setting of the network adapter in bits-per-second. The reported value is only meaningful if the adapter is in a connected state. Requires the Windows Management Instrumentation service to be running.

6.13.2) Open Ports

This section lists the network ports in use. With sufficient privileges, WinAudit maps open ports to their owning processes.

Port Protocol
The type of port, either one of Transmission Control (TCP) or User Datagram (UDP) Protocol.

Local Address
These are normally 0.0.0.0, 127.0.0.1 and any the computer uses to identify itself on the network. Some administrators adopt the form 192.168.xxx.xxx .

Local Port
The local port number.

Caption
Combined string of the Protocol, Local Address and Local Port, e.g. TCP 127.0.0.1:135

Service Name
The type of service the local port is being used for. Pertains to privileged ports only; this is optional information and it will be displayed if a suitable name can be obtained.

Remote Address
The address to which, if any, a connection been made. Applicable to TCP ports only.

Remote Port
The port number of a remote computer to which, if any, a connection been made. Applicable to TCP ports only.

Connection State
The state of the connection. WinAudit reports many different connection states however, the ones of most interest are the LISTENING and ESTABLISHED. Applicable to TCP ports only.

Process Name
The process that has opened the port. This is either the name or full path to the executable file of the process. Requires administrator privileges.

Process ID
The numerical identifier of the process that opened the port. Requires administrator privileges.

Process Description
The description, if any, of the process that opened the port. This is embedded in the executable file by its manufacturer. Requires administrator privileges.

Process Manufacturer
The manufacturer's name, if any, of the executable file that opened the port. Requires administrator privileges.

6.14) Hardware Devices

This section lists the devices installed on the computer. These are grouped by type and the list includes legacy/hidden devices. By design, WinAudit does not interrogate the devices on remote computers.

Device Type
A description of the type of device, such as keyboard and mouse. These descriptions are provided by the operating system.

Device Name
The name of the device as provided by its manufacturer.

Description
A description of the device as provided by its manufacturer.

Manufacturer
The manufacturer of the device or possibly a 'standard device'.

Location
Information about the location of the device e.g. PCI bus 0, device 19.

Driver Provider
The name of the publisher of the software driver used to control the device.

Driver Version
The version of the software driver used to control the device.

Driver Date
The publication date of the software driver used to control the device.

Status Code
A number indicating the status of the device. Sometimes called a problem number. Zero means that no problem was reported by the device driver.

Status Message
A translation of the error code above, OK means that no problem was reported. The specific translation available depends on the version of Windows® in use.

Class GUID
A globally unique identifier that specifies the type of device.

Device ID
A system wide unique identifier for the device.

6.15) Display Capabilities

This section shows data concerning the identification and supported features of displays attached to the computer. This data is specified by the manufacturer and is held in the system registry. Usually it is refreshed at boot time. Consequently, if the display is not turned on at boot time or if it is changed without a system re-boot, stale data may be presented. Errors and omissions may exist in the data. Requires a Plug and Play display supporting the Extended Display Identification Data specification (EDID) as published by Video Electronics Standards Association (VESA).

Display Number
The number of the display for which the data pertains, counting starts at 1.

Display Name
The name of the display as specified by its manufacturer.

Manufacturer
The name of the display's manufacturer or a 3-digit EISA code.

Manufacture Date
The week and year of manufacture, if known.

Serial Number
The serial number which identifies the display. This may be either a decimal number or a text string.

Product ID
An identifier formed by concatenating the manufacturer's 3-digit EISA code and the ID Product Code expressed as 4-digit number. Example: ABC1234.

Display Size
A textual description of the maximum viewable size of the display.

Display Type
A textual description of the display. Includes if it is analogue or digital and possibly its colour mode.

Supported Features
An enumeration of features supported by the display. Includes if standby, suspend and active-off power management modes are supported.

Display Resolution
The resolution of the display in pixels, e.g. 1024 x 768.

6.16) Display Adapters

This section shows details of display adapters or graphics cards in the computer. There may be some duplication of this data with that in the Hardware Devices section.

Adapter Number
A number to identify the adapter on systems with more than one installed. Counting starts at 1.

Name
The name or description of the adapter.

Adapter RAM
The amount of video memory on the adapter, expressed in MB.

Colour Depth
The configured number of colours, expressed in bits.

Vertical Resolution
The configured vertical resolution, expressed in dots per inch (dpi), typically 96dpi.

Current Refresh Rate
The configured vertical refresh rate, expressed in Hertz (Hz). Requires Windows® NT or above.

Video Processor
The name of the chip set on the adapter.

Adapter DAC Type
The type of digital to analogue converter.

Adapter ID
The manufacturer's designated name or identifier for the adapter.

BIOS
BIOS specific information about the adapter.

6.17) Installed Printers

This section shows the configuration and settings of local printers installed on the computer. For performance reasons, WinAudit does not show information about network printers.

Printer Number
A number to identify the printer on systems with more than one printer installed. Counting starts at 1.

Printer Name
The printer's name.

Share Name
The name by which this printer is known if it is a shared resource.

Port Name
The port to which the printer is assigned.

Location
An optional description of where the printer is located (user settable).

Pages Per Minute
The number of pages the printer is configured to print per minute.

Attributes
Description of properties of the printer such as if it is queued, shared etc.

Printer Status
The printer's current status such as Busy, Initializing, Paused, Printing etc.

Paper Size
The current setting of paper size.

Orientation
The current setting of paper orientation, i.e. portrait or landscape.

Print Quality
A description of the printer's quality setting usually, in Dots Per Inch (DPI).

Driver Name
The name of the software used to control the printer, typically the same name as for the printer.

Driver File
The location of the software library file that is the driver.

Driver Version
A number to indicate the version of the driver, this information is embedded in the driver file by its manufacturer.

Driver Manufacturer
The manufacturer or publisher of the driver software.

Driver Description
A description of the driver, this information is embedded in the driver file by its manufacturer.

Driver Data File
The location of the software file that contains data used by the driver.

Driver Configuration File
The location of the software library file that contains configuration data used by the driver.

6.18) BIOS Version

This section shows the system and video Basic Input/Output System (BIOS) version and dates. The BIOS is built-in software that, among other things, controls the system's hardware.

BIOS Version
The version of the system BIOS as reported in the system registry. When the computer starts, the operating system identifies the BIOS then records it in the registry for informational purposes. More comprehensive BIOS information is available in the System Management section.

Release Date
The publication date of the system BIOS as reported in the system registry.

Video BIOS Version
The version of the video BIOS as reported in the system registry.

Video BIOS Date
The publication date of the video BIOS as reported in the system registry.

6.19) System Management

This section shows the major types of information stored in the System Management BIOS, formerly referred to as the Desktop Management Interface. Note, WinAudit reports the information as stored by the manufacturer. This data often suffers from errors and omissions. As such, incorrect system information is neither indicative of a fault with WinAudit nor a problem with the computer.

6.19.1) BIOS Details

SMBIOS Version
The version expressed as 'major.minor' of the System Management BIOS (SMBIOS) specification used to describe the formatting of the information. This is not the same as the BIOS version. When applicable “0” means no and “1” means yes.

BIOS Vendor
The BIOS vendor's name.

BIOS Version
The version of the BIOS, this may be in any format the vendor has chosen.

Start Address
The memory address where the BIOS information starts.

Release Date
Publication or release date of the BIOS usually in the form mm/dd/yy or mm/dd/yyyy.

ROM Size
Size of the ROM chip holding the BIOS, expressed in KB.

BIOS Characteristics
A number indicating features that the BIOS supports.

Characteristics Ext. 1
An optional number indicating the extended features that the BIOS supports.

Characteristics Ext. 2
An optional number indicating the extended features that the BIOS supports.

System BIOS Major
The major version number of the System BIOS.

System BIOS Minor
The minor version number of the System BIOS.

Firmware Major
The major version number of the firmware.

Firmware Minor
The minor version number of the firmware.

No Characteristics
Indicates if the BIOS contains information about the features and characteristics that it supports.

ISA Support
Indicates if Industry Standard Architecture is supported.

MCA Support
Indicates if Micro Channel Architecture is supported.

EISA Support
Indicates if Extended Industry Standard Architecture is supported.

PCI Support
Indicates if Peripheral Component Interconnect is supported.

PCMCIA Support
Indicates if Personal Computer Memory Card International Association is supported.

PnP Support
Indicates if Plug and Play is supported.

APM Support
Indicates if Advanced Power Management is supported.

BIOS Upgradeable
Indicates if the BIOS can be upgraded/flashed.

BIOS Shadowing
Indicates if the BIOS can be copied from the ROM into the RAM, usually for performance reasons.

VL-VESA Support
Indicates if Video Electronics Standards Association is supported.

ESCD Support
Indicates if Extended System Configuration Data for plug and play is supported.

CD Boot
Indicates if the system can boot from a CD drive.

Selectable Boot
Indicates if BIOS allows the boot drive to be selected.

ROM Socketed
Indicates if ROM chip is socketed.

PCMCIA Boot
Indicates if the system can boot from a PC-Card.

EDD Support
Indicates if the BIOS supports Enhanced Disk Drive technology.

Floppy NEC 1.2MB
Indicates if the NEC 9800 1.2MB floppy is supported by the BIOS.

Floppy Toshiba 1.2MB
Indicates if the Toshiba 1.2MB floppy is supported by the BIOS.

Floppy 360 KB
Indicates if the 360 KB floppy is supported by the BIOS.

Floppy 1.2 MB
Indicates if the 1.2 MB floppy is supported by the BIOS.

Floppy 720 KB
Indicates if the 720 KB floppy is supported by the BIOS.

Floppy 2.88 MB
Indicates if the 2.88 MB floppy is supported by the BIOS.

Print Screen
Indicates if the BIOS supports print screen functionality.

Keyboard 8042
Indicates if the 8042 Keyboard is supported by the BIOS.

Serial Services
Indicates if serial services are supported buy the BIOS.

Printer Services
Indicates if print services are supported buy the BIOS.

CGA-Mono Video
Indicates if Color Graphics Adapter/Mono Video is supported by the BIOS.

NEC PC-98
Indicates if the NEC PC-98 series Japanese architecture is supported.

APCI Support
Indicates if Advanced Configuration and Power Interface is supported by the BIOS.

USB Support
Indicates if Universal Serial Bus is supported by the BIOS.

AGP Support
Indicates if Accelerated Graphics Port is supported by the BIOS.

I2O Boot
Indicates if Intelligent I/O is supported by the BIOS.

LS-120 Boot
Indicates if the computer can boot from an LS-120 (SuperDisk™) disk.

ATAPI ZIP Boot
Indicates if the computer can boot from a AT Attachment Packet Interface drive is supported.

Firewire Boot
Indicates if the computer can boot from a FireWire® (IEEE 1394) device.

Smart Battery
Indicates if the BIOS supports a smart battery, i.e. one that provides the computer with information about its power status.

6.19.2) System Information

Manufacturer
The name of the system's manufacturer.

Product Name
The product name as described by the manufacturer.

Version
The version of the product.

Serial Number
A system serial number.

Universal Unique ID
A 16 character long string to uniquely identify the system.

Wake-Up Type
The manner in which the system was powered-up, normally power switch.

SKU Number
The Stock Keeping Unit number of the computer.

Product Family
The product family to which a computer belongs.

6.19.3) Base Board

Board Number
A number to identify the baseboard on systems with more than one baseboard. Counting starts at 1.

Manufacturer
The baseboard's manufacturer.

Product
The product name as described by the manufacturer.

Version
The product version of the base board.

Serial Number
The serial number of the base board.

Asset Tag
A manufacturer specific asset tag to identify the base board.

Features
Features of the baseboard such as if it is hot swappable, replaceable or removable.

Board Type
The type of baseboard, normally motherboard.

6.19.4) Chassis Information

Manufacturer
The name of the chassis' manufacturer.

Chassis Type
The type of chassis such as laptop, desktop, mini-tower.

Version
A manufacturer specific version for the chassis.

Serial Number
A manufacturer specific serial number to identify the chassis.

Asset Tag
A manufacturer specific asset tag number to identify the chassis.

Boot Up State
The state of the chassis when it was last booted such as safe, warning, critical, non-recoverable.

Power State
The state of the power supply when it was last booted such as safe, warning, critical, non-recoverable.

Thermal State
The state of the thermal supply when it was last booted such as safe, warning, critical, non-recoverable.

Security Status
The state of the power supply when it was last booted such as locked out or enabled.

OEM Defined
Contains OEM- or BIOS vendor-specific information.

Height
The height of the enclosure in inches.

Number Of Power Cords
The number of power cords associated with the enclosure or chassis.

6.19.5) Processor

Processor Number
A number to identify the processor on systems with more than one processor. Counting starts at 1.

Socket Designation
A description of the processor's socket such as 'SLOT1'.

Processor Type
The type of processor, typically central processor.

Processor Family
The processor family such as Pentium®, Pentium® 4, AMD Athlon™ etc.

Processor Manufacturer
The name of the processor's manufacturer.

Processor ID
The processor's ID obtained from its EAX and EDX registers as a result of issuing a CPUID instruction.

Processor Version
A description of the processor.

Voltage
Voltage used by the processor.

External Clock
The external clock frequency in MHz.

Maximum Speed
The maximum processor speed in MHz supported by the system.

Current Speed
The current speed in MHz at which the processor is operating.

Status
The status of the processor such as if the socket is populated and if the processor is enabled.

Processor Upgrade
Information concerning upgrading the processor.

Serial Number
The serial number of the processor as set by the manufacturer.

Asset Tag
The asset tag of the processor.

Part Number
The part number of the processor.

Core Count
The number of cores detected by the BIOS for this processor.

Core Enabled
The number of cores that are enabled by the BIOS and available for use.

Thread Count
The total number of threads detected by the BIOS for this processor.

Processor Characteristics
Any additional processor characteristics detected by the BIOS.

Processor Family 2
Extended processor family information.

6.19.6) Memory Controller

Controller Number
A number to identify the memory controller on systems with more than one controller. Counting starts at 1.

Error Detecting
The method used by the controller to detect for errors in data such as 8-bit parity or CRC.

Error Correcting
The capability to correct for data errors such as single bit error correcting or error scrubbing.

Supported Interleave
The level of interleave supported by the controller, e.g. one way interleave.

Current Interleave
The level of interleave currently in use by the controller.

Max. Memory Module
The maximum memory module the controller can support, expressed in MB.

Supported Memory Speeds
The memory speeds supported by the memory controller, expressed in nanoseconds.

Supported Memory Types
The types of memory supported by the controller such as Standard, EDO, DIMM etc.

Memory Module Voltage
The voltages supported by the memory controller.

Number Memory Slots
The number of memory slots controlled by the controller.

6.19.7) Memory Module

Module Number
A number to identify the memory module on systems support multiple modules. Counting starts at 1.

Socket Designation
A designation for the socket into which the module is plug such as BANK_0.

Bank Connection
A Row Address Strobe (RAS) connection in the memory bank (part of motherboard that contains slots for memory modules)

Current Speed
The speed of the memory module, expressed in nanoseconds.

Current Memory Type
The type of memory such as such as Standard, EDO, DIMM etc.

Installed Size
The size of the memory module, in MB, in the socket.

Enabled Size
The amount of memory, in MB, that is enabled in the module.

Error Status
Description of any errors posted by the memory module to the BIOS.

6.19.8) Cache

Cache Number
A number to identify the cache on systems with multiple processor caches. Counting starts at 1.

Socket Designation
A designation for the cache, typically L1, L2 or L3.

Cache Configuration
The cache's configuration such as support for write-back or is socketed.

Max. Cache Size
The maximum cache size that can be supported, expressed in KB.

Installed Cache
The amount of cache in use, expressed in KB.

Supported SRAM Type
The type of Static Random Access Memory supported, such as burst or synchronous.

Current SRAM Type
The type of Static Random Access Memory currently in use, such as burst or synchronous.

Cache Speed
The speed of the cache in nano-seconds.

Error Correction Type
The error correcting method employed by the cache such as parity or single bit Error-Correcting Code.

System Cache Type
The type of cache, normally either data, instruction or unified.

Associativity
The associative level of the cache, such as Direct Mapped, 4-Way, Fully etc.

6.19.9) Port Connector

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Internal Designation
An internal reference to the port such as COM1 etc.

Internal Connection Type
The type of connection such as 9 Pin Dual Inline and DB-25 pin female.

External Designation
An external designation for the port such as COM1 etc.

External Connection Type
The external connection type such as RJ-45 or DB-9 pin male.

Port Type
The type of port such as USB, Parallel, Serial etc.

6.19.10) System Slot

Slot Number
A number to identify the slot on systems with multiple slots. Counting starts at 1.

Slot Designation
A designation for the slot, commonly its such as ISA or PCI.

Slot Type
The type of slot such as Industry Standard Architecture (ISA) or Peripheral Component Interconnect (PCI).

Data Bus Width
The data buss width, for example 32-bit.

Current Usage
Whether or not the slot is in use.

Slot Length
Either short or long.

Slot ID
An ID for the slot such as MCA or EISA.

Slot Characteristics 1
Description of the slot's characteristics such as voltage.

Slot Characteristics 2
Extended description of the slot's characteristics such as if it supports the Power Management Enable signal.

6.19.11) Memory Array Information

Array Number
A number to identify the memory array on systems with multiple arrays. Counting starts at 1.

Location
The location of the array, e.g. on motherboard.

Use Item
Description of the memory array's function.

Error Correction
The array's error correcting capability such as parity, CRC etc.

Maximum Capacity
The maximum capacity in KB for the array.

Error Handle
An error code, 0xFFFF indicates that no errors have been detected.

Number of Devices
The number of slots available to the memory array.

6.19.12) Memory Device

Device Number
A number to identify the memory device on systems with multiple devices. Counting starts at 1.

Error Handle
A number to indicate an error status, 0xFFFE indicates no information and 0xFFFF no reported errors.

Total Width
The total width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Data Width
The data width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Device Size
The size, typically in MB, of the device.

Form Factor
The form factor of the device such as SIMM, DIMM, RIMM etc.

Device Set
Indicates if the device is part of a set of similar devices.

Device Locator
Identifies the socket where the device is located such as A0.

Bank Locator
Identifies the bank where the device is located such as Bank0/1.

Memory Type
The type of memory such as DRAM. VRAM, DDR etc.

Memory Type Detail
Details about the type of memory such as Fast-Paged, Synchronous, RAMBUS etc.

Speed
The speed of the memory device in MHz.

Manufacturer
The name of the manufacturer of the device.

Serial Number
The serial number of the device.

Asset Tag
The asset tag of the device.

Part Number
The part number of the device.

6.20) Processors

Processor Number
A number to identify the processor on systems with multiple processors. Counting starts at 1.

Name
The name is obtained from the processor itself or is resolved from its signature and physical characteristics.

Short Name
Not used, always empty.

Speed - Estimated
The speed in MHz estimated over certain number of processor cycles.

Speed - Registry
The speed in MHz as reported in the system registry. Zero if not present in the registry.

Processor Type
The type of processor, one of: OEM Primary, Overdrive or Secondary.

Manufacturer
The name of the processor's manufacturer.

Serial Number
The serial number, if present, as stored in the processor by its manufacturer. Serial numbers are present on Pentium® III processors only.

APIC Physical ID
A comma separated list of the Advanced Programmable Interrupt Controller identification numbers of the logical processors in the physical processor.

Features
A list of comma separated features or instructions the processor supports.

Cache
A comma separated list of the processor’s cache levels and sizes.

TLB
A comma separated list of the processor’s data and instruction Translation Lookaside Buffers.

Logical Processors
The number of logical processors in the physical processor. Also known as package.

6.21) Memory

This section shows amount of memory, both physical and swap, on the computer.
WinAudit adopts the convention that 1MB = 1024*1024 bytes = 1,048,576 bytes also known as 1 mebibyte.

Total Memory
The total amount of physical memory (RAM) in MB. Also referred to as main memory.

Free Memory
The amount of unused physical memory (RAM) in MB.

Maximum Swap File
The maximum file size, expressed in MB, the operating system will allocate for swapping. Swapping is the process of moving data from physical memory to a file on a hard drive for temporary storage. This file is created by the operating system and allows it to handle quantities of data to large too for the physical memory. The swap file is also referred to as a page file.

Free Swap File
The bytes available to the swap file expressed in MB.

6.22) Physical Disks

This section shows the disks detected in the computer. For security reasons, as of Windows® 2003, this detection requires administrator level privileges. Likewise, to report the result of a S.M.A.R.T. self-test, administrator privileges are required.

Bug Notice! WinAudit can detect disks while running under a restricted user account. However, on multi-disk systems, correct disk numbering requires administrator privileges. Because the majority of computers have only one hard disk and it is preferable to run programmes under a restricted user account, this non-administrative method of disk detection has some utility. If the disk numbering appears to be inconsistent, re-run the programme as administrator to correct for this bug.

Disk Number
A number to identify the disk on systems with multiple disks. Counting starts at 1 and corresponds to the disk's controller position. For example, #1 is Primary Master, #2 is Primary Slave, #3 is Secondary slave etc.

Capacity
The capacity of the disk in MB, i.e. size in bytes divided by 1024 * 1024.

Disk Type
The type of disk, options are fixed and removable.

Manufacturer
The name of the disk's manufacturer.

Model
The model of the disk as specified by the manufacturer.

Serial Number
The serial number of the disk as specified by the manufacturer.

Firmware Revision
The firmware revision of the disk as specified by the manufacturer.

Controller Rank
The rank of the disk on the controller, e.g. primary, secondary etc.

Master/Slave
Indicates if the disk is set as the master or slave on the controller.

Total Cylinders
The number of cylinders, note WinAudit will not report numbers higher than 16383. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Total Heads
The number of heads the disk has. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Sectors Per Track
The number of sectors per track. Requires Windows® NT. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Buffer Size
The disk's cache size, if any, expressed in KB. A value of zero may be presented if the buffer's size could not be determined.

SMART Supported
Indicates if Self-Monitoring Analysis and Reporting Technology (S.M.A.R.T.) is supported by the disk.

SMART Enabled
Indicates if S.M.A.R.T. is enabled on the disk.

SMART Self-Test
The result of an auto-diagnostic disk test. The possible responses are OK, Failed and Unknown. Requires administrative privileges. Under some circumstances a SMART self-test may be obtainable without direct access to the SMART Supported and SMART Enabled data items listed above.

6.23) Drives

This section enumerates the drives, also known as volumes, found on the computer. The information displayed depends on the drive type and the presence of removable media. By design, WinAudit only reports on local drives.
WinAudit follows the widely adopted convention that 1MB = 1024*1024 bytes = 1,048,576 bytes which is sometimes referred to as 1 mebibyte. It is common however, for floppy drive manufacturers to use 1MB = 1000*1024 bytes = 1,024,000 bytes.

Letter
The letter used to identify the drive in the range A to Z.

Drive Type
The type of drive; one of removable, fixed, network, CD-ROM or RAM disk. USB devices and floppy drives are reported as removable.

Percent Used
The percentage of the media that is in use. For optical drives a value of 100% is reported regardless of the amount in use because it is customary to assume there is no free space.

Used Space
The space used on the media. The reported value may be less than the actual amount if user quota's are implemented. Windows® 95 release 1 has a detection ceiling of 2GB.

Free Space
The free space available on the media. Optical drives normally show zero free space regardless of the amount of information actually written to the media.

Total Space
The total space available on the media. For optical drives this value is the amount in use and not its total capacity.

Volume Name
The volume name of the drive, also known as the label.

File System
The file system used to store data on the media, common types are FAT , FAT32 , NTFS and CDFS.

Volume Serial Number
The volume serial number, this number changes when the drive is formatted. To obtain the manufacturer's serial number set the option for physical disk detection.

Sectors Per Cluster
The number of sectors in a cluster. A cluster is comprised of sectors. A sector is the smallest amount of space useable on a drive.

Bytes Per Sector
The number of bytes each sector can store. Typical numbers are 512, 1024 and 2048.

Free Clusters
The number of clusters that are available to store information. May be fewer than the actual amount if user quotas are implemented.

Total Clusters
The total number of clusters available on the drive. May be fewer than the actual amount if user quotas are implemented.

6.24) Communication Ports

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Port Name
The name of the port such as COM1.

Monitor Name
The name of an installed monitor for the port.

Description
A description of the port, e.g. local port.

Port Type
The type of port, i.e. if can read, write, redirected or remote.

6.25) Startup Programs

This section shows programmes that start automatically. The list is presented in an order that as closely as possible matches the startup sequence. This section does not include services.

Program Name
The name of the programme.

Settings Folder
The folder where the settings are stored for this program, typically a registry path or an operating system defined 'special' folder.

Startup Command
The command used to start the programme.

6.26) Services

This section shows the services on the computer. These are divided into two types namely, drivers and processes. Requires appropriate privileges on some installations of Windows®.

Name
The name of the service.

Service Type
A description of the type of service such as kernel driver or own process.

State
The state of the service, such as if it has been started.

Start Mode
The manner in which the service is to be started for example, automatic or manual.

Path Name
The path to the service's binary file. For example, cdrom.sys is the file for the CD-ROM device driver. Some services may run in the context of the generic host process svchost.exe.

Service Name
The account the service process will be logged on as when it runs. Typically this is empty for device services.

6.27) Running Programs

This section shows programmes that are running on the computer.

Name
The name of the programme in use. This is most often the programme's executable file, but it can also be a special process such as 'System Idle Process' or 'System'.

Process ID
The process identifier (PID), a number that uniquely identifies the process.

Memory
The memory, expressed in KB, being used by the process. The reported value will either be the Working Set or the Private Commit depending on the version of the operating system.

Description
The description, if any, of the programme. This is embedded in the executable file by its manufacturer and to report it, special access privileges may be required for a given programme.

6.28) ODBC Information

This section shows the Open Database Connectivity (ODBC) data sources and drivers found on the computer. File based data source names can reside anywhere on the computer but typically these are to be found in DefaultDSNDir or CommonFilesDir. These are themselves defined in the system registry. Sometimes file data sources may be in the user's home directory.

6.28.1) ODBC Data Sources

DSN Type
The Data Source Name (DSN) type may be one of File, System or User. The first type stores the information required to connect to the database in a file on the computer. For the other two, this connection information is stored in the system's registry.

DSN
The name of the data source.

Description
A brief description of the data source name. Typically File DSNs have no description and for System andUser DSNs it is the name of the driver software.

6.28.2) ODBC Drivers

Name
The name of the ODBC driver.

Company
The software publisher.

File Name
The name of the ODBC driver’s binary file. Typically a dll.

File Version
The version of the ODBC driver’s binary file. This is extracted from the file.

Driver ODBC Version
The ODBC specification level that the driver implements, e.g. 03.51

6.29) OLE DB Drivers

Name
The name of the OLE DB driver

Description
The software publisher’s description of the driver

6.30) Software Metering

A scan of the system's security log is performed to identify events associated with executable starts and exits. Normally, auditing of these events is not enabled so if you wish to collect metering information you need to review your audit policy. Ensure that 'Audit Process Tracking' is enabled. For example, if auditing is enabled then when a programme starts event 592 or 4688 will be recorded in the security log. The log can grow very large and it is not uncommon for it to contain several hundred thousand entries. Summarising this information may take some time to complete.

Tracking process exits is not sufficiently reliable so executable runtimes are not computed. Clearly, if the security log is purged then no data can be reported. Accessing security log may require special privileges depending on the security policy in effect. This statistics generated in this section should be should be treated as of low quality and used with caution.

File Name
The name of the executable that was started, e.g. Word.exe .

File Path
The full file path the executable that was started.

File Version
The file's version number. This data, if present, was embedded in the file when it was created by its manufacturer.

Publisher
The name of the file's manufacturer (publisher). This data, if present, was embedded in the file when it was created by its manufacturer.

First Start Timestamp
The first entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Start Timestamp
The last entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Starts
The number of times the executable was started at the console. That is, started by a user who logged on at system's keyboard.

Remote Starts
The number of times the executable was started via a remote session such as remote desktop.

Other Starts
The number of times the executable was started but not as either from within a console or remote session. Examples of this are as a service, batch job or the machine account.

6.31) User Logon Statistics

User logon events are stored in the system's security log. If you wish to report this you need to ensure that 'Audit Account Logon Events', 'Audit Logon Events' and 'Audit System Events' are enabled in the Audit Policy. The security log can grow very large therefore summarising it may take some time to complete. Clearly, if the security log is purged then no data can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

User Account
The name of the logged on account, usually reported as Domain_Name\User_Name.

First Logon Timestamp
The first entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Logon Timestamp
The last entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Logons
The number of times the user logged on at the console. That is, an interactive logon at system's keyboard.

Remote Logons
The number of times the user logged on via a remote session such as remote desktop.

Other Logons
The number of logons at neither the console nor from a remote computer. Examples of this are logons for a service, batch job or the machine account.

7) Saving the Audit

To save your audit report, on the menu select File + Save then enter the file name of your choice, WinAudit usually provides the computer's name for you. Next, from the drop down list choose the type of document. Options are Comma Delimited, Rich Text and Web Page. Finally, click the Save button.

Comma Delimited
This format is used by spreadsheets and custom data analysis programmes. The csv file is written out in little endian UTF-16 with the customary byte order marker of 0xFF 0xFE. Commas are used as field delimiters regardless of locale settings. The data generated WinAudit is heterogeneous in nature so to facilitate processing, each row begins with a numerical category identifier. The first field is the name of the category. The subsequent fields are the data item values. All fields are double quoted. Any double quote in a data value is escaped with a double quote. For example, 15” becomes 15””.

Rich Text
Save in rtf format if you intend to view the results in a the WordPad text editor.

Web Page
Save in html format if you intend to view the results in a browser.

8) Sending by E-Mail

To send the data by e-mail, on the menu, select File + Send E-Mail at which point WinAudit will attempt to start your e-mail programme and create a new message containing the audit report. Enter the recipient(s) address then click the send button. WinAudit will not send an e-mail without the user's knowledge. The audit report is sent as an attached web page. Other types of data are as an ordinary message.

9) Export to Database

To send the audit to a database, on the menu select File then Database Export. A window will be shown allowing you to control how the data is exported. Select the database's type (e.g. Microsoft Access). For MySQL® and PostgreSQL select, from the adjacent list, the software used to connect to it. Next, enter the database's name into the box. Your database administrator will provide you with all the required information. Ignore the remaining options unless otherwise instructed by the administrator. Press the Export button, if requested enter your credentials. The data export will begin. The time taken for this to complete depends on how much data you are sending, so be sure to wait for it to finish. You will then see a result message indicating how many records where exported. Finally, click the Close button.
The remainder of this document is intended for the database administrator.

9.1) Administration - DBA

The following DBMS versions are supported:
- Microsoft® Access 2000 and newer
- MySQL® 5 and newer
- Microsoft® SQL Server 2005 and newer
- PostgreSQL 8.3 and newer

9.1.1) Create the Database

WinAudit can create Access, MySQL and SQL Server databases. For PostgreSQL, an existing database is required with WinAudit then creating its tables and related objects. Start the logger by selecting Help + Start Logging on the menu. Next, select File + Database Export. On the window, select the Database Management System Name (DBMS). For MySQL or PostgreSQL, select its ODBC driver as well. The drivers found on the computer are shown in the drop down lists. In the Database Name text box enter a name as follows:

Access - the full file path to the database e.g. C:\Data\WinAuditDB.mdb.
MySQL - the database name.
SQL Server - the database name.
PostgreSQL - the database name.

Access databases can be created provided the corresponding OLEDB component is installed on the computer. For MySQL and SQL Server a simple CREATE DATABASE statement will be issued against the server. If you intend to use PostgreSQL, create an empty database now before proceeding. You can do this with pgAdmin. Next, click the Administration button, the Administrative Tasks window will be shown. Your choice of DBMS and database name are shown under the window's title. You cannot change these properties while this window is visible. The following options are available for creating your database. The ones shown depend on your choice of DBMS.

Unicode
If you wish to store Unicode characters check the Unicode box, In this context, Unicode is 2-bytes per character (UCS-2). Identifier columns used in the Computer_Master table are always in low ASCII, so Unicode (NVARCHAR/WVARCHAR) are not used for these. Hence, if you intend to run queries on this table you do not need to prefix your string literals with 'N'. No provision is made for labels of a fully qualified domain name to be in Unicode as this is a non-standard extension to the specification. Microsoft Access is Unicode by design. For PostgreSQL, the database code page is specified on creation.

OLE DB Driver
If you have specified Access as the DBMS then a drop down list will be shown. WinAudit will select the correct OLEDB driver based on the file extension. Access 2000 (.mdb) uses the Microsoft.Jet.OLEDB.4.0 driver. Newer versions of Access (.accdb) use the Microsoft.ACE.OLEDB.x driver. If no driver is shown in the drop down box, close the window and review the log for error messages. Most probably you need to install the driver for .accdb or fallback to .mdb file type.

Grant Privileges to PUBLIC
For SQL Server you can specify if you want PUBLIC to have a minimal set of privileges to post data into the database. Essentially, this allows users to post but not to view or delete data. If this is undesirable for your security requirements then you will need to implement a security arrangement that better suits your environment. See below for more details on user privileges.

Click, the Create button. On completion a status message will be shown. Close the window and review the log for any error or warning messages.

Important: once a connection to the database has been established, it is held until this Administrative window is closed. If the connection to the server drops you will need to close the window and re-open it. When you are finished performing your administrative tasks close the window to severe the connection.

9.1.2) Client Connection

After an audit has been completed, clients send the result to the database by selecting File then Database Export in the menu. Connection to the database is via ODBC, therefore you must ensure that:
- the database's ODBC driver is installed on client's machine
- your clients know which DBMS they are to use
- your clients know the name of the database
- for MySQL® and PostgreSQL your client's know which ODBC driver to use

Microsoft's Access and SQL Server ODBC drivers ship with the operating system and are installed by default. ODBC drivers for MySQL and PostgreSQL databases are available from their respective vendors. The other information shown on the Export Audit to Database window is optional. When then user clicks Export, WinAudit creates a connection string that is passed to the ODBC driver. Normally, a login window will be displayed requesting additional connection information such as a password. Logging of the completion connection string may be suppressed if it contains a password so if there is a login error, instruct your users to copy any messages shown to them. As soon as the data transfer is complete the connection is closed. Users must therefore login every time they attempt a database export. Winaudit prevents the same audit data from being posted twice to the same database.

Maximum Errors [%]
An audit report may up to a few thousand records. Usually there are no errors when posting to a database. However, occasionally some data cannot fit into the allocated column size in the database. Typically these are long file paths. It is not always desirable to fail an entire database operation because of a few errors. Consequently, you can instruct your users to set this tolerance parameter thereby allowing the operation to succeed. For example if you set this to 1% and 1000 records are sent to the database, if fewer that 10 records fail to be posted the operation as a whole will be deemed to have succeeded. The default setting is 5% with a range of 0 (no errors allowed) to 25%.

Max. affected rows
You can specify a limit the number of records that can be posted to the database in a single operation. The default value is 9999 with a range of 1 to 9999.

Connect timeout [secs]
Specify the connection timeout for the database. This setting applies to both the initial login timeout (SQL_ATTR_LOGIN_TIMEOUT) and subsequent communications (SQL_ATTR_CONNECTION_TIMEOUT) with the database. The default value is 30s with a range of 5s to 99s.

Query timeout [secs]
Specify a query timeout for the database. WinAudit often sends large quantities of data to the database, depending on database load it may take some time for the query to complete. WinAudit will not use an infinite timeout. The default value is 60s with a range of 5s to 999s.

9.1.3) Data Maintenance

Your database will increase in size unless you delete the old audits. WinAudit operates on the assumption that connecting clients do not have DELETE privilege, hence this step cannot be automated. From time to time you need to purge the database of its old audits. Roughly speaking, a default audit is expected to require about 1MB. Before proceeding it is strongly recommended that you back up your data. To delete the old audits, on the Administrative Tasks window click, in the Data Maintenance section, the Delete button. This will purge the database of all but the last audit for each computer.

9.1.4) Reporting

WinAudit allows you to create some simple reports from your data. This requires SELECT privilege on database tables. In the Reports section, select a report from the drop down list. You can specify a limit to the number of rows returned by using the parameter Maximum Rows. To fetch all the rows use a value of zero (0). Click Run to create the report.

You can, of course, use your own database's software to create reports. When the database is created a set of views were also created. For example, to see System Overiew records use the v_System_Overview view. If you wish to write your own SQL statements, bear in mind:
- Data is stored in the Audit_Data table
- Audits are identified by the Audit_ID column
- The Audit_Data table may have several audits for a given computer
- The most recent Audit_ID is in Computer_Master.Last_Audit_ID
- To view current data INNER JOIN Computer_Master to Audit_Data
- Audit_Data columns are character data, avoid numerical computations
To help you create your own queries check the Show SQL box, this will show the statement used to generate the report. These statements serve as working examples which you can use to build your own queries.I n particular, you will need to map the category of data you want to its numerical identifier and the names of the columns. This information is found in the Display_Names table. For example, to get a list of installed software in your organisation:
SELECT DISTINCT
Audit_Data.Item_1 As Software_Name
FROM Computer_Master INNER JOIN Audit_Data ON
Computer_Master.Last_Audit_ID = Audit_Data.Audit_ID
WHERE Audit_Data.Category_ID = 500

The INNER JOIN ensures you are viewing only current data. In the Display_Names table you will see that Software Programs has a Category_ID of 500. Similarly, Item_1 correspondsto the data item of Name.

10) Command Line Usage

You can invoke WinAudit from the command line, in this mode the programme executes without showing its main window. In this manner, you can automate the auditing of computers using batch files or login scripts on a domain controller. If need be, you can post the results directly to a database or save them to a centralised networked drive.
Some tips:
- Try to use WinAudit in user interface mode before invoking it via the command line.
- Ensure you have included the report switch '/r=' with some category letters.
- The category letters are case sensitive
- Use only backslashes slashes '\' for file path separators.
- It is not necessary to quote output or log file paths even if there are spaces.
- WinAudit returns a code of zero (0) on success and non-zero if an error occurred.
- A logging facility is provided to help you diagnose problems.
The command syntax (all on one line) is:
WinAudit.exe /h /r=gsoPxuTUeERNtnzDaIbMpmidcSArCOHG /f=file /T=file_timestamp /l=log_file

All switches are optional, if none are supplied the programme runs in user interface mode. See examples below.

Switches

/h
Show a help message then exit.

/r
Report content, default is NO sections, i.e. nothing is done.
g Include System Overview
s Include Installed Software
o Include Operating System (Small letter o)
P Include Peripherals
x Include Security
u Include Groups and Users
T Include Scheduled Tasks
U Include Uptime Statistics
e Include Error Logs
E Include Environment Variables
R Include Regional Settings
N Include Windows Network
t Include Network TCP/IP
z Include Devices
D Include Display Capabilities
a Include Display Adapters
I Include Installed Printers (Capital I )
b Include BIOS Version
M Include System Management
p Include Processor
m Include Memory
i Include Physical Disks
d Include Drives
c Include Communication Ports
S Include Startup Programs
A Include Services
r Include Running Programs
C Include ODBC Information
O Include OLE DB Drivers (Capital O)
H Include Software Metering
G Include User Logon Statistics

/f
Output file or database connection string. Valid file types are comma separated, rich text and web page:
/f=computer_audit.csv
/f=computer_audit.rtf
/f=computer_audit.html
Only one file type may be specified. If no /f switch is specified, the output is written to 'computer_name.html’ where computer_name is the NetBIOS name of the computer.

macaddress is a reserved word (case insensitive). If specified, the output will be written to a file named using a Media Access Control (MAC) address. If no MAC address can be resolved, then the computer's name will be used. On systems with multiple network adapters, the address of the first one discovered will be used. Usage: /f=macaddress.html . If a connection string is supplied, it must begin with DRIVER= or DBQ=. This string must not have any forward slashes.

/T
Use an ISO style date, time or data-time in the output file name. The timestamp precedes the file extension e.g. Audit-20130320-123655.txt, options are:
/T=date - YYYMMDD format
/T=time - hhmmss format
/T=datetime - YYYYMMDD-hhmmss format
This switch is for use with regular file names, do not use when exporting data to a database.

/l
The log file path to record diagnostic and activity messages. The log files are tab separated text that can be view in notepad hence the .txt extension is recommended. If only a file name is supplied, the log file will be written to the same directory in which the WinAudit executable resides. To avoid concurrency issues, be sure to use a different name for each concurrent job. For example /l=%COMPUTERNAME%.txt

10.1) Command line examples

To view the command line usage, at the command prompt type:
WinAudit.exe /h

To get a System Overview with the output saved in the same directory as the WinAudit executable in the default format of html and filename of 'computername.html':
WinAudit.exe /r=g

To get a System Overview and Operating System information saved in a specified directory in rich text format using the computer’name as defined in the environment:
WinAudit.exe /r=go /f=C:\Temp\%COMPUTERNAME%.rtf

To audit your computer showing the System Overview, Operating System and Installed Software sections then save the report in CSV format on remote computer called SERVER in the networked shared directory Audits using a filename based on the MAC address:
WinAudit.exe /r=gos f=\\SERVER\Audits\macaddress.csv

Get a System Overview and log the audit to a file called log.txt. The audit will be saved in 'computername.html' with the log file written to the directory containing WinAudi.exe.
WinAudit.exe /r=g /l=log.txt

Save data about displays and adapters using a file name that contains a timestamp. The output file name will be of the form Displays-20131020-130425.rtf:
WinAudit.exe /f= Displays.rtf /r=gDa /T=datetime

Send a system overview to an Access (.mdb) database using a DSN-Less connection string:
WinAudit.exe /r=g /f=DBQ=C:\Temp\Test.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;

Save many data categories to a password protected Access 2007 or newer database.
WinAudit.exe /r=gsopxuTUeERNt /f=DRIVER={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=C:\Temp\WinAuditDB.accdb;UID=admin;PWD=123456

Send a system overview to SQL Server on a computer named PXSSQLSVR using a DSN-Less connection string. Connect as user WinAuditUser to a database named WinAuditDB and write out a log file to log.txt. Note, there is a space between 'SQL' and 'Server':
WinAudit.exe /r=g /f=DRIVER=SQL Server;SERVER=PXSSQLSVR;UID=WinAuditUser;PWD=Cvb5dP3g;DATABASE= WinAuditDB; /l=log.txt

Save a system overview to a SQL Server database on a trusted connection.
WinAudit.exe /r=g /f=DRIVER={SQL Server};SERVER=PXSSQLSVR;DATABASE=WinAuditDB;Trusted_Connection=Yes;

Send a system overview to a MySQL database named winauditdb on the local computer using a DSN-Less connection string. Connect as root with a password.
WinAudit.exe /r=g /f=DRIVER=MySQL ODBC 3.51 Driver;SERVER=localhost;UID=root;PWD=123456;DATABASE=winauditdb;

11) Privacy and Security

The WinAudit programme has no networking capabilities. It cannot send, transmit or in anyway communicate any information about your computer to anyone else. Parmavex Services does not receive a copy of your data.

WinAudit cannot autonomously send e-mail. It creates a message then displays it for the user to send.

WinAudit is provided as freeware. Its freeware license is embedded in the executable. This means that its terms are fixed into perpetuity.

WinAudit is open source software, its operation can be verified by examining the source code.

12) Contact Information

Our preferred method of communication is e-mail. When doing so please be sure to include WinAudit in the subject otherwise your message will be automatically deleted.

Parmavex Services
17 Perry Hill Lane
Oldbury
West Midlands
England B68 0AG
Fax: +44 (0)121 421 7114
Email: winaudit at parmavex dot co dot uk
Web: www.parmavex.co.uk

13) European Union Public Licence

WinAudit is licensed under the European Union Public Licence (EUPL). It is free open source software. It must not be sold, leased, rented, sub-licensed or used for any form of monetary recompense whatsoever. You may make as many verbatim copies of the executable“WinAudit.exe” as you need and distribute them to anyone. This includes commercial organisations. By using this software, you will have agreed and are agreeing to be bound by the terms of EUPL set forth below. The EUPL is copyright of the European Community and is reproduced here in accordance with their best practices about “establishing” a EUPL contract.

European Union Public Licence
V. 1.1
EUPL © the European Community 2007

This European Union Public Licence (the “EUPL”) applies to the Work or Software (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work).

The Original Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following notice immediately following the copyright notice for the Original Work:

Licensed under the EUPL V.1.1

or has expressed by any other mean his willingness to license under the EUPL.

1. Definitions

In this Licence, the following terms have the following meaning:

- The Licence: this Licence.

- The Original Work or the Software: the software distributed and/or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be.

- Derivative Works: the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15.

- The Work: the Original Work and/or its Derivative Works.

- The Source Code: the human-readable form of the Work which is the most convenient for people to study and modify.

- The Executable Code: any code which has generally been compiled and which is meant to be interpreted by a computer as a program.

- The Licensor: the natural or legal person that distributes and/or communicates the Work under the Licence.

- Contributor(s): any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work.

- The Licensee or “You”: any natural or legal person who makes any usage of the Software under the terms of the Licence.

- Distribution and/or Communication: any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, on-line or off-line, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal person.

2. Scope of the rights granted by the Licence

The Licensor hereby grants You a world-wide, royalty-free, non-exclusive, sublicensable licence to do the following, for the duration of copyright vested in the Original Work:

- use the Work in any circumstance and for all usage,
- reproduce the Work,
- modify the Original Work, and make Derivative Works based upon the Work,
- communicate to the public, including the right to make available or display the Work or copies thereof to the public and perform publicly, as the case may be, the Work,
- distribute the Work or copies thereof,
- lend and rent the Work or copies thereof,
- sub-license rights in the Work or copies thereof.

Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the applicable law permits so.

In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed by law in order to make effective the licence of the economic rights here above listed.

The Licensor grants to the Licensee royalty-free, non exclusive usage rights to any patents held by the Licensor, to the extent necessary to make use of the rights granted
on the Work under this Licence.

3. Communication of the Source Code

The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to distribute and/or communicate the
Work.

4. Limitations on copyright

Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Original Work or Software, of the exhaustion of those rights or of other applicable limitations thereto.

5. Obligations of the Licensee

The grant of the rights mentioned above is subject to some restrictions and obligations
imposed on the Licensee. Those obligations are the following:

Attribution right: the Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties.The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes and/or communicates. The Licensee must cause any Derivative Work to carry prominent notices stating that the Work has been modified and the date of modification.

Copyleft clause: If the Licensee distributes and/or communicates copies of the Original Works or Derivative Works based upon the Original Work, this Distribution and/or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the Licence. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence.

Compatibility clause: If the Licensee Distributes and/or Communicates Derivative Works or copies thereof based upon both the Original Work and another work licensed under a Compatible Licence, this Distribution and/or Communication can be done under the terms of this Compatible Licence. For the sake of this clause, “Compatible Licence” refers to the licences listed in the appendix attached to this Licence. Should the Licensee’s obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence
shall prevail.

Provision of Source Code: When distributing and/or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute and/or communicate the Work.

Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing
the content of the copyright notice.

6. Chain of Authorship

The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions to the Work, under the terms of this
Licence.

7. Disclaimer of Warranty

The Work is a work in progress, which is continuously improved by numerous contributors. It is not a finished work and may therefore contain defects or “bugs” inherent to this type of software development.

For the above reason, the Work is provided under the Licence on an “as is” basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this Licence.

This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.

8. Disclaimer of Liability

Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.

9. Additional agreements

While distributing the Original Work or Derivative Works, You may choose to conclude an additional agreement to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or services consistent with this Licence. However, in accepting such obligations, You may act only on your own behalf and on your sole responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by the fact You have accepted any such warranty or additional liability.

10. Acceptance of the Licence

The provisions of this Licence can be accepted by clicking on an icon “I agree” placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms and conditions.

Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution and/or Communication by You of the Work or copies thereof.

11. Information to the public

In case of any Distribution and/or Communication of the Work by means of electronic communication by You (for example, by offering to download the Work from a remote location) the distribution channel or media (for example, a website) must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence and the way it may be accessible, concluded, stored and reproduced by the Licensee.

12. Termination of the Licence

The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms of the Licence.

Such a termination will not terminate the licences of any person who has received the Work from the Licensee under the Licence, provided such persons remain in full compliance with the Licence.

13. Miscellaneous

Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the Work licensed hereunder.

If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or enforceability of the Licence as a whole. Such provision will be construed and/or reformed so as necessary to make it valid and enforceable.

The European Commission may publish other linguistic versions and/or new versions of this Licence, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. New versions of the Licence will be published with a unique version number.

All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take advantage of the linguistic version of their choice.

14. Jurisdiction

Any litigation resulting from the interpretation of this License, arising between the European Commission, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice of the European Communities, as laid down in article 238 of the Treaty establishing the European Community.

Any litigation arising between Parties, other than the European Commission, and resulting from the interpretation of this License, will be subject to the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.

15. Applicable Law

This Licence shall be governed by the law of the European Union country where the Licensor resides or has his registered office.

This licence shall be governed by the Belgian law if:
- a litigation arises between the European Commission, as a Licensor, and any Licensee;
- the Licensor, other than the European Commission, has no residence or registered office inside a European Union country.

Appendix

“Compatible Licences” according to article 5 EUPL are:

- GNU General Public License (GNU GPL) v. 2
- Open Software License (OSL) v. 2.1, v. 3.0
- Common Public License v. 1.0
- Eclipse Public License v. 1.0
- Cecill v. 2.0

14) Acknowledgements

 
User Contributions
Many people have found the time to send us messages, both supportive and critical alike. These have helped to improve the programme's accuracy and usability. Bug reports are particularly welcome and many thanks to those who supplied information when we were unable to reproduce certain bugs on our systems.

The following individuals have contributed translations of the user interface:

Chinese (Traditional) by Minson

Czech by Karel Michal

Danish by Rasmus Bertelsen

Dutch by Ivan Laponder

Finnish by Rami Aalto

French by Fabrice Cherrier and Pages Ludovic

French (Belgium) by Pierre Bierwertz

German by Michael Klein-Reesink

Greek by George Kaub

Hebrew by Eli Ben David

Hungarian by Viktor Varga

Indonesian by Teguh Ramanal

Italian by Roberto Tresin

Japanese by Nardog

Korean by sushizang

Polish by Marek Kordiak

Portuguese by Dick Spade

Portuguese (Brazilian) by Roman Dario Cuattrin

Russian by Valeri Kruvyalis Email: vkvkvkvkvk_at_mail_dot_ru

Serbian(Latin) by Pera Konc

Slovak by Peter of SlovakSoft: www.slovaksoft.com E mail: info_at_slovaksoft_dot_com

Spanish by Juan Miguel MartíEmail: jmmarti_at_adinet_dot_com_dot_uy

Thai by Pongsathorn Sraouthai Email: pongsathorns_at_gmail_dot_com

Turkish by Nejdet Acar

Free Software

WinAudit is free software created using free software:

Application Verfier by Microsoft Corporation

ccm by Jonas Blunck

Code::Blocks by Yiannis Mandravellos and the Code::Blocks team

Cppcheck by Daniel Marjamäki and Cppcheck team

cpplint by Google Inc.

MinGW-w64 by Kai Tietz, Jonathan Yong and project members

Source Monitor by Campwood Software LLC

Visual Studio Express by Microsoft Corportation

Trademarks
WinAudit may display marques that are trademarks or service marks of their respective holders. These are reported as stored on the system. The list below includes, but is not exhaustive of, trademarks mentioned in the documentation:

3D Now!, Athlon, Duron, Opteron, Sempron and Turion are trademarks of Advanced Micro Devices.

Active directory, ActiveX, Microsoft, Windows, Windows NT, Outlook, Visual FoxPro and Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

Ethernet is a trademark of XEROX Corporation

FireWire is a trademark of Apple Computer, Inc.

Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

MySQL is a trademark of Oracle Corporation in the United States and other countries.

Oracle is a trademark of Oracle Corporation.

SuperDisk is a trademark of Imation Enterprises Corporation.

USB is a trademark of Universal Serial Bus Implementers Forum, Inc.

©Copyright 2003-2014 Parmavex Services, all rights reserved.

WinAudit Documentation

WinAudit comes with its documentation. To view the help, on the menu bar, select Help -> Using WinAudit.

For the latest unstable version download   WinAudit v3.0.33

For the latest 64-bit unstable version download WinAudit64 v3.0.31

1) Introduction

WinAudit is a free software utility that collects information about Windows® based personal computers. The programme is a single file that requires no installation. WinAudit is designed to produce a comprehensive audit with virtually no effort in a few seconds. You can save the output in web page, rich text and comma separated formats. Exporting to popular database is supported. WinAudit can be run at the command line allowing you to automate your data gathering.

2) What's New

Version 3.0.8

Bug Fix: Missing Automatic Updates in SQL report (thanks RedErik)

Version 3.0

Bug Fix: Monitor detection bug (thanks Jiri S.)
Bug Fix: Missing Windows product ID on some systems (thanks Jiri S.)
Bug Fix: ISO8601 conformat timestamps for SQL Server (thanks Miroslav P.)
Added: IP Routing table (thanks James R. for suggestion).
Dropped: Support for Windows version prior to XP.
Dropped: Printing.
Dropped: Export data to Oracle™ database.
Dropped: Save report in chm, pdf and formatted text and xml formats.
Dropped: The lengthy tasks of finding files and listing system files.
Changed: Command line options.
Added: OLE DB Drivers.
Added: Timestamps in the command line (thanks Aaron J. for suggestion and testing).
Added: Support for PostgreSQL (thanks Lukasz Dargiewicz for suggestion and testing).
Bug Fix: Missing manufacturer name in data posted to database (thanks Aaron J.)
Bug Fix: Output file path truncation at full stop (thanks Ken C.).
Added: Additional security related policies and settings.
Added: Detect software installed by the current user.
Bug Fix: Missing data for executables in XML output of (thanks Satu K.).
Bug Fix: Invalid characters in XML output (thanks Satu K.).

Version 2.29
Change: On XP and newer the Maximum Swap File is the system wide value.
Added: Display resolution in pixels.
Bug Fix: Missing processor information (thanks Perry M.).
Bug Fix: Incorrect processor counts (thanks Stuart).
Change: List physical rather than logical processors.
Bug Fix: Updated list of Windows Editions (thanks Trevor L.).
Bug Fix: Missing logon statistics in XML output (thanks Volker S.).
Bug Fix: Incorrect characters in hard drive serial number (thanks Stephen R.).
Bug Fix: Typo 'Communication' in the database table Display_Names (thanks Eric O.).
Bug Fix: Failure when creating SQL Server 2000 database (thanks Fabien M.).
Bug Fix: Missing error log data when run from command line (thanks Trevor D.).
Bug Fix: SQL Server database now created in auto-commit mode (thanks Greg H.).
Bug Fix: Missing SMBIOS information (thanks Christophe M.).
Bug Fix: Duplicated number of bits in operating system name (thanks Christophe M.).

Version 2.28
Finnish translation of the user interface contributed by Rami Aalto.
Bug Fix: Missing printer information in XML output (thanks Joao G.).
Added: The Operating System's bit size.
Bug Fix: Incomplete image names for HTML pages(thanks Steven F.).
Bug Fix: Missing serial number on some systems (thanks Brian G. and Tom H.).
Bug Fix: Removed duplicate software titles (thanks David R.).
Added: Find non-Windows executables.
Added: The operating system's installation language.
Added: User logon statistics.
Added: Software metering.
Added: Open Database Connectivity drivers and source names.
Added: Tabular format for export of audit to a database.
Bug Fix: Hard drive information missing on some systems (thanks Ismael S.).
Added: Added account name and file path to the Services category.
Bug Fix: System Management BIOS missing on some systems (thanks Ismael S.).
Updated: French (Belgium) translation of the user interface by Pierre Bierwertz.
Change: Some network data items now require Windows 2000 with Service Pack 4.
Updated: Turkish translation of the user interface by Nejdet Acar.
Bug Fix: Mal-formed XML output of binary data (thanks Josh K.).
Added: Command line switch to specify the maximum event log entries to be reported.
Change: Horizontal page breaks for PDF, Preview and Printing.
Change: Report only unique messages from system error logs.

Version 2.27
Traditional Chinese translation of the user interface contributed by Minson (Unicode only).
Bug Fix: Incorrect version of Spybot reported under certain conditions.

Version 2.26
Danish translation of the user interface contributed by Rasmus Bertelsen.
Slovak translation of the user interface contributed by SlovakSoft (Peter).
Updated: Korean translation (sushizang).

Version 2.25
Japanese translation of the user interface contributed by Nardog (Unicode only).
Bug Fix: Missing hard drive details (thanks Stephen R.).

Version 2.24
Thai translation of the user interface contributed by Pongsathorn Sraouthai.
Added: Security permissions on shared folders and printers (NT4+)
Added: Identification of multiple displays.
Change: Restructured the category Installed Software.
Change: Removed the Last Access Time of a file in the category Find Files.
Checked: Windows® Server 2008 Beta.

Version 2.23
Korean translation of the user interface contributed by sushizang (Unicode only).
Added: When a file was last accessed in the category Find Files.
Bug Fix: Incorrect command line timeout of 1 minute (thanks James B.).

Version 2.22
Updated: Russian translation of the user interface contributed by Valeri Kruvyalis.
Bug Fix: Programme crash in Installed Software step on Vista™ (thanks to many).
Bug Fix: Start-up failure with the message 'Failed to set a property' (thanks Clever M.).
Bug Fix: Document font style error (italic/bold).
Updated: Detection of product identifiers in Software Licenses section.
Change: Name changes consistent with the Common Information Model specification.
Updated: Specification updates and minor changes to System Management BIOS.
Change: Timeout on listing of updates via the Windows® Update Agent.
Typo: Fixed error on PDF dialog (thanks Hug).

Version 2.21
Portuguese (Brazilian) translation of the user interface contributed by Roman Dario Cuattrin.
Updated: Portuguese translation of the user interface contributed by Dick Spade.
Hebrew: Fixes for right-to-left word ordering.

Version 2.20
Hebrew translation of the user interface contributed by Eli Ben David.
Greek translation of the user interface contributed by George Kaub.
Added: Bi-Directional user interface.
Bug Fix: Bad font name results in empty PDF pages, print preview failure and permanently hidden menu bar (thanks Timo A.).

Version 2.19
French (Belgium) translation of the user interface contributed by Pierre Bierwertz.
Re-instate: Hard disk details in non-administrator mode on Windows® NT4, 2000 & XP.
Added: ANSI version runs in the pre-installation environment.
Bug Fix: Display capabilities missing when Extended Display Identification Data is unavailable.
Change: Report domain membership in preference to authenticating domain (Windows® 95, 98 & Me).

Version 2.18
Polish translation of the user interface contributed by Marek Kordiak.
Rollback: Incorrect build procedure causing crashes and aborts (thanks Jac H./Earnie D.).
Bug Fix: Potentially invalid XML document if unable to obtain Update Agent data.
Added: Export data to Microsoft® Access 2007 and Firebird® 2.0 databases.
Added: Report the computer's dynamic site name.
Bug Fix: Missing network information on certain systems.

Version 2.17
Bug Fix: Incorrect hard drive information (thanks I. Stern!).
Database: Export at command line via a DSN-Less connection.
Added: Display adapter/graphics card information.
Added: Printer driver details.
Added: Environment variables.
Added: Selected Regional Settings.
Bug Fix: Command line ODBC error (introduced in v2.16).
Bug Fix: Missing data when there are many items (introduced in v2.16).

Version 2.16
Indonesian translation of the user interface contributed by Teguh Ramanal.
Vista™: Implement/fix software usage, system restore and WMI authorisation.
Added: Database export via machine independent data sources (File DSN).
Added: Support for Remote Desktop/Terminal Services environment.
Added: Support for the pre-installation environment (Unicode version).
Accessibility: Visually impaired colour scheme behaviour.
Added: Popular anti-spyware software to the Security category.
Added: Display identification to the Display Characteristics category.

Version 2.15
Serbian(Latin) translation of the user interface contributed by Pera Konc.
Vista™ ready (provisional). This operating system is being developed.
Detect Internet Explorer® 7 and Windows® Mail.
Support for Task Scheduler 2.0 .
Windows Update Agent information added to Installed Software.
Save output in compiled html (chm) format.
Bug Fix: Incorrect line colour in normal contrast mode.

Version 2.14
Save output using Media Access Control (MAC) Address.
User interface improvements.
Change: Html output in command line mode is now saved as frames.
Update: Turkish translation.

Version 2.13
Turkish translation of the user interface contributed by Nejdet Acar.
French translation of the user interface contributed by Fabrice Cherrier and Pages Ludovic.
Bug Fix: Replaced Non-ASCII characters in URI attribute of FRAME tag in html document.

Version 2.12
Hungarian translation of the user interface contributed by Viktor Varga.
User interface visual and presentational style changes.
HTML copy, bitmap compression and PNG format for images.
Scaleable fonts for PDF document.
Set translation language on command line.

Version 2.11
Dutch translation of the user interface contributed by Ivan Laponder.
Additional system wide and user account password information.
Save report in XML format with associated xml-to-html style sheet.
Disk and memory usage image filenames use the computer's name as a prefix.

Version 2.10
Russian translation of the user interface contributed by Valeri Kruvyalis.
Improved handling of non-Latin characters.
Added a facility to save diagnostic disk and storage information.
Bug Fix: Incorrect and/or duplicate disk information on certain multi-disk systems.
New Features in Version 2.09
German translation of the user interface contributed by Michael Klein-Reesink.
New Features in Version 2.08.2
Bug Fix: Missing network shares on some operating systems.
Added site name to the System Overview section.
Added discovery of 'Media Edition' for Windows® XP.
Added computer description to the System Overview section.
System restore points displayed in descending sequence of creation.

Version 2.08
Portuguese translation of the user interface contributed by Dick Spade.

Version 2.07
Czech translation of the user interface contributed by Karel Michal.
Changes: A few data item names have been modified.
Bug Fix: Missing uptime statistics in CSV output.
Bug Fix: Missing user accounts on some operating systems.

Version 2.06.x
Minor updates and bug fixes:
- Security: added programmes permitted to execute data.
- Security: added dates of system restore points.
- PDF: added bookmarks to document.
- Database: improved concurrency.
- Bugs: fixes for PDF permissions and processor numbering.

Version 2.06
Italian translation of the user interface contributed by Roberto Tresin.

Version 2.05
Added a facility to log audit messages and activity.
Added a facility for user friendly message in command line mode.
Fixed wide/international character bugs.

Version 2.04
Added processor APIC physical identification, logical count and number of cores.
Added detection of Windows® 2003 Server R2.
Added a facility to save raw processor data (CPUID) to a text file.
Corrected a System Management BIOS bug.

Version 2.03
Export report to Microsoft® SQL Server 2005 database.

Version 2.02
Added command line timeout option.

Version 2.01
Spanish translation of the user interface contributed by Juan Miguel Martí.

Version 2.0
This version of WinAudit is a significant improvement upon earlier releases. The programme reports on virtually every important aspect of computer inventory, configuration and operation. WinAudit displays results in web-page format, categorised for ease of viewing and text searching. Whether your interest is in software compliance, technical support, security or just plain curiosity, WinAudit has it all. The programme now has advanced features such as service tag detection, hard-drive failure diagnosis, network port to process mapping, network connection speed, system availability statistics as well as Windows® update and firewall settings. WinAudit is able to export audits to enterprise level databases such as Oracle®, SQL Server® and Firebird®. The programme auto-detects transaction capabilities to optimise record insertion and can be used in bulk insertion mode where concurrency and network traffic issues are important. Server side time stamping and logon authentication ensures that you have an audit trail of every audit posted to the database.
- Software licenses, usage and Windows® Installer data.
- Operating system details.
- Security settings, audit logs, open ports and updates.
- Groups and user accounts.
- Windows® networking details.
- Hardware devices and their state.
- System Management BIOS information.
- Extensive processor information.
- Physical disk detection.
- Information on services.
- List of loaded modules.
- File searching.
- Save report in portable document format.
- Enhanced printing and document previewing.
- Database export to Oracle® and SQLite.

Version 1.3
Added e-mail support.
Added BIOS information.
Additional drive information.

Version 1.2.4
Minor change to command line support.
Minor changes to help documentation.

Version 1.2.3
Included export of audit report to dBase™ and Firebird® databases.

Version 1.2.2
WinAudit issued under Freeware license.
Executable Compression by UPX.

Version 1.2.1
Minor ODBC bug fix on Windows® 98.

Version 1.2
Added ODBC database support.
Added XML support.
Added command line support.
Improvements to user interface.

Version 1.1
Overall improvements in performance.
Minor bug fixes.

Version 1.0
Initial release.

3) Install/Remove WinAudit

3.1) System Requirements
WinAudit runs on the Windows® operating system and requires XP or newer.

3.2) Installing WinAudit
WinAudit is 'ready to run'. It has been designed so that you do not need to go through a setup procedure. The programme neither installs files onto the computer nor modifies the system registry. WinAudit is a well-behaved auditing programme in the sense that it attempts not to alter the computer it is examining.
Tip: to create a shortcut on your computer's desktop select: File + Desktop Shortcut

3.3) Removing WinAudit
Because WinAudit did not install any files onto the computer, there is no un-install procedure. Delete the programme file WinAudit.exe and possibly WinAudit.ini that may have been created. If you created a desktop shortcut, you should delete that as well.

4) Frequently Asked Questions

Q1: How Much Does WinAudit Cost?
WinAudit is freeware, which means that it comes at no cost whatsoever. You may make as many verbatim copies of the programme as you desire and distribute them to anyone. Under no circumstances are you allowed to charge for the software itself. Parmavex Services retains the right to change its licensing policy for future releases of the programme.

Q2: Can I Send You a Message?
Send a message to winaudit_at_parmavex_dot_co_dot_uk. Be sure to include WinAudit in the subject otherwise it will be automatically deleted. We receive a lot of e-mail concerning WinAudit, so we tend to prioritise messages. Reported bugs and programme misbehaviours will receive our highest attention. Requests for feature additions or clarification of the report will generally get a prompt reply.

Q3: I Did Not Receive a Reply to My E-mail
To get a prompt reply be sure to send your message to winaudit_at_parmavex _dot_co_dot_uk and include WinAudit in the subject. If you did that, re-send your message as it may have been inadvertently deleted along with the daily dose of spam.
Parmavex Services automatically rejects email with suspect content or originating from mail servers known to send unsolicited e-mail. In general, neither you nor us will receive notification that this has happened. Some Internet providers, in an effort to reduce spam, are using 'white lists', that is they will only accept e-mail from people who have manually registered themselves on their list. Consequently, your Internet provider may block our reply to you.

Q4: When Is The Next Update Due?
We do not have a schedule of regular updates. Improvements are made on an ad-hoc basis depending on the time available and requests from users. In general, if a bug is found this is corrected as quickly as possible. We do not keep mailing lists or send e-mail alerts. If you are interested in programme updates you should check our website.

Q5: Can I Audit a Remote Computer?
No, for security and performance reasons WinAudit has been specifically designed not to audit a remote/networked computer. The programme's small size, no setup and Freeware license means that you can readily copy it to a networked computer. The programme can be executed in batch or user mode and reports obtained by means of a network save, database export or e-mail. Alternatively, run the programme in the remote desktop environment.

Q6: Why Does WinAudit Show IP Address 0.0.0.0?
Most probably, you are connected to the Internet via a dial up connection. Developing a robust method for determining the IP address while using a modem is problematic. Also, for computers configured to obtain a dynamic address from a DHCP server, this value may be 0.0.0.0 and the item DHCP IP Address will show the leased address in use.

Q7: Hey, That's Not Correct!
WinAudit reports information as found on your computer. If the original data is incorrect or missing, the report will simply reflect that. Some types of information, such as System Management, are known to be error prone. Further, if the operating system does not support certain functionality or forbids it, the programme cannot report it. If you are in doubt about something in the audit report send it to your IT support person for an opinion. If you think you have discovered a bug in the programme you can send us a message to winaudit_at_parmavex_dot_co_dot_uk.

Q8: A Software Product ID Is Not Shown
Guidelines exist for where software vendors should store their product information. Most vendors follow these but it is not a requirement. WinAudit looks in these recommended places and other specific locations used by popular software. If, for some reason, the software vendor has not followed the guidelines, changed their habitual storage location or simply chosen to store the information in some proprietary manner WinAudit will not be able report on it.

Q9: Does WinAudit Show Installation Keys?
No. WinAudit shows Product IDs, these are not installation keys. Typically, the product ID is presented to you during installation of the software. It is often found on the 'Help + About' box and is used to register the software. Installation keys are those that are found on original packaging, software certificates or license agreements. WinAudit does not attempt to recover lost installation keys.

Q10: Can WinAudit Search for Files?
No. That feature has been removed as it usually results in very lengthy run times.

5) Auditing Your Computer

Start Windows® Explorer and go to the folder where you saved WinAudit.exe, double-click on the programme to start it. Normally, the programme will automatically begin collecting data. If not, click the Audit button on the toolbar.

WinAudit can generate copious amounts of information that is of interest only to the specialist user. To tailor the audit report's content, on menu select View + Audit Options and check the boxes that interest you. Next, click Apply to start auditing your computer.

System Overview
The computer's identification, asset/service tags and an overview of its resources.

Installed Software
Itemised list of installed software, licenses, usage etc.

Operating System
Name, registration and version details.

Peripherals
Lists standard peripherals as well as network printers for which connection information is stored locally. WinAudit does not interrogate remote/networked peripherals.

Security
Entries from the security log, open ports, important security settings as well as software and updates.

Groups and Users
Groups and user accounts. Includes details on policies, password ages etc.

Scheduled Tasks
Lists the programmes set to run at scheduled intervals.

Uptime Statistics
Statistics based on system availability, start-ups and shutdowns.

Error Logs
Errors posted by the operating system, services and applications to system log files.

Environment Variables
The environment variables used for running process.

Regional Settings
Date, time and currency settings used by the current user.

Windows Network
Details of connected sessions, files in use and shared resources.

Network TCP/IP
Shows adapter names, IP addresses and other network related parameters.

Hardware Devices
A list of devices in and attached to the computer.

Display Capabilities
A summary of the displays characteristics and supported features.

Display Adapters
A list of the computer's display adapters, also known as graphics cards.

Installed Printers
Locally installed printers, network printers are ignored by design.

BIOS Version
System and video identification and dates.

System Management
Extensive information ranging from chassis to system slots to memory devices.

Processors
Name, speed, instructions, cache etc.

Memory
RAM and swap file usage.

Physical Disks
Disk detection showing capacity, manufacturer, serial number etc.

Drives
Details of usage and geometry. Network drives are ignored by design.

Communication Ports
Parallel and serial ports for peripherals.

Startup Programs
Itemised list of automatically started programmes .

Services
Itemized list of installed services

Running Programs
List of programmes currently in use with a brief description and memory usage.

ODBC Information
The Open Database Connectivity drivers and data source names found on the computer.

OLE DB Drivers
The OLE DB drivers installed on the computer.

Software Metering
Shows a list of programs that have been used and how often.

User Logon Statistics
Shows summary statistics of the users that have logged on to the computer.

6) Audit Report

6.1) System Overview

This category gives an overall summary of the computer's identification and resources.

Computer Name
The name that identifies the computer on a network. Names are usually in upper case and unique on a given network.

Domain Name
The domain or workgroup, if any, to which the computer belongs. A domain is a set of computers that has access to a centralised database of user account and other information.

Site Name
The site or location of the computer. This is Active Directory® functionality and requires. By design, only the local computer is interrogated for this information. If a dynamic site name can be discovered it will be reported in preference to a static name.

Roles
The services or functions that the computer fulfils such as Workstation, Server, Primary Domain Controller etc.

Description
An administrative description or comment about the computer.

Operating System
Combined description of the operating system using its name and edition or release.

Manufacturer
The system or chassis manufacturer as recorded in the BIOS.

Model
The model of the computer. This is the “Product Name” designated by the manufacturer in the BIOS.

Serial Number
The system or chassis serial number as recorded in the BIOS. Sometimes referred to as the service tag.

Asset Tag
The asset tag number as recorded in the BIOS.

Number of Processors
The number of physical processor packages detected.

Processor
Combined description using its name and speed. The name is obtained from the processor itself or is resolved from its signature and physical characteristics. Speed in is MHz and is either estimated over a number of processor cycles or taken from the registry. On multi-processor systems, only data for the first one is shown.

Total Memory
Amount of installed random access memory in MB. WinAudit adopts the most widely used convention that 1MB = 1024*1024 bytes = 1,048,576 bytes.

Total Hard Drive
Sum of the capacities of all local hard drives, commonly expressed in GB.

Display
A description of the display such as its size.

BIOS Version
The version of the system BIOS as reported in the system registry.

User Account
The name of the user logged onto the system.

System Uptime
The length of time since the system was turned on (booted).

Local Time
The date and time in YYYY-MM-DD HH:MM:SS format of the computer's local time.

6.2) Installed Software

This section shows the software installed on the computer. Installation usually involves some form of setup procedure. It may have occurred manually or automatically and may have used a generic installation programme or the one provided by the Windows® operating system. Because different software publishers adopt different procedures when installing software, WinAudit searches in several places to discover the information. Software that has simply been copied onto a machine (e.g. WinAudit) has not been installed, so it will not appear in the list. Necessarily, software that masks its presence will not be found.

Active Setup Software

This section shows Active Setup software components. Active Setup is a method of downloading software to keep applications up-to-date. This normally happens when a user visits a software vendor's website. The components themselves often form part of a larger software application.

Name
The name of the software component.

Version
The version of the software component.

Installed
Indicates if the software is installed. Normally this item is 'Yes' or 'No'. However, if the software component has not registered its installation status this data item will be blank.

Installed Programs

This section shows software installed on to the computer using a setup programme. The amount of and how this information is stored during setup is at the publisher's discretion. In general, most publishers do not record the install date or version in a standard way. Where possible software usage data is also shown.

Software usage data presented in this is read from the operating system's so-called Add/Remove Programs cache. This data is of low quality hence it should be used with caution.

Name
The name of the software typically as recorded in the system registry.

Vendor
The publisher or manufacturer of the software.

Version
The version of the software, if any, This information is supplied at the discretion of the software vendor. Only a minority choose to record this in a standard machine-readable format.

Product Language
The language of the software, expressed in English e.g. Greek.

Install Date
The date on which the software was installed. Note, the recommended guidelines for installing software do not make provision for recording this date. If present, it usually takes a YYYYMMDD form, i.e. a four digit year followed by a two digit month then a two digit day. For example, 20050630 would be June 30, 2005. Other formats are not uncommon.

Install Location
The location of the installed software.

Install Source
The location from where the software was installed.

Install State
The state of the software e.g. Installed or Absent. Requires that the software was installed using Windows® Installer.

Assignment Type
The visibility of the software on the computer, either Per Machine or Per User. In the former case this means that the software is installed or advertised for use by all user accounts on the machine. Requires that the software was installed using Windows® Installer.

Package Code
The identifier of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Package Name
The name of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Local Package
Where the package is stored locally, from which the software was installed. Requires that the software was installed using Windows® Installer.

Product ID
The product identifier of the installed software. WinAudit shows product identifiers, not installation keys.

Registered Company
The company registered to use the software. Requires that the software was installed using Windows® Installer.

Registered Owner
The owner registered to use the software. Requires that the software was installed using Windows® Installer.

Times Used
The number of times the software has been used during the last 30 days. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Last Used
The date on which the software was last used formatted according to the user' settings. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Executable Path
The location of the executable file used for determining how often the software is being used as described above.

Executable Version
The file's version number. This data, if present, was embedded in the file when it was created by its vendor.

Executable Description
A description of the functionality the file provides. This data, if present, was embedded in the file when it was created by its vendor. Requires Windows® 2000 or newer.

Software ID
The identifier for the software, typically the name of a registry key.

Software Updates

This section shows the updates installed on the computer. Other installation event types, such as failures, are ignored. Both operating system and software application updates are presented here. Note, the operating system can be reported as an update if it has been itself upgraded, e.g. Windows® 98 to Window® XP.

Update ID
The identifier of the update, not necessarily unique. Typically a Knowledge Base (KB) number but can be in any format.

Installed On
The date the update was installed. If possible dates are presented in ISO format (YYYYMMDD).

Description
A description of the update as specified by the publisher.

6.3) Operating System

Administrative and compliance details concerning the operating system.

Name
The name of the operating system. e.g. 2008.

Edition
The edition, also known as the release, specifies the variation of the operating system. For example, Home Edition, Professional Edition or Enterprise Edition. Note, there many editions and WinAudit has not been, nor is ever likely to be validated on all possible name-edition combinations of the Microsoft® Windows® operating systems.
A computer that has had the Small Business Edition of the operating system installed will continue to identify itself as such, even if it has been upgraded to another edition such as Standard or Enterprise.

Install Date
The operating system installation date formatted according to the user's settings.

Registered Owner
The person to whom the operating system is registered as recorded in the system registry.

Registered Organization
The organization to which the operating system is registered as recorded in the system registry.

Product ID
The Product ID of the operating system. Note, the product ID is not the same as the installation key.

Major Version Number
The major version of the operating system.

Minor Version Number
The minor version of the operating system.

Build Number
A number to identify the version of the operating system as it is being developed, e.g. 2600.

Service Pack
Description of the service pack or Corrective Service Diskette (CSD) installed on the computer, e.g. Service Pack 3.

Service Pack Version
The version of the service pack expressed as a 'major.minor' string, e.g. 3.0 .

Plus! Version Number
The Plus! version number as recorded in the system registry.

DirectX® Version
The version of DirectX® installed on the computer. This application is comprised of several components such as DirectDraw® and DirectSound®. The version number shown refers to the overall DirectX installation. Individual component versions may be shown in the Active Setup and Windows Installer sections. In some cases, a system library file version may be shown.

Windows Directory
The directory that contains the operating system's applications, help files and other information.

System Directory
The directory containing the files required by the operating system, hardware and software applications.

Temporary Directory
The current user’s directory used for temporary storage of files and data.

Operating System Language
The installation language of the operating system.

Number of Bits
The bit size of operating system, e.g. 32 or 64.

6.4) Peripherals

This section lists the common types of peripherals attached to or installed on the computer.

Name
The name or type of peripheral. WinAudit reports the following common ones: mouse, keyboard, display, local and remote printers, mapped drives and if a network is installed.

Description
A description appropriate to the peripheral in question. For example, if a mouse is installed the number of buttons is shown as well as if those buttons are reversed. By design, WinAudit does not directly interrogate networked resources such as printers and mapped drives. Instead, it reports locally stored information concerning previous connections made to networked resources. This is a performance consideration, if the network is down or if a resource no longer exists then the programme would have to wait for a network time out (typically 30 seconds per resource).

6.5) Security

This section shows details relevant to the secure operation of the computer. WinAudit discovers various types of data and groups these according to functionality. Computer security is a large area and the content of the report emphasises those that are of key interest. Not all information is available on all versions of Windows® and in a few cases, administrator level privileges are required to report certain items detailed below.

Kerberos Policy
The currently defined Kerberos policy. Administrator privileges are required to view this information.

Enforce user logon restrictions
Validate every request for a session ticket against the user rights policy of the user account.

Maximum lifetime for service ticket
The maximum time that a granted session ticket can be used to access a particular service.

Maximum lifetime for user ticket
The maximum time that a user's ticket-granting ticket (TGT) may be used.

Maximum lifetime for user ticket renewal
The time during which a user's ticket-granting ticket (TGT) may be renewed.

Maximum tolerance for computer clock synchronization
The maximum time difference that Kerberos tolerates between the time on the client clock and the time on the domain controller that provides Kerberos authentication.

Kerberos Tickets

The list of Kerberos tickets currently in use by the logged on user. Administrator privileges are required to view this information.

Server Name
The name of the server the ticket applies to.

Realm Name
The name of the realm the ticket applies to.

Start Time
The time at which the ticket becomes valid. This data point is optional and is formatted to UTC in the user's locale.

End Time
The time when the ticket expires formatted to UTC in the user's locale.

Renew Time
If shown it is the time beyond which the ticket cannot be renewed. Formatted to UTC in the user's locale.

Encryption Type
Description or a defined constant of the encryption used in the ticket.

Ticket Flags
The properties of the ticket. This may be a combination of any or none of Forwardable, Forwarded, HW authent, Initial, Invalid, May postdate, OK as delegate, Postdated, Pre authent, Proxiable,Proxy and Renewable.

Network Time Protocol

The current settings for Network Time Protocol.

Name
The name of the setting.

Setting
Value as taken directly from the system registry at HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

Printer Permissions

This section shows the security on the installed printers. For each printer is displayed is a list of trustees. For each trustee is displayed a list of permissions. The same trustee may occur multiple times. The trustees, hence the permissions, are reported in the same order that the operating system uses when its determines a trustee’s access.

Name
The name of the printer to which the permission applies.

Object Type
The Windows® operating system maintains many types of objects on which permissions can be applied. In this context, the securable object is 'Printer'.

Trustee
The account on which permissions have been set. This is usually a group name but can be specia lname such as CREATOR OWNER. In some instances, for example if the trustee account has been deleted a string representation will be reported. This begins with S and is followed by a sequence of digits and hyphens such as S-1-2-32-544. This particular string is the default Administrators group (BUILTIN\ADMINISTRATORS)that was created when Windows was installed. For objects with no security the term 'No Trustee' will be shown.

ACE Type
ACE is an abbreviation of Access Control Entry, i.e. a set of permission for a given trustee. The type reported is usually Allow or Deny.

Permissions
A list of permissions that apply to the Trustee. For example, if the trustee is Guests, the ACE type is Allow and this list contains Print then Guests would be able to print. Typically the permissions are shown as common English Language words however, upper case strings may be reported. Their interpretation is Object Type dependent.

ACE Flags
A list that enumerated the behaviour of this permission set. The interpretation of this list is Object Type dependent but typically it describes how the permissions relate its parent and/or children.

Access Mask
A binary representation of the permissions that have been set on the trustee. This is 32 characters long with the least significant bit to the right. A one (1) indicates a permission is set. The exact meaning of each permissions Object Type dependent. This is the raw data from which the Permissions list is created.

Owner
The owner of the printer. This is at the securable object level, in other words it is the same for all trustees.

Registry Security Values

A list of security related values read directly from the registry. The values displayed are drawn from those typically reported by Microsoft's secedit.exe.

Subkey
The trailing part of the registry subkey as shown in bold below, their full paths are:
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled
HKLM\Software\Microsoft\Driver Signing\Policy
HKLM\System\CurrentControlSet\Services\Eventlog\Application\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Security\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\System\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Application\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Security\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\System\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Application\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\Security\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\System\MaxSize
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
HKLM\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
HKLM\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
HKLM\System\CurrentControlSet\Control\Lsa\DisableDomainCreds
HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
HKLM\System\CurrentControlSet\Control\Lsa\ForceGuest
HKLM\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing
HKLM\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
HKLM\System\CurrentControlSet\Control\Lsa\NoLMHash
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
HKLM\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
HKLM\System\CurrentControlSet\Control\Session Manager\ProtectionMode
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\optional
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine

Setting
The corresponding value found at the subkey, formatted as a string.

Security Log
The operating system can be configured to keep an audit log of security related operations. WinAudit examines this log and extracts those entries identified as audit failures. These entries generally arise when an operation is attempted and permission is denied. An example would be trying to read a file for which a user does not have sufficient privileges. The audit log can grow quite large, so only the twenty five (25) most recent unique entries are shown. Entries are reported in reverse chronological order with duplicates being ignored. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.
Source Name
The name of the programme which generated the audit entry.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

Security Settings
This section shows various configuration settings that are related to computer security.

Item
The type of application, configuration, service or policy to which the information pertains. One of Accounts, Account Lockout Policy, AutoLogon, Automatic Updates, Audit Policy, Execute Data, Internet Explorer, Network Access, Network Security, Password Policy or Screen Saver.

Name
The name of the configuration item.

Setting
The value of the configuration item. The value reported necessarily depends on the type of data. For example if the type is AutoLogon then the value will be either Yes or No to signify that this feature is enabled or disabled respectively.
Accounts: Shows the status and names of the built-in 'Administrator' and 'Guest' accounts.
Account Lockout Policy: Shows the account lockout policy.
AutoLogon: If enabled, at computer startup the logon screen is not shown and the logon takes place automatically using a domain/username/password combination stored in plain text in the registry.
Automatic Updates: Shows if Windows® is configured to perform scheduled downloads of updates. The periodicity of the schedule is shown. Requires at least Windows® 2000 with Service Pack 3 or newer.
Audit Policy: Shows the audit policy for the event security log.
Execute Data: Shows the programmes that are allowed to execute data. Data execution prevention is a processor-based feature that monitors programmes. It is available on Windows® XP with Service Pack 2 and Windows®2003 with Service Pack 1. The programmes listed in this section have been given permission to by-pass this security check thereby giving them access to normally protected areas of memory.
Network Access: Shows if anonymous users can translate Security Identifiers to account names.
Network Security: Shows settings from the Security Options section of Local Computer Policy.
Password Policy: Shows the password policy.
Screen Saver: Applies to the logged on user. Shows if enabled, the timeout and if it is password protected. On newer versions of Windows® local screen saver settings can be overridden by group wide policies.

System Restore

Sequence
The order in which the restore point was created. The first one is the most recent, regardless of the time setting of the computer's clock.

Creation Time
The time and date when the state of the system was saved. WinAudit attempts to display this date in yyyy-mm-dd hh:mm:ss format. It is the time of the computer's clock.

Description
A description of this particular restore point.

User Privileges

This section shows the privileges of the logged on user.

Privilege Name
The programme attempts to translate the privileges as understood by the operating system into a human readable form. On some systems, no translation may be available therefore, WinAudit presents the privilege's raw name. It will start with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

User Rights Assignment

The rights and privileges granted to accounts as specified in the User Rights Assignment section of the Local Computer Policy. Administrative level privileges are required to discover security related data.

Policy
The name or description of the right or privilege granted.

Security Setting
A comma separated list of grantees. If no name could be resolved, the Security Identifier will be displayed.

Windows® Firewall

Name
The name of an aspect of the firewall. One of Firewall Enabled, Authorised Application, Authorised Service or Authorised Port.

Setting
A description of a setting appropriate to the item in question. For example, Firewall Enabled might be Yes or No.
Firewall Enabled: Shows the state of the firewall, either Yes, No or Unknown.
Authorised Application: The name of an application that has been authorised to connect to a remote computer through the firewall. An example is Outlook Express.
Authorised Service: The name of a service that has been authorised to listen and accept incoming connections through the firewall. An example is File and Printer Sharing.
Authorised Port: A port that is authorised to be opened and to allow data to flow through it. The format is protocol:port_number:remote_address where the protocol is either TCP or UDP. If the remote address is an asterisk then the port can connect to any host. An example is TCP:80:*.

6.6) Groups and Users

This section enumerates the local groups, global groups and user accounts on the computer. By design, no attempt is made to discover account information held on remote computers. Administrator or Account Operator privileges are required to report on local groups. The distribution/mailing type groups as used by Active directory® are not enumerated.

6.6.1) Groups
The membership and permissions are shown for each local group. A local group is a set of users who have common permissions on the local computer. For security reasons, Administrator or Account Operator privileges are required to discover this information.
Group Type
Either a local or global group.

Group Name
The name of the group

Comment
Free formatted string typically entered by the system administrator.

 
6.6.2) Group Members

Group Name
The name of the group.

Member Name
The member name.

 
6.6.3) Group Policy

An enumeration of the policy privileges accorded to the group.

Group Name
The name of the group.

Privilege Name
The privilege name granted to the group. This starts with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

 
6.6.4) Users

A listing of the user accounts held on the system. Depending on the version of the operating system and the security policy in effect, some account information is securable and may require administrator privileges to view.

User Account
The user's name for this account.

Full Name
The full name of the user who uses the account.

Description
A description or comment of the user's account.

Account Status
The status of the account such as enabled, disable or locked.

Local Groups
A list of local groups to which this account belongs.

Global Groups
A list of global groups to which this account belongs.

Last Logon
The last time the user logged on. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Last Logoff
The last time the user logged off. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Number of Logons
The number of times the user has logged on. Information is obtained from the local machine only.

Bad Password Count
The number of times the user attempted to logged on but failed due to a bad password. Information is obtained from the local machine only.

Password Age
The age of the password, i.e. for how many days the user has been using the same logon password.

Password Expired
Indicates whether or not the user's password has expired, typically the user must supply a new one at next logon.

Account Expires
The date on which the account is due to expire. If blank, then it never expires.

6.7) Scheduled Tasks

This section enumerates the automated tasks that are scheduled to run on the computer.

Task Name
The name of the task.

Status
The current status of the task, such as ready, disabled, running etc.

Schedule
Textual description of the periodicity at which the task is scheduled to run.

Next Run Time
The next time that the task will run.

Run Command
The command(s) to perform, typically a path to an executable file or short cut. Any parameters passed to the executing programme will also be shown. On Windows® Vista this may also be an action such as 'Send e-mail'.

Maximum Run Time
The maximum time that the task is allowed to run.

Last Run Time
The time at which the task last ran.

Last Result
The result or exit code of the task when it last ran. Its interpretation is programme specific but often zero signifies success, assuming the task actually ran. Check the programme's documentation for the exact meaning of its exit codes to determine if the task ran successfully.

6.8) Uptime Statistics

This section shows information concerning the computer's availability based on records in the system's event file. As such, the reported values are dependent upon the quantity and integrity of the data in this file. If the reported period is short, the statistics may not give an accurate measure of the system's availability. Purging the event file means that no statistics can be calculated.

Data Start
The date of the earliest relevant entry in the event file. Reported values pertain subsequent to this date and are only valid for entries in strict chronological order.

System Uptime
The time elapsed since the computer was last started.

System Availability
A percentage measure of how often the computer has been powered up. Essentially, this is the total uptime divided by the time since the earliest relevant log entry.

Total Uptime
The total time that the computer was on.

Total Downtime
The total time that the computer was off.

Times Booted
A count of the number of times the computer has been turned on.

Clean Shutdowns
A count of the number of times the computer was properly shutdown.

Unexpected Shutdowns
A count of the number of times the computer was turned off abnormally, such as a power failure.

6.9) Error Logs

This section shows those errors posted by programmes into the computer's log files. These errors often require manual attention to rectify. On an NT type computer there are Application, Security and System log files. There may also be additional logs, such as Directory Service. These files can grow quite large and frequently the same errors repeat at regular intervals. To this end, only the twenty five (25) most recent unique entries are shown. These entries are reported in reverse chronological order with duplicates being ignored. Purging these logs necessarily means that no errors can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.

Source Name
The name of the programme which generated the audit entry.

Log File
The name of the event log file from which this record was taken, e.g. Application.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

6.10) Environment Variables

This section shows the defined environment variables for the current process. These are the same ones that are listed by using Set at the command prompt. For example, if a computer has a NetBIOS type name then the variable COMPUTERNAME normally maps to it.

Name
The name of the environment variable, e.g. COMPUTERNAME.

Variable Value
The value associated with the environment variable.

6.11) Regional Settings

This section shows computer specific settings that are typically associated with a particular region or culture such as time zone or language. The Windows® operating system has several such settings and an ad hoc list is presented. Omission of a particular setting does not negate its importance. Some data may be shown in the characters of the language for which it is intended. Choose a font that is appropriate to the language to view these characters.

Item
The type of regional setting. One of locale, number, currency, date or time.

Name
The name of the setting. For example, Country or Measurement System. The Language item is the user configurable setting found in Control Panel. To see the operating system's installation language refer to the Operating System section.

Setting
The value of the setting. For example, Country may be United Kingdom or the Measurement System may be Metric.

6.12) Windows® Network

This section shows the information typically associated with Windows® networking.

6.12.1) Network Files

A list of files on the computer that are being accessed by remote users. Administrator or Account Operator privileges are required to view this information.

Path
The full path to the file in use.

User Account
The user or possibly the computer that is using the file.

Locks
The number of locks the user has on the file.

Permissions
The permissions the user has on the file such as create, read and write.

6.12.2) Network Sessions

A list of remote computers and users connected to the computer.

Computer Name
The name of the remote computer that established the session.

User Account
The name of the remote user that established the session.

Connected Time
The number of minutes for which the connection has been made.

Idle Time
The number of minutes for which the connection has been idle, i.e. no network activity.

6.12.3) Network Shares
This section shows information about shared resources on the computer. For security reasons, to view the number of connections and the path, Administrator or Account Operator privileges are required.

Share Name
The name of the share. Share names that end with a dollar sign are for administrative purposes. Interprocess Process Communication shares are shown as IPC$.

Share Type
The type of resource shared, such as a disk drive or a print queue.

Connections
Number of connections to the share.

Share Path
The local path to the shared resource.

Path
The local path to the shared resource.

6.13) Network TCP/IP

This section shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration of the computer. For completeness, WinAudit reports all configurations found. For example, the Network Driver Interface Specification (NDIS) allows network cards to support multiple network protocols. Some data items such as Adapter Type require Windows Management Instrumentation (WMI) enabled.

6.13.1) Network Adapters

Adapter Number
A number to identify the adapter on systems with multiple adapters. Counting starts at 1.

Adapter Name
The name of the adapter.

DNS Host Name
The host name as specified in the Domain Name System (DNS) configuration.

DNS Servers
A list of the IP addresses of those computers used to translate domain names to IP addresses.

IP Address
The IP address of the computer. This may also be 0.0.0.0 if the network adapter obtains an address from a DHCP server, in this case refer to the DHCP IP Address for the last leased value.

IP Subnet
The mask used to determine to which subnet an IP address belongs.

Default IP Gateway
The IP address of the default gateway.

DHCP Enabled
Indicates whether DHCP is enabled.

DHCP Server
The IP address of the DHCP server.

DHCP IP Address
The IP address assigned to the computer by the server.

DHCP Lease Obtained
The timestamp, formatted in the user's settings, of when the dynamic IP address was assigned.

DHCP Lease Expires
The timestamp, formatted in the user's settings, of when the dynamic IP address assigned by the server expires.

Status Code
A numerical code indicating the status of the adapter, zero means OK. A readable description is also given. Requires the Windows Management Instrumentation service to be running.

Adapter Status
A textual description of the status code above. Requires the Windows Management Instrumentation service to be running.

Adapter Type
The type of network adapter, such as Ethernet 802.3. Requires the Windows Management Instrumentation service to be running.

MAC Address
The network adapter's Media access control address. Requires the Windows Management Instrumentation service to be running.

Connection Status
A textual description of the state of the network connection, examples are Connected and Media disconnected. Requires the Windows Management Instrumentation service to be running.

Connection Speed
The current speed setting of the network adapter in bits-per-second. The reported value is only meaningful if the adapter is in a connected state. Requires the Windows Management Instrumentation service to be running.

6.13.2) Open Ports

This section lists the network ports in use. With sufficient privileges, WinAudit maps open ports to their owning processes.

Port Protocol
The type of port, either one of Transmission Control (TCP) or User Datagram (UDP) Protocol.

Local Address
These are normally 0.0.0.0, 127.0.0.1 and any the computer uses to identify itself on the network. Some administrators adopt the form 192.168.xxx.xxx .

Local Port
The local port number.

Caption
Combined string of the Protocol, Local Address and Local Port, e.g. TCP 127.0.0.1:135

Service Name
The type of service the local port is being used for. Pertains to privileged ports only; this is optional information and it will be displayed if a suitable name can be obtained.

Remote Address
The address to which, if any, a connection been made. Applicable to TCP ports only.

Remote Port
The port number of a remote computer to which, if any, a connection been made. Applicable to TCP ports only.

Connection State
The state of the connection. WinAudit reports many different connection states however, the ones of most interest are the LISTENING and ESTABLISHED. Applicable to TCP ports only.

Process Name
The process that has opened the port. This is either the name or full path to the executable file of the process. Requires administrator privileges.

Process ID
The numerical identifier of the process that opened the port. Requires administrator privileges.

Process Description
The description, if any, of the process that opened the port. This is embedded in the executable file by its manufacturer. Requires administrator privileges.

Process Manufacturer
The manufacturer's name, if any, of the executable file that opened the port. Requires administrator privileges.

6.14) Hardware Devices

This section lists the devices installed on the computer. These are grouped by type and the list includes legacy/hidden devices. By design, WinAudit does not interrogate the devices on remote computers.

Device Type
A description of the type of device, such as keyboard and mouse. These descriptions are provided by the operating system.

Device Name
The name of the device as provided by its manufacturer.

Description
A description of the device as provided by its manufacturer.

Manufacturer
The manufacturer of the device or possibly a 'standard device'.

Location
Information about the location of the device e.g. PCI bus 0, device 19.

Driver Provider
The name of the publisher of the software driver used to control the device.

Driver Version
The version of the software driver used to control the device.

Driver Date
The publication date of the software driver used to control the device.

Status Code
A number indicating the status of the device. Sometimes called a problem number. Zero means that no problem was reported by the device driver.

Status Message
A translation of the error code above, OK means that no problem was reported. The specific translation available depends on the version of Windows® in use.

Class GUID
A globally unique identifier that specifies the type of device.

Device ID
A system wide unique identifier for the device.

6.15) Display Capabilities

This section shows data concerning the identification and supported features of displays attached to the computer. This data is specified by the manufacturer and is held in the system registry. Usually it is refreshed at boot time. Consequently, if the display is not turned on at boot time or if it is changed without a system re-boot, stale data may be presented. Errors and omissions may exist in the data. Requires a Plug and Play display supporting the Extended Display Identification Data specification (EDID) as published by Video Electronics Standards Association (VESA).

Display Number
The number of the display for which the data pertains, counting starts at 1.

Display Name
The name of the display as specified by its manufacturer.

Manufacturer
The name of the display's manufacturer or a 3-digit EISA code.

Manufacture Date
The week and year of manufacture, if known.

Serial Number
The serial number which identifies the display. This may be either a decimal number or a text string.

Product ID
An identifier formed by concatenating the manufacturer's 3-digit EISA code and the ID Product Code expressed as 4-digit number. Example: ABC1234.

Display Size
A textual description of the maximum viewable size of the display.

Display Type
A textual description of the display. Includes if it is analogue or digital and possibly its colour mode.

Supported Features
An enumeration of features supported by the display. Includes if standby, suspend and active-off power management modes are supported.

Display Resolution
The resolution of the display in pixels, e.g. 1024 x 768.

6.16) Display Adapters

This section shows details of display adapters or graphics cards in the computer. There may be some duplication of this data with that in the Hardware Devices section.

Adapter Number
A number to identify the adapter on systems with more than one installed. Counting starts at 1.

Name
The name or description of the adapter.

Adapter RAM
The amount of video memory on the adapter, expressed in MB.

Colour Depth
The configured number of colours, expressed in bits.

Vertical Resolution
The configured vertical resolution, expressed in dots per inch (dpi), typically 96dpi.

Current Refresh Rate
The configured vertical refresh rate, expressed in Hertz (Hz). Requires Windows® NT or above.

Video Processor
The name of the chip set on the adapter.

Adapter DAC Type
The type of digital to analogue converter.

Adapter ID
The manufacturer's designated name or identifier for the adapter.

BIOS
BIOS specific information about the adapter.

6.17) Installed Printers

This section shows the configuration and settings of local printers installed on the computer. For performance reasons, WinAudit does not show information about network printers.

Printer Number
A number to identify the printer on systems with more than one printer installed. Counting starts at 1.

Printer Name
The printer's name.

Share Name
The name by which this printer is known if it is a shared resource.

Port Name
The port to which the printer is assigned.

Location
An optional description of where the printer is located (user settable).

Pages Per Minute
The number of pages the printer is configured to print per minute.

Attributes
Description of properties of the printer such as if it is queued, shared etc.

Printer Status
The printer's current status such as Busy, Initializing, Paused, Printing etc.

Paper Size
The current setting of paper size.

Orientation
The current setting of paper orientation, i.e. portrait or landscape.

Print Quality
A description of the printer's quality setting usually, in Dots Per Inch (DPI).

Driver Name
The name of the software used to control the printer, typically the same name as for the printer.

Driver File
The location of the software library file that is the driver.

Driver Version
A number to indicate the version of the driver, this information is embedded in the driver file by its manufacturer.

Driver Manufacturer
The manufacturer or publisher of the driver software.

Driver Description
A description of the driver, this information is embedded in the driver file by its manufacturer.

Driver Data File
The location of the software file that contains data used by the driver.

Driver Configuration File
The location of the software library file that contains configuration data used by the driver.

6.18) BIOS Version

This section shows the system and video Basic Input/Output System (BIOS) version and dates. The BIOS is built-in software that, among other things, controls the system's hardware.

BIOS Version
The version of the system BIOS as reported in the system registry. When the computer starts, the operating system identifies the BIOS then records it in the registry for informational purposes. More comprehensive BIOS information is available in the System Management section.

Release Date
The publication date of the system BIOS as reported in the system registry.

Video BIOS Version
The version of the video BIOS as reported in the system registry.

Video BIOS Date
The publication date of the video BIOS as reported in the system registry.

6.19) System Management

This section shows the major types of information stored in the System Management BIOS, formerly referred to as the Desktop Management Interface. Note, WinAudit reports the information as stored by the manufacturer. This data often suffers from errors and omissions. As such, incorrect system information is neither indicative of a fault with WinAudit nor a problem with the computer.

6.19.1) BIOS Details

SMBIOS Version
The version expressed as 'major.minor' of the System Management BIOS (SMBIOS) specification used to describe the formatting of the information. This is not the same as the BIOS version. When applicable “0” means no and “1” means yes.

BIOS Vendor
The BIOS vendor's name.

BIOS Version
The version of the BIOS, this may be in any format the vendor has chosen.

Start Address
The memory address where the BIOS information starts.

Release Date
Publication or release date of the BIOS usually in the form mm/dd/yy or mm/dd/yyyy.

ROM Size
Size of the ROM chip holding the BIOS, expressed in KB.

BIOS Characteristics
A number indicating features that the BIOS supports.

Characteristics Ext. 1
An optional number indicating the extended features that the BIOS supports.

Characteristics Ext. 2
An optional number indicating the extended features that the BIOS supports.

System BIOS Major
The major version number of the System BIOS.

System BIOS Minor
The minor version number of the System BIOS.

Firmware Major
The major version number of the firmware.

Firmware Minor
The minor version number of the firmware.

No Characteristics
Indicates if the BIOS contains information about the features and characteristics that it supports.

ISA Support
Indicates if Industry Standard Architecture is supported.

MCA Support
Indicates if Micro Channel Architecture is supported.

EISA Support
Indicates if Extended Industry Standard Architecture is supported.

PCI Support
Indicates if Peripheral Component Interconnect is supported.

PCMCIA Support
Indicates if Personal Computer Memory Card International Association is supported.

PnP Support
Indicates if Plug and Play is supported.

APM Support
Indicates if Advanced Power Management is supported.

BIOS Upgradeable
Indicates if the BIOS can be upgraded/flashed.

BIOS Shadowing
Indicates if the BIOS can be copied from the ROM into the RAM, usually for performance reasons.

VL-VESA Support
Indicates if Video Electronics Standards Association is supported.

ESCD Support
Indicates if Extended System Configuration Data for plug and play is supported.

CD Boot
Indicates if the system can boot from a CD drive.

Selectable Boot
Indicates if BIOS allows the boot drive to be selected.

ROM Socketed
Indicates if ROM chip is socketed.

PCMCIA Boot
Indicates if the system can boot from a PC-Card.

EDD Support
Indicates if the BIOS supports Enhanced Disk Drive technology.

Floppy NEC 1.2MB
Indicates if the NEC 9800 1.2MB floppy is supported by the BIOS.

Floppy Toshiba 1.2MB
Indicates if the Toshiba 1.2MB floppy is supported by the BIOS.

Floppy 360 KB
Indicates if the 360 KB floppy is supported by the BIOS.

Floppy 1.2 MB
Indicates if the 1.2 MB floppy is supported by the BIOS.

Floppy 720 KB
Indicates if the 720 KB floppy is supported by the BIOS.

Floppy 2.88 MB
Indicates if the 2.88 MB floppy is supported by the BIOS.

Print Screen
Indicates if the BIOS supports print screen functionality.

Keyboard 8042
Indicates if the 8042 Keyboard is supported by the BIOS.

Serial Services
Indicates if serial services are supported buy the BIOS.

Printer Services
Indicates if print services are supported buy the BIOS.

CGA-Mono Video
Indicates if Color Graphics Adapter/Mono Video is supported by the BIOS.

NEC PC-98
Indicates if the NEC PC-98 series Japanese architecture is supported.

APCI Support
Indicates if Advanced Configuration and Power Interface is supported by the BIOS.

USB Support
Indicates if Universal Serial Bus is supported by the BIOS.

AGP Support
Indicates if Accelerated Graphics Port is supported by the BIOS.

I2O Boot
Indicates if Intelligent I/O is supported by the BIOS.

LS-120 Boot
Indicates if the computer can boot from an LS-120 (SuperDisk™) disk.

ATAPI ZIP Boot
Indicates if the computer can boot from a AT Attachment Packet Interface drive is supported.

Firewire Boot
Indicates if the computer can boot from a FireWire® (IEEE 1394) device.

Smart Battery
Indicates if the BIOS supports a smart battery, i.e. one that provides the computer with information about its power status.

6.19.2) System Information

Manufacturer
The name of the system's manufacturer.

Product Name
The product name as described by the manufacturer.

Version
The version of the product.

Serial Number
A system serial number.

Universal Unique ID
A 16 character long string to uniquely identify the system.

Wake-Up Type
The manner in which the system was powered-up, normally power switch.

SKU Number
The Stock Keeping Unit number of the computer.

Product Family
The product family to which a computer belongs.

6.19.3) Base Board

Board Number
A number to identify the baseboard on systems with more than one baseboard. Counting starts at 1.

Manufacturer
The baseboard's manufacturer.

Product
The product name as described by the manufacturer.

Version
The product version of the base board.

Serial Number
The serial number of the base board.

Asset Tag
A manufacturer specific asset tag to identify the base board.

Features
Features of the baseboard such as if it is hot swappable, replaceable or removable.

Board Type
The type of baseboard, normally motherboard.

6.19.4) Chassis Information

Manufacturer
The name of the chassis' manufacturer.

Chassis Type
The type of chassis such as laptop, desktop, mini-tower.

Version
A manufacturer specific version for the chassis.

Serial Number
A manufacturer specific serial number to identify the chassis.

Asset Tag
A manufacturer specific asset tag number to identify the chassis.

Boot Up State
The state of the chassis when it was last booted such as safe, warning, critical, non-recoverable.

Power State
The state of the power supply when it was last booted such as safe, warning, critical, non-recoverable.

Thermal State
The state of the thermal supply when it was last booted such as safe, warning, critical, non-recoverable.

Security Status
The state of the power supply when it was last booted such as locked out or enabled.

OEM Defined
Contains OEM- or BIOS vendor-specific information.

Height
The height of the enclosure in inches.

Number Of Power Cords
The number of power cords associated with the enclosure or chassis.

6.19.5) Processor

Processor Number
A number to identify the processor on systems with more than one processor. Counting starts at 1.

Socket Designation
A description of the processor's socket such as 'SLOT1'.

Processor Type
The type of processor, typically central processor.

Processor Family
The processor family such as Pentium®, Pentium® 4, AMD Athlon™ etc.

Processor Manufacturer
The name of the processor's manufacturer.

Processor ID
The processor's ID obtained from its EAX and EDX registers as a result of issuing a CPUID instruction.

Processor Version
A description of the processor.

Voltage
Voltage used by the processor.

External Clock
The external clock frequency in MHz.

Maximum Speed
The maximum processor speed in MHz supported by the system.

Current Speed
The current speed in MHz at which the processor is operating.

Status
The status of the processor such as if the socket is populated and if the processor is enabled.

Processor Upgrade
Information concerning upgrading the processor.

Serial Number
The serial number of the processor as set by the manufacturer.

Asset Tag
The asset tag of the processor.

Part Number
The part number of the processor.

Core Count
The number of cores detected by the BIOS for this processor.

Core Enabled
The number of cores that are enabled by the BIOS and available for use.

Thread Count
The total number of threads detected by the BIOS for this processor.

Processor Characteristics
Any additional processor characteristics detected by the BIOS.

Processor Family 2
Extended processor family information.

6.19.6) Memory Controller

Controller Number
A number to identify the memory controller on systems with more than one controller. Counting starts at 1.

Error Detecting
The method used by the controller to detect for errors in data such as 8-bit parity or CRC.

Error Correcting
The capability to correct for data errors such as single bit error correcting or error scrubbing.

Supported Interleave
The level of interleave supported by the controller, e.g. one way interleave.

Current Interleave
The level of interleave currently in use by the controller.

Max. Memory Module
The maximum memory module the controller can support, expressed in MB.

Supported Memory Speeds
The memory speeds supported by the memory controller, expressed in nanoseconds.

Supported Memory Types
The types of memory supported by the controller such as Standard, EDO, DIMM etc.

Memory Module Voltage
The voltages supported by the memory controller.

Number Memory Slots
The number of memory slots controlled by the controller.

6.19.7) Memory Module

Module Number
A number to identify the memory module on systems support multiple modules. Counting starts at 1.

Socket Designation
A designation for the socket into which the module is plug such as BANK_0.

Bank Connection
A Row Address Strobe (RAS) connection in the memory bank (part of motherboard that contains slots for memory modules)

Current Speed
The speed of the memory module, expressed in nanoseconds.

Current Memory Type
The type of memory such as such as Standard, EDO, DIMM etc.

Installed Size
The size of the memory module, in MB, in the socket.

Enabled Size
The amount of memory, in MB, that is enabled in the module.

Error Status
Description of any errors posted by the memory module to the BIOS.

6.19.8) Cache

Cache Number
A number to identify the cache on systems with multiple processor caches. Counting starts at 1.

Socket Designation
A designation for the cache, typically L1, L2 or L3.

Cache Configuration
The cache's configuration such as support for write-back or is socketed.

Max. Cache Size
The maximum cache size that can be supported, expressed in KB.

Installed Cache
The amount of cache in use, expressed in KB.

Supported SRAM Type
The type of Static Random Access Memory supported, such as burst or synchronous.

Current SRAM Type
The type of Static Random Access Memory currently in use, such as burst or synchronous.

Cache Speed
The speed of the cache in nano-seconds.

Error Correction Type
The error correcting method employed by the cache such as parity or single bit Error-Correcting Code.

System Cache Type
The type of cache, normally either data, instruction or unified.

Associativity
The associative level of the cache, such as Direct Mapped, 4-Way, Fully etc.

6.19.9) Port Connector

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Internal Designation
An internal reference to the port such as COM1 etc.

Internal Connection Type
The type of connection such as 9 Pin Dual Inline and DB-25 pin female.

External Designation
An external designation for the port such as COM1 etc.

External Connection Type
The external connection type such as RJ-45 or DB-9 pin male.

Port Type
The type of port such as USB, Parallel, Serial etc.

6.19.10) System Slot

Slot Number
A number to identify the slot on systems with multiple slots. Counting starts at 1.

Slot Designation
A designation for the slot, commonly its such as ISA or PCI.

Slot Type
The type of slot such as Industry Standard Architecture (ISA) or Peripheral Component Interconnect (PCI).

Data Bus Width
The data buss width, for example 32-bit.

Current Usage
Whether or not the slot is in use.

Slot Length
Either short or long.

Slot ID
An ID for the slot such as MCA or EISA.

Slot Characteristics 1
Description of the slot's characteristics such as voltage.

Slot Characteristics 2
Extended description of the slot's characteristics such as if it supports the Power Management Enable signal.

6.19.11) Memory Array Information

Array Number
A number to identify the memory array on systems with multiple arrays. Counting starts at 1.

Location
The location of the array, e.g. on motherboard.

Use Item
Description of the memory array's function.

Error Correction
The array's error correcting capability such as parity, CRC etc.

Maximum Capacity
The maximum capacity in KB for the array.

Error Handle
An error code, 0xFFFF indicates that no errors have been detected.

Number of Devices
The number of slots available to the memory array.

6.19.12) Memory Device

Device Number
A number to identify the memory device on systems with multiple devices. Counting starts at 1.

Error Handle
A number to indicate an error status, 0xFFFE indicates no information and 0xFFFF no reported errors.

Total Width
The total width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Data Width
The data width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Device Size
The size, typically in MB, of the device.

Form Factor
The form factor of the device such as SIMM, DIMM, RIMM etc.

Device Set
Indicates if the device is part of a set of similar devices.

Device Locator
Identifies the socket where the device is located such as A0.

Bank Locator
Identifies the bank where the device is located such as Bank0/1.

Memory Type
The type of memory such as DRAM. VRAM, DDR etc.

Memory Type Detail
Details about the type of memory such as Fast-Paged, Synchronous, RAMBUS etc.

Speed
The speed of the memory device in MHz.

Manufacturer
The name of the manufacturer of the device.

Serial Number
The serial number of the device.

Asset Tag
The asset tag of the device.

Part Number
The part number of the device.

6.20) Processors

Processor Number
A number to identify the processor on systems with multiple processors. Counting starts at 1.

Name
The name is obtained from the processor itself or is resolved from its signature and physical characteristics.

Short Name
Not used, always empty.

Speed - Estimated
The speed in MHz estimated over certain number of processor cycles.

Speed - Registry
The speed in MHz as reported in the system registry. Zero if not present in the registry.

Processor Type
The type of processor, one of: OEM Primary, Overdrive or Secondary.

Manufacturer
The name of the processor's manufacturer.

Serial Number
The serial number, if present, as stored in the processor by its manufacturer. Serial numbers are present on Pentium® III processors only.

APIC Physical ID
A comma separated list of the Advanced Programmable Interrupt Controller identification numbers of the logical processors in the physical processor.

Features
A list of comma separated features or instructions the processor supports.

Cache
A comma separated list of the processor’s cache levels and sizes.

TLB
A comma separated list of the processor’s data and instruction Translation Lookaside Buffers.

Logical Processors
The number of logical processors in the physical processor. Also known as package.

6.21) Memory

This section shows amount of memory, both physical and swap, on the computer.
WinAudit adopts the convention that 1MB = 1024*1024 bytes = 1,048,576 bytes also known as 1 mebibyte.

Total Memory
The total amount of physical memory (RAM) in MB. Also referred to as main memory.

Free Memory
The amount of unused physical memory (RAM) in MB.

Maximum Swap File
The maximum file size, expressed in MB, the operating system will allocate for swapping. Swapping is the process of moving data from physical memory to a file on a hard drive for temporary storage. This file is created by the operating system and allows it to handle quantities of data to large too for the physical memory. The swap file is also referred to as a page file.

Free Swap File
The bytes available to the swap file expressed in MB.

6.22) Physical Disks

This section shows the disks detected in the computer. For security reasons, as of Windows® 2003, this detection requires administrator level privileges. Likewise, to report the result of a S.M.A.R.T. self-test, administrator privileges are required.

Bug Notice! WinAudit can detect disks while running under a restricted user account. However, on multi-disk systems, correct disk numbering requires administrator privileges. Because the majority of computers have only one hard disk and it is preferable to run programmes under a restricted user account, this non-administrative method of disk detection has some utility. If the disk numbering appears to be inconsistent, re-run the programme as administrator to correct for this bug.

Disk Number
A number to identify the disk on systems with multiple disks. Counting starts at 1 and corresponds to the disk's controller position. For example, #1 is Primary Master, #2 is Primary Slave, #3 is Secondary slave etc.

Capacity
The capacity of the disk in MB, i.e. size in bytes divided by 1024 * 1024.

Disk Type
The type of disk, options are fixed and removable.

Manufacturer
The name of the disk's manufacturer.

Model
The model of the disk as specified by the manufacturer.

Serial Number
The serial number of the disk as specified by the manufacturer.

Firmware Revision
The firmware revision of the disk as specified by the manufacturer.

Controller Rank
The rank of the disk on the controller, e.g. primary, secondary etc.

Master/Slave
Indicates if the disk is set as the master or slave on the controller.

Total Cylinders
The number of cylinders, note WinAudit will not report numbers higher than 16383. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Total Heads
The number of heads the disk has. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Sectors Per Track
The number of sectors per track. Requires Windows® NT. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Buffer Size
The disk's cache size, if any, expressed in KB. A value of zero may be presented if the buffer's size could not be determined.

SMART Supported
Indicates if Self-Monitoring Analysis and Reporting Technology (S.M.A.R.T.) is supported by the disk.

SMART Enabled
Indicates if S.M.A.R.T. is enabled on the disk.

SMART Self-Test
The result of an auto-diagnostic disk test. The possible responses are OK, Failed and Unknown. Requires administrative privileges. Under some circumstances a SMART self-test may be obtainable without direct access to the SMART Supported and SMART Enabled data items listed above.

6.23) Drives

This section enumerates the drives, also known as volumes, found on the computer. The information displayed depends on the drive type and the presence of removable media. By design, WinAudit only reports on local drives.
WinAudit follows the widely adopted convention that 1MB = 1024*1024 bytes = 1,048,576 bytes which is sometimes referred to as 1 mebibyte. It is common however, for floppy drive manufacturers to use 1MB = 1000*1024 bytes = 1,024,000 bytes.

Letter
The letter used to identify the drive in the range A to Z.

Drive Type
The type of drive; one of removable, fixed, network, CD-ROM or RAM disk. USB devices and floppy drives are reported as removable.

Percent Used
The percentage of the media that is in use. For optical drives a value of 100% is reported regardless of the amount in use because it is customary to assume there is no free space.

Used Space
The space used on the media. The reported value may be less than the actual amount if user quota's are implemented. Windows® 95 release 1 has a detection ceiling of 2GB.

Free Space
The free space available on the media. Optical drives normally show zero free space regardless of the amount of information actually written to the media.

Total Space
The total space available on the media. For optical drives this value is the amount in use and not its total capacity.

Volume Name
The volume name of the drive, also known as the label.

File System
The file system used to store data on the media, common types are FAT , FAT32 , NTFS and CDFS.

Volume Serial Number
The volume serial number, this number changes when the drive is formatted. To obtain the manufacturer's serial number set the option for physical disk detection.

Sectors Per Cluster
The number of sectors in a cluster. A cluster is comprised of sectors. A sector is the smallest amount of space useable on a drive.

Bytes Per Sector
The number of bytes each sector can store. Typical numbers are 512, 1024 and 2048.

Free Clusters
The number of clusters that are available to store information. May be fewer than the actual amount if user quotas are implemented.

Total Clusters
The total number of clusters available on the drive. May be fewer than the actual amount if user quotas are implemented.

6.24) Communication Ports

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Port Name
The name of the port such as COM1.

Monitor Name
The name of an installed monitor for the port.

Description
A description of the port, e.g. local port.

Port Type
The type of port, i.e. if can read, write, redirected or remote.

6.25) Startup Programs

This section shows programmes that start automatically. The list is presented in an order that as closely as possible matches the startup sequence. This section does not include services.

Program Name
The name of the programme.

Settings Folder
The folder where the settings are stored for this program, typically a registry path or an operating system defined 'special' folder.

Startup Command
The command used to start the programme.

6.26) Services

This section shows the services on the computer. These are divided into two types namely, drivers and processes. Requires appropriate privileges on some installations of Windows®.

Name
The name of the service.

Service Type
A description of the type of service such as kernel driver or own process.

State
The state of the service, such as if it has been started.

Start Mode
The manner in which the service is to be started for example, automatic or manual.

Path Name
The path to the service's binary file. For example, cdrom.sys is the file for the CD-ROM device driver. Some services may run in the context of the generic host process svchost.exe.

Service Name
The account the service process will be logged on as when it runs. Typically this is empty for device services.

6.27) Running Programs

This section shows programmes that are running on the computer.

Name
The name of the programme in use. This is most often the programme's executable file, but it can also be a special process such as 'System Idle Process' or 'System'.

Process ID
The process identifier (PID), a number that uniquely identifies the process.

Memory
The memory, expressed in KB, being used by the process. The reported value will either be the Working Set or the Private Commit depending on the version of the operating system.

Description
The description, if any, of the programme. This is embedded in the executable file by its manufacturer and to report it, special access privileges may be required for a given programme.

6.28) ODBC Information

This section shows the Open Database Connectivity (ODBC) data sources and drivers found on the computer. File based data source names can reside anywhere on the computer but typically these are to be found in DefaultDSNDir or CommonFilesDir. These are themselves defined in the system registry. Sometimes file data sources may be in the user's home directory.

6.28.1) ODBC Data Sources

DSN Type
The Data Source Name (DSN) type may be one of File, System or User. The first type stores the information required to connect to the database in a file on the computer. For the other two, this connection information is stored in the system's registry.

DSN
The name of the data source.

Description
A brief description of the data source name. Typically File DSNs have no description and for System andUser DSNs it is the name of the driver software.

6.28.2) ODBC Drivers

Name
The name of the ODBC driver.

Company
The software publisher.

File Name
The name of the ODBC driver’s binary file. Typically a dll.

File Version
The version of the ODBC driver’s binary file. This is extracted from the file.

Driver ODBC Version
The ODBC specification level that the driver implements, e.g. 03.51

6.29) OLE DB Drivers

Name
The name of the OLE DB driver

Description
The software publisher’s description of the driver

6.30) Software Metering

A scan of the system's security log is performed to identify events associated with executable starts and exits. Normally, auditing of these events is not enabled so if you wish to collect metering information you need to review your audit policy. Ensure that 'Audit Process Tracking' is enabled. For example, if auditing is enabled then when a programme starts event 592 or 4688 will be recorded in the security log. The log can grow very large and it is not uncommon for it to contain several hundred thousand entries. Summarising this information may take some time to complete.

Tracking process exits is not sufficiently reliable so executable runtimes are not computed. Clearly, if the security log is purged then no data can be reported. Accessing security log may require special privileges depending on the security policy in effect. This statistics generated in this section should be should be treated as of low quality and used with caution.

File Name
The name of the executable that was started, e.g. Word.exe .

File Path
The full file path the executable that was started.

File Version
The file's version number. This data, if present, was embedded in the file when it was created by its manufacturer.

Publisher
The name of the file's manufacturer (publisher). This data, if present, was embedded in the file when it was created by its manufacturer.

First Start Timestamp
The first entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Start Timestamp
The last entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Starts
The number of times the executable was started at the console. That is, started by a user who logged on at system's keyboard.

Remote Starts
The number of times the executable was started via a remote session such as remote desktop.

Other Starts
The number of times the executable was started but not as either from within a console or remote session. Examples of this are as a service, batch job or the machine account.

6.31) User Logon Statistics

User logon events are stored in the system's security log. If you wish to report this you need to ensure that 'Audit Account Logon Events', 'Audit Logon Events' and 'Audit System Events' are enabled in the Audit Policy. The security log can grow very large therefore summarising it may take some time to complete. Clearly, if the security log is purged then no data can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

User Account
The name of the logged on account, usually reported as Domain_Name\User_Name.

First Logon Timestamp
The first entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Logon Timestamp
The last entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Logons
The number of times the user logged on at the console. That is, an interactive logon at system's keyboard.

Remote Logons
The number of times the user logged on via a remote session such as remote desktop.

Other Logons
The number of logons at neither the console nor from a remote computer. Examples of this are logons for a service, batch job or the machine account.

7) Saving the Audit

To save your audit report, on the menu select File + Save then enter the file name of your choice, WinAudit usually provides the computer's name for you. Next, from the drop down list choose the type of document. Options are Comma Delimited, Rich Text and Web Page. Finally, click the Save button.

Comma Delimited
This format is used by spreadsheets and custom data analysis programmes. The csv file is written out in little endian UTF-16 with the customary byte order marker of 0xFF 0xFE. Commas are used as field delimiters regardless of locale settings. The data generated WinAudit is heterogeneous in nature so to facilitate processing, each row begins with a numerical category identifier. The first field is the name of the category. The subsequent fields are the data item values. All fields are double quoted. Any double quote in a data value is escaped with a double quote. For example, 15” becomes 15””.

Rich Text
Save in rtf format if you intend to view the results in a the WordPad text editor.

Web Page
Save in html format if you intend to view the results in a browser.

8) Sending by E-Mail

To send the data by e-mail, on the menu, select File + Send E-Mail at which point WinAudit will attempt to start your e-mail programme and create a new message containing the audit report. Enter the recipient(s) address then click the send button. WinAudit will not send an e-mail without the user's knowledge. The audit report is sent as an attached web page. Other types of data are as an ordinary message.

9) Export to Database

To send the audit to a database, on the menu select File then Database Export. A window will be shown allowing you to control how the data is exported. Select the database's type (e.g. Microsoft Access). For MySQL® and PostgreSQL select, from the adjacent list, the software used to connect to it. Next, enter the database's name into the box. Your database administrator will provide you with all the required information. Ignore the remaining options unless otherwise instructed by the administrator. Press the Export button, if requested enter your credentials. The data export will begin. The time taken for this to complete depends on how much data you are sending, so be sure to wait for it to finish. You will then see a result message indicating how many records where exported. Finally, click the Close button.
The remainder of this document is intended for the database administrator.

9.1) Administration - DBA

The following DBMS versions are supported:
- Microsoft® Access 2000 and newer
- MySQL® 5 and newer
- Microsoft® SQL Server 2005 and newer
- PostgreSQL 8.3 and newer

9.1.1) Create the Database

WinAudit can create Access, MySQL and SQL Server databases. For PostgreSQL, an existing database is required with WinAudit then creating its tables and related objects. Start the logger by selecting Help + Start Logging on the menu. Next, select File + Database Export. On the window, select the Database Management System Name (DBMS). For MySQL or PostgreSQL, select its ODBC driver as well. The drivers found on the computer are shown in the drop down lists. In the Database Name text box enter a name as follows:

Access - the full file path to the database e.g. C:\Data\WinAuditDB.mdb.
MySQL - the database name.
SQL Server - the database name.
PostgreSQL - the database name.

Access databases can be created provided the corresponding OLEDB component is installed on the computer. For MySQL and SQL Server a simple CREATE DATABASE statement will be issued against the server. If you intend to use PostgreSQL, create an empty database now before proceeding. You can do this with pgAdmin. Next, click the Administration button, the Administrative Tasks window will be shown. Your choice of DBMS and database name are shown under the window's title. You cannot change these properties while this window is visible. The following options are available for creating your database. The ones shown depend on your choice of DBMS.

Unicode
If you wish to store Unicode characters check the Unicode box, In this context, Unicode is 2-bytes per character (UCS-2). Identifier columns used in the Computer_Master table are always in low ASCII, so Unicode (NVARCHAR/WVARCHAR) are not used for these. Hence, if you intend to run queries on this table you do not need to prefix your string literals with 'N'. No provision is made for labels of a fully qualified domain name to be in Unicode as this is a non-standard extension to the specification. Microsoft Access is Unicode by design. For PostgreSQL, the database code page is specified on creation.

OLE DB Driver
If you have specified Access as the DBMS then a drop down list will be shown. WinAudit will select the correct OLEDB driver based on the file extension. Access 2000 (.mdb) uses the Microsoft.Jet.OLEDB.4.0 driver. Newer versions of Access (.accdb) use the Microsoft.ACE.OLEDB.x driver. If no driver is shown in the drop down box, close the window and review the log for error messages. Most probably you need to install the driver for .accdb or fallback to .mdb file type.

Grant Privileges to PUBLIC
For SQL Server you can specify if you want PUBLIC to have a minimal set of privileges to post data into the database. Essentially, this allows users to post but not to view or delete data. If this is undesirable for your security requirements then you will need to implement a security arrangement that better suits your environment. See below for more details on user privileges.

Click, the Create button. On completion a status message will be shown. Close the window and review the log for any error or warning messages.

Important: once a connection to the database has been established, it is held until this Administrative window is closed. If the connection to the server drops you will need to close the window and re-open it. When you are finished performing your administrative tasks close the window to severe the connection.

9.1.2) Client Connection

After an audit has been completed, clients send the result to the database by selecting File then Database Export in the menu. Connection to the database is via ODBC, therefore you must ensure that:
- the database's ODBC driver is installed on client's machine
- your clients know which DBMS they are to use
- your clients know the name of the database
- for MySQL® and PostgreSQL your client's know which ODBC driver to use

Microsoft's Access and SQL Server ODBC drivers ship with the operating system and are installed by default. ODBC drivers for MySQL and PostgreSQL databases are available from their respective vendors. The other information shown on the Export Audit to Database window is optional. When then user clicks Export, WinAudit creates a connection string that is passed to the ODBC driver. Normally, a login window will be displayed requesting additional connection information such as a password. Logging of the completion connection string may be suppressed if it contains a password so if there is a login error, instruct your users to copy any messages shown to them. As soon as the data transfer is complete the connection is closed. Users must therefore login every time they attempt a database export. Winaudit prevents the same audit data from being posted twice to the same database.

Maximum Errors [%]
An audit report may up to a few thousand records. Usually there are no errors when posting to a database. However, occasionally some data cannot fit into the allocated column size in the database. Typically these are long file paths. It is not always desirable to fail an entire database operation because of a few errors. Consequently, you can instruct your users to set this tolerance parameter thereby allowing the operation to succeed. For example if you set this to 1% and 1000 records are sent to the database, if fewer that 10 records fail to be posted the operation as a whole will be deemed to have succeeded. The default setting is 5% with a range of 0 (no errors allowed) to 25%.

Max. affected rows
You can specify a limit the number of records that can be posted to the database in a single operation. The default value is 9999 with a range of 1 to 9999.

Connect timeout [secs]
Specify the connection timeout for the database. This setting applies to both the initial login timeout (SQL_ATTR_LOGIN_TIMEOUT) and subsequent communications (SQL_ATTR_CONNECTION_TIMEOUT) with the database. The default value is 30s with a range of 5s to 99s.

Query timeout [secs]
Specify a query timeout for the database. WinAudit often sends large quantities of data to the database, depending on database load it may take some time for the query to complete. WinAudit will not use an infinite timeout. The default value is 60s with a range of 5s to 999s.

9.1.3) Data Maintenance

Your database will increase in size unless you delete the old audits. WinAudit operates on the assumption that connecting clients do not have DELETE privilege, hence this step cannot be automated. From time to time you need to purge the database of its old audits. Roughly speaking, a default audit is expected to require about 1MB. Before proceeding it is strongly recommended that you back up your data. To delete the old audits, on the Administrative Tasks window click, in the Data Maintenance section, the Delete button. This will purge the database of all but the last audit for each computer.

9.1.4) Reporting

WinAudit allows you to create some simple reports from your data. This requires SELECT privilege on database tables. In the Reports section, select a report from the drop down list. You can specify a limit to the number of rows returned by using the parameter Maximum Rows. To fetch all the rows use a value of zero (0). Click Run to create the report.

You can, of course, use your own database's software to create reports. When the database is created a set of views were also created. For example, to see System Overiew records use the v_System_Overview view. If you wish to write your own SQL statements, bear in mind:
- Data is stored in the Audit_Data table
- Audits are identified by the Audit_ID column
- The Audit_Data table may have several audits for a given computer
- The most recent Audit_ID is in Computer_Master.Last_Audit_ID
- To view current data INNER JOIN Computer_Master to Audit_Data
- Audit_Data columns are character data, avoid numerical computations
To help you create your own queries check the Show SQL box, this will show the statement used to generate the report. These statements serve as working examples which you can use to build your own queries.I n particular, you will need to map the category of data you want to its numerical identifier and the names of the columns. This information is found in the Display_Names table. For example, to get a list of installed software in your organisation:
SELECT DISTINCT
Audit_Data.Item_1 As Software_Name
FROM Computer_Master INNER JOIN Audit_Data ON
Computer_Master.Last_Audit_ID = Audit_Data.Audit_ID
WHERE Audit_Data.Category_ID = 500

The INNER JOIN ensures you are viewing only current data. In the Display_Names table you will see that Software Programs has a Category_ID of 500. Similarly, Item_1 correspondsto the data item of Name.

10) Command Line Usage

You can invoke WinAudit from the command line, in this mode the programme executes without showing its main window. In this manner, you can automate the auditing of computers using batch files or login scripts on a domain controller. If need be, you can post the results directly to a database or save them to a centralised networked drive.
Some tips:
- Try to use WinAudit in user interface mode before invoking it via the command line.
- Ensure you have included the report switch '/r=' with some category letters.
- The category letters are case sensitive
- Use only backslashes slashes '\' for file path separators.
- It is not necessary to quote output or log file paths even if there are spaces.
- WinAudit returns a code of zero (0) on success and non-zero if an error occurred.
- A logging facility is provided to help you diagnose problems.
The command syntax (all on one line) is:
WinAudit.exe /h /r=gsoPxuTUeERNtnzDaIbMpmidcSArCOHG /f=file /T=file_timestamp /l=log_file

All switches are optional, if none are supplied the programme runs in user interface mode. See examples below.

Switches

/h
Show a help message then exit.

/r
Report content, default is NO sections, i.e. nothing is done.
g Include System Overview
s Include Installed Software
o Include Operating System (Small letter o)
P Include Peripherals
x Include Security
u Include Groups and Users
T Include Scheduled Tasks
U Include Uptime Statistics
e Include Error Logs
E Include Environment Variables
R Include Regional Settings
N Include Windows Network
t Include Network TCP/IP
z Include Devices
D Include Display Capabilities
a Include Display Adapters
I Include Installed Printers (Capital I )
b Include BIOS Version
M Include System Management
p Include Processor
m Include Memory
i Include Physical Disks
d Include Drives
c Include Communication Ports
S Include Startup Programs
A Include Services
r Include Running Programs
C Include ODBC Information
O Include OLE DB Drivers (Capital O)
H Include Software Metering
G Include User Logon Statistics

/f
Output file or database connection string. Valid file types are comma separated, rich text and web page:
/f=computer_audit.csv
/f=computer_audit.rtf
/f=computer_audit.html
Only one file type may be specified. If no /f switch is specified, the output is written to 'computer_name.html’ where computer_name is the NetBIOS name of the computer.

macaddress is a reserved word (case insensitive). If specified, the output will be written to a file named using a Media Access Control (MAC) address. If no MAC address can be resolved, then the computer's name will be used. On systems with multiple network adapters, the address of the first one discovered will be used. Usage: /f=macaddress.html . If a connection string is supplied, it must begin with DRIVER= or DBQ=. This string must not have any forward slashes.

/T
Use an ISO style date, time or data-time in the output file name. The timestamp precedes the file extension e.g. Audit-20130320-123655.txt, options are:
/T=date - YYYMMDD format
/T=time - hhmmss format
/T=datetime - YYYYMMDD-hhmmss format
This switch is for use with regular file names, do not use when exporting data to a database.

/l
The log file path to record diagnostic and activity messages. The log files are tab separated text that can be view in notepad hence the .txt extension is recommended. If only a file name is supplied, the log file will be written to the same directory in which the WinAudit executable resides. To avoid concurrency issues, be sure to use a different name for each concurrent job. For example /l=%COMPUTERNAME%.txt

10.1) Command line examples

To view the command line usage, at the command prompt type:
WinAudit.exe /h

To get a System Overview with the output saved in the same directory as the WinAudit executable in the default format of html and filename of 'computername.html':
WinAudit.exe /r=g

To get a System Overview and Operating System information saved in a specified directory in rich text format using the computer’name as defined in the environment:
WinAudit.exe /r=go /f=C:\Temp\%COMPUTERNAME%.rtf

To audit your computer showing the System Overview, Operating System and Installed Software sections then save the report in CSV format on remote computer called SERVER in the networked shared directory Audits using a filename based on the MAC address:
WinAudit.exe /r=gos f=\\SERVER\Audits\macaddress.csv

Get a System Overview and log the audit to a file called log.txt. The audit will be saved in 'computername.html' with the log file written to the directory containing WinAudi.exe.
WinAudit.exe /r=g /l=log.txt

Save data about displays and adapters using a file name that contains a timestamp. The output file name will be of the form Displays-20131020-130425.rtf:
WinAudit.exe /f= Displays.rtf /r=gDa /T=datetime

Send a system overview to an Access (.mdb) database using a DSN-Less connection string:
WinAudit.exe /r=g /f=DBQ=C:\Temp\Test.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;

Save many data categories to a password protected Access 2007 or newer database.
WinAudit.exe /r=gsopxuTUeERNt /f=DRIVER={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=C:\Temp\WinAuditDB.accdb;UID=admin;PWD=123456

Send a system overview to SQL Server on a computer named PXSSQLSVR using a DSN-Less connection string. Connect as user WinAuditUser to a database named WinAuditDB and write out a log file to log.txt. Note, there is a space between 'SQL' and 'Server':
WinAudit.exe /r=g /f=DRIVER=SQL Server;SERVER=PXSSQLSVR;UID=WinAuditUser;PWD=Cvb5dP3g;DATABASE= WinAuditDB; /l=log.txt

Save a system overview to a SQL Server database on a trusted connection.
WinAudit.exe /r=g /f=DRIVER={SQL Server};SERVER=PXSSQLSVR;DATABASE=WinAuditDB;Trusted_Connection=Yes;

Send a system overview to a MySQL database named winauditdb on the local computer using a DSN-Less connection string. Connect as root with a password.
WinAudit.exe /r=g /f=DRIVER=MySQL ODBC 3.51 Driver;SERVER=localhost;UID=root;PWD=123456;DATABASE=winauditdb;

11) Privacy and Security

The WinAudit programme has no networking capabilities. It cannot send, transmit or in anyway communicate any information about your computer to anyone else. Parmavex Services does not receive a copy of your data.

WinAudit cannot autonomously send e-mail. It creates a message then displays it for the user to send.

WinAudit is provided as freeware. Its freeware license is embedded in the executable. This means that its terms are fixed into perpetuity.

WinAudit is open source software, its operation can be verified by examining the source code.

12) Contact Information

Our preferred method of communication is e-mail. When doing so please be sure to include WinAudit in the subject otherwise your message will be automatically deleted.

Parmavex Services
17 Perry Hill Lane
Oldbury
West Midlands
England B68 0AG
Fax: +44 (0)121 421 7114
Email: winaudit at parmavex dot co dot uk
Web: www.parmavex.co.uk

13) European Union Public Licence

WinAudit is licensed under the European Union Public Licence (EUPL). It is free open source software. It must not be sold, leased, rented, sub-licensed or used for any form of monetary recompense whatsoever. You may make as many verbatim copies of the executable“WinAudit.exe” as you need and distribute them to anyone. This includes commercial organisations. By using this software, you will have agreed and are agreeing to be bound by the terms of EUPL set forth below. The EUPL is copyright of the European Community and is reproduced here in accordance with their best practices about “establishing” a EUPL contract.

European Union Public Licence
V. 1.1
EUPL © the European Community 2007

This European Union Public Licence (the “EUPL”) applies to the Work or Software (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work).

The Original Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following notice immediately following the copyright notice for the Original Work:

Licensed under the EUPL V.1.1

or has expressed by any other mean his willingness to license under the EUPL.

1. Definitions

In this Licence, the following terms have the following meaning:

- The Licence: this Licence.

- The Original Work or the Software: the software distributed and/or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be.

- Derivative Works: the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15.

- The Work: the Original Work and/or its Derivative Works.

- The Source Code: the human-readable form of the Work which is the most convenient for people to study and modify.

- The Executable Code: any code which has generally been compiled and which is meant to be interpreted by a computer as a program.

- The Licensor: the natural or legal person that distributes and/or communicates the Work under the Licence.

- Contributor(s): any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work.

- The Licensee or “You”: any natural or legal person who makes any usage of the Software under the terms of the Licence.

- Distribution and/or Communication: any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, on-line or off-line, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal person.

2. Scope of the rights granted by the Licence

The Licensor hereby grants You a world-wide, royalty-free, non-exclusive, sublicensable licence to do the following, for the duration of copyright vested in the Original Work:

- use the Work in any circumstance and for all usage,
- reproduce the Work,
- modify the Original Work, and make Derivative Works based upon the Work,
- communicate to the public, including the right to make available or display the Work or copies thereof to the public and perform publicly, as the case may be, the Work,
- distribute the Work or copies thereof,
- lend and rent the Work or copies thereof,
- sub-license rights in the Work or copies thereof.

Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the applicable law permits so.

In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed by law in order to make effective the licence of the economic rights here above listed.

The Licensor grants to the Licensee royalty-free, non exclusive usage rights to any patents held by the Licensor, to the extent necessary to make use of the rights granted
on the Work under this Licence.

3. Communication of the Source Code

The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to distribute and/or communicate the
Work.

4. Limitations on copyright

Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Original Work or Software, of the exhaustion of those rights or of other applicable limitations thereto.

5. Obligations of the Licensee

The grant of the rights mentioned above is subject to some restrictions and obligations
imposed on the Licensee. Those obligations are the following:

Attribution right: the Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties.The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes and/or communicates. The Licensee must cause any Derivative Work to carry prominent notices stating that the Work has been modified and the date of modification.

Copyleft clause: If the Licensee distributes and/or communicates copies of the Original Works or Derivative Works based upon the Original Work, this Distribution and/or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the Licence. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence.

Compatibility clause: If the Licensee Distributes and/or Communicates Derivative Works or copies thereof based upon both the Original Work and another work licensed under a Compatible Licence, this Distribution and/or Communication can be done under the terms of this Compatible Licence. For the sake of this clause, “Compatible Licence” refers to the licences listed in the appendix attached to this Licence. Should the Licensee’s obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence
shall prevail.

Provision of Source Code: When distributing and/or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute and/or communicate the Work.

Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing
the content of the copyright notice.

6. Chain of Authorship

The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions to the Work, under the terms of this
Licence.

7. Disclaimer of Warranty

The Work is a work in progress, which is continuously improved by numerous contributors. It is not a finished work and may therefore contain defects or “bugs” inherent to this type of software development.

For the above reason, the Work is provided under the Licence on an “as is” basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this Licence.

This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.

8. Disclaimer of Liability

Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.

9. Additional agreements

While distributing the Original Work or Derivative Works, You may choose to conclude an additional agreement to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or services consistent with this Licence. However, in accepting such obligations, You may act only on your own behalf and on your sole responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by the fact You have accepted any such warranty or additional liability.

10. Acceptance of the Licence

The provisions of this Licence can be accepted by clicking on an icon “I agree” placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms and conditions.

Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution and/or Communication by You of the Work or copies thereof.

11. Information to the public

In case of any Distribution and/or Communication of the Work by means of electronic communication by You (for example, by offering to download the Work from a remote location) the distribution channel or media (for example, a website) must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence and the way it may be accessible, concluded, stored and reproduced by the Licensee.

12. Termination of the Licence

The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms of the Licence.

Such a termination will not terminate the licences of any person who has received the Work from the Licensee under the Licence, provided such persons remain in full compliance with the Licence.

13. Miscellaneous

Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the Work licensed hereunder.

If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or enforceability of the Licence as a whole. Such provision will be construed and/or reformed so as necessary to make it valid and enforceable.

The European Commission may publish other linguistic versions and/or new versions of this Licence, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. New versions of the Licence will be published with a unique version number.

All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take advantage of the linguistic version of their choice.

14. Jurisdiction

Any litigation resulting from the interpretation of this License, arising between the European Commission, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice of the European Communities, as laid down in article 238 of the Treaty establishing the European Community.

Any litigation arising between Parties, other than the European Commission, and resulting from the interpretation of this License, will be subject to the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.

15. Applicable Law

This Licence shall be governed by the law of the European Union country where the Licensor resides or has his registered office.

This licence shall be governed by the Belgian law if:
- a litigation arises between the European Commission, as a Licensor, and any Licensee;
- the Licensor, other than the European Commission, has no residence or registered office inside a European Union country.

Appendix

“Compatible Licences” according to article 5 EUPL are:

- GNU General Public License (GNU GPL) v. 2
- Open Software License (OSL) v. 2.1, v. 3.0
- Common Public License v. 1.0
- Eclipse Public License v. 1.0
- Cecill v. 2.0

14) Acknowledgements

 
User Contributions
Many people have found the time to send us messages, both supportive and critical alike. These have helped to improve the programme's accuracy and usability. Bug reports are particularly welcome and many thanks to those who supplied information when we were unable to reproduce certain bugs on our systems.

The following individuals have contributed translations of the user interface:

Chinese (Traditional) by Minson

Czech by Karel Michal

Danish by Rasmus Bertelsen

Dutch by Ivan Laponder

Finnish by Rami Aalto

French by Fabrice Cherrier and Pages Ludovic

French (Belgium) by Pierre Bierwertz

German by Michael Klein-Reesink

Greek by George Kaub

Hebrew by Eli Ben David

Hungarian by Viktor Varga

Indonesian by Teguh Ramanal

Italian by Roberto Tresin

Japanese by Nardog

Korean by sushizang

Polish by Marek Kordiak

Portuguese by Dick Spade

Portuguese (Brazilian) by Roman Dario Cuattrin

Russian by Valeri Kruvyalis Email: vkvkvkvkvk_at_mail_dot_ru

Serbian(Latin) by Pera Konc

Slovak by Peter of SlovakSoft: www.slovaksoft.com E mail: info_at_slovaksoft_dot_com

Spanish by Juan Miguel MartíEmail: jmmarti_at_adinet_dot_com_dot_uy

Thai by Pongsathorn Sraouthai Email: pongsathorns_at_gmail_dot_com

Turkish by Nejdet Acar

Free Software

WinAudit is free software created using free software:

Application Verfier by Microsoft Corporation

ccm by Jonas Blunck

Code::Blocks by Yiannis Mandravellos and the Code::Blocks team

Cppcheck by Daniel Marjamäki and Cppcheck team

cpplint by Google Inc.

MinGW-w64 by Kai Tietz, Jonathan Yong and project members

Source Monitor by Campwood Software LLC

Visual Studio Express by Microsoft Corportation

Trademarks
WinAudit may display marques that are trademarks or service marks of their respective holders. These are reported as stored on the system. The list below includes, but is not exhaustive of, trademarks mentioned in the documentation:

3D Now!, Athlon, Duron, Opteron, Sempron and Turion are trademarks of Advanced Micro Devices.

Active directory, ActiveX, Microsoft, Windows, Windows NT, Outlook, Visual FoxPro and Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

Ethernet is a trademark of XEROX Corporation

FireWire is a trademark of Apple Computer, Inc.

Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

MySQL is a trademark of Oracle Corporation in the United States and other countries.

Oracle is a trademark of Oracle Corporation.

SuperDisk is a trademark of Imation Enterprises Corporation.

USB is a trademark of Universal Serial Bus Implementers Forum, Inc.

©Copyright 2003-2014 Parmavex Services, all rights reserved.

WinAudit Documentation

WinAudit comes with its documentation. To view the help, on the menu bar, select Help -> Using WinAudit.

1) Introduction

WinAudit is a free software utility that collects information about Windows® based personal computers. The programme is a single file that requires no installation. WinAudit is designed to produce a comprehensive audit with virtually no effort in a few seconds. You can save the output in web page, rich text and comma separated formats. Exporting to popular database is supported. WinAudit can be run at the command line allowing you to automate your data gathering.

2) What's New

Version 3.1

Publish: Commit changes 3.0.9 to 3.0.32 to version 3.1

Version 3.0.32

Change: Override default '.txt' extension in log file path (thanks aamjohns)

Version 3.0.31

Bug Fix: Spurious operating system edition descriptions (thanks aamjohns)
Bug Fix: Windows 10 Access Database connection issue (thanks Joao C. & Marius D.)

Version 3.0.30

Bug Fix: Double count of virtual volume storage (thanks Patrick R.)

Version 3.0.29

Test build

Version 3.0.28

Bug Fix: Incorrect processor package identifier (thanks Karol O.)

Version 3.0.27

Bug Fix: Updated list of operating system editions (thanks Neil N.)

Version 3.0.26

Bug Fix: Invalid Spanish database VIEW name (thanks Ismael G.)

Version 3.0.25

Bug Fix: Windows 10 incorrectly reported as Vista (thanks Aaron J.)

Version 3.0.23

Bug Fix: Incorrect Japanese (Shift-JIS) characters in comma separated output (thanks Josse Q.)

Version 3.0.22

Bug Fix: Incorrect GMT difference when daylight saving in effect (thanks Chris G.)
Re-work database export by using a locally stored GUID in WinAuditGuid.txt.

Version 3.0.21

Bug Fix: Remove redundant string buffer overflow check on database export of Fully Qualified Domain Name (thanks Chris G.)

Version 3.0.20

Show a message if no Extended Display Identification Data is available.

Version 3.0.19

Added: Detect Windows 10.

Version 3.0.18

Added: Add file extension to path in Save File dialog box.

Version 3.0.17

Added: Separator declaration to csv output for Excel usability (thanks Denis D.)
Bug Fix: Incorrect operating system build number on Windows 8 (thanks Denis D.)

Version 3.0.16

Added: Save data in columnar comma separated output (csv2).

Version 3.0.15

Maintenance changes

Version 3.0.14

Maintenance changes

Version 3.0.13

Changed: Two computer identifiers used for database export.

Version 3.0.12

Added: Detect "Delayed Start" services (thanks suggestion George N.)

Version 3.0.11

Bug Fix: Redundant rich text escape sequences (thanks Thomas L.)

Version 3.0.10

Bug Fix: Missing default strings when run from the command line  (thanks Thomas L.)

Version 3.0.9

Bug Fix: Incorrect Local Group comma separated list  (thanks DeeZee)

Version 3.0.8

Bug Fix: Missing Automatic Updates in SQL report (thanks RedErik)

Version 3.0

Bug Fix: Monitor detection bug (thanks Jiri S.)
Bug Fix: Missing Windows product ID on some systems (thanks Jiri S.)
Bug Fix: ISO8601 conformat timestamps for SQL Server (thanks Miroslav P.)
Added: IP Routing table (thanks James R. for suggestion).
Dropped: Support for Windows version prior to XP.
Dropped: Printing.
Dropped: Export data to Oracle™ database.
Dropped: Save report in chm, pdf and formatted text and xml formats.
Dropped: The lengthy tasks of finding files and listing system files.
Changed: Command line options.
Added: OLE DB Drivers.
Added: Timestamps in the command line (thanks Aaron J. for suggestion and testing).
Added: Support for PostgreSQL (thanks Lukasz Dargiewicz for suggestion and testing).
Bug Fix: Missing manufacturer name in data posted to database (thanks Aaron J.)
Bug Fix: Output file path truncation at full stop (thanks Ken C.).
Added: Additional security related policies and settings.
Added: Detect software installed by the current user.
Bug Fix: Missing data for executables in XML output of (thanks Satu K.).
Bug Fix: Invalid characters in XML output (thanks Satu K.).

Version 2.29
Change: On XP and newer the Maximum Swap File is the system wide value.
Added: Display resolution in pixels.
Bug Fix: Missing processor information (thanks Perry M.).
Bug Fix: Incorrect processor counts (thanks Stuart).
Change: List physical rather than logical processors.
Bug Fix: Updated list of Windows Editions (thanks Trevor L.).
Bug Fix: Missing logon statistics in XML output (thanks Volker S.).
Bug Fix: Incorrect characters in hard drive serial number (thanks Stephen R.).
Bug Fix: Typo 'Communication' in the database table Display_Names (thanks Eric O.).
Bug Fix: Failure when creating SQL Server 2000 database (thanks Fabien M.).
Bug Fix: Missing error log data when run from command line (thanks Trevor D.).
Bug Fix: SQL Server database now created in auto-commit mode (thanks Greg H.).
Bug Fix: Missing SMBIOS information (thanks Christophe M.).
Bug Fix: Duplicated number of bits in operating system name (thanks Christophe M.).

Version 2.28
Finnish translation of the user interface contributed by Rami Aalto.
Bug Fix: Missing printer information in XML output (thanks Joao G.).
Added: The Operating System's bit size.
Bug Fix: Incomplete image names for HTML pages(thanks Steven F.).
Bug Fix: Missing serial number on some systems (thanks Brian G. and Tom H.).
Bug Fix: Removed duplicate software titles (thanks David R.).
Added: Find non-Windows executables.
Added: The operating system's installation language.
Added: User logon statistics.
Added: Software metering.
Added: Open Database Connectivity drivers and source names.
Added: Tabular format for export of audit to a database.
Bug Fix: Hard drive information missing on some systems (thanks Ismael S.).
Added: Added account name and file path to the Services category.
Bug Fix: System Management BIOS missing on some systems (thanks Ismael S.).
Updated: French (Belgium) translation of the user interface by Pierre Bierwertz.
Change: Some network data items now require Windows 2000 with Service Pack 4.
Updated: Turkish translation of the user interface by Nejdet Acar.
Bug Fix: Mal-formed XML output of binary data (thanks Josh K.).
Added: Command line switch to specify the maximum event log entries to be reported.
Change: Horizontal page breaks for PDF, Preview and Printing.
Change: Report only unique messages from system error logs.

Version 2.27
Traditional Chinese translation of the user interface contributed by Minson (Unicode only).
Bug Fix: Incorrect version of Spybot reported under certain conditions.

Version 2.26
Danish translation of the user interface contributed by Rasmus Bertelsen.
Slovak translation of the user interface contributed by SlovakSoft (Peter).
Updated: Korean translation (sushizang).

Version 2.25
Japanese translation of the user interface contributed by Nardog (Unicode only).
Bug Fix: Missing hard drive details (thanks Stephen R.).

Version 2.24
Thai translation of the user interface contributed by Pongsathorn Sraouthai.
Added: Security permissions on shared folders and printers (NT4+)
Added: Identification of multiple displays.
Change: Restructured the category Installed Software.
Change: Removed the Last Access Time of a file in the category Find Files.
Checked: Windows® Server 2008 Beta.

Version 2.23
Korean translation of the user interface contributed by sushizang (Unicode only).
Added: When a file was last accessed in the category Find Files.
Bug Fix: Incorrect command line timeout of 1 minute (thanks James B.).

Version 2.22
Updated: Russian translation of the user interface contributed by Valeri Kruvyalis.
Bug Fix: Programme crash in Installed Software step on Vista™ (thanks to many).
Bug Fix: Start-up failure with the message 'Failed to set a property' (thanks Clever M.).
Bug Fix: Document font style error (italic/bold).
Updated: Detection of product identifiers in Software Licenses section.
Change: Name changes consistent with the Common Information Model specification.
Updated: Specification updates and minor changes to System Management BIOS.
Change: Timeout on listing of updates via the Windows® Update Agent.
Typo: Fixed error on PDF dialog (thanks Hug).

Version 2.21
Portuguese (Brazilian) translation of the user interface contributed by Roman Dario Cuattrin.
Updated: Portuguese translation of the user interface contributed by Dick Spade.
Hebrew: Fixes for right-to-left word ordering.

Version 2.20
Hebrew translation of the user interface contributed by Eli Ben David.
Greek translation of the user interface contributed by George Kaub.
Added: Bi-Directional user interface.
Bug Fix: Bad font name results in empty PDF pages, print preview failure and permanently hidden menu bar (thanks Timo A.).

Version 2.19
French (Belgium) translation of the user interface contributed by Pierre Bierwertz.
Re-instate: Hard disk details in non-administrator mode on Windows® NT4, 2000 & XP.
Added: ANSI version runs in the pre-installation environment.
Bug Fix: Display capabilities missing when Extended Display Identification Data is unavailable.
Change: Report domain membership in preference to authenticating domain (Windows® 95, 98 & Me).

Version 2.18
Polish translation of the user interface contributed by Marek Kordiak.
Rollback: Incorrect build procedure causing crashes and aborts (thanks Jac H./Earnie D.).
Bug Fix: Potentially invalid XML document if unable to obtain Update Agent data.
Added: Export data to Microsoft® Access 2007 and Firebird® 2.0 databases.
Added: Report the computer's dynamic site name.
Bug Fix: Missing network information on certain systems.

Version 2.17
Bug Fix: Incorrect hard drive information (thanks I. Stern!).
Database: Export at command line via a DSN-Less connection.
Added: Display adapter/graphics card information.
Added: Printer driver details.
Added: Environment variables.
Added: Selected Regional Settings.
Bug Fix: Command line ODBC error (introduced in v2.16).
Bug Fix: Missing data when there are many items (introduced in v2.16).

Version 2.16
Indonesian translation of the user interface contributed by Teguh Ramanal.
Vista™: Implement/fix software usage, system restore and WMI authorisation.
Added: Database export via machine independent data sources (File DSN).
Added: Support for Remote Desktop/Terminal Services environment.
Added: Support for the pre-installation environment (Unicode version).
Accessibility: Visually impaired colour scheme behaviour.
Added: Popular anti-spyware software to the Security category.
Added: Display identification to the Display Characteristics category.

Version 2.15
Serbian(Latin) translation of the user interface contributed by Pera Konc.
Vista™ ready (provisional). This operating system is being developed.
Detect Internet Explorer® 7 and Windows® Mail.
Support for Task Scheduler 2.0 .
Windows Update Agent information added to Installed Software.
Save output in compiled html (chm) format.
Bug Fix: Incorrect line colour in normal contrast mode.

Version 2.14
Save output using Media Access Control (MAC) Address.
User interface improvements.
Change: Html output in command line mode is now saved as frames.
Update: Turkish translation.

Version 2.13
Turkish translation of the user interface contributed by Nejdet Acar.
French translation of the user interface contributed by Fabrice Cherrier and Pages Ludovic.
Bug Fix: Replaced Non-ASCII characters in URI attribute of FRAME tag in html document.

Version 2.12
Hungarian translation of the user interface contributed by Viktor Varga.
User interface visual and presentational style changes.
HTML copy, bitmap compression and PNG format for images.
Scaleable fonts for PDF document.
Set translation language on command line.

Version 2.11
Dutch translation of the user interface contributed by Ivan Laponder.
Additional system wide and user account password information.
Save report in XML format with associated xml-to-html style sheet.
Disk and memory usage image filenames use the computer's name as a prefix.

Version 2.10
Russian translation of the user interface contributed by Valeri Kruvyalis.
Improved handling of non-Latin characters.
Added a facility to save diagnostic disk and storage information.
Bug Fix: Incorrect and/or duplicate disk information on certain multi-disk systems.
New Features in Version 2.09
German translation of the user interface contributed by Michael Klein-Reesink.
New Features in Version 2.08.2
Bug Fix: Missing network shares on some operating systems.
Added site name to the System Overview section.
Added discovery of 'Media Edition' for Windows® XP.
Added computer description to the System Overview section.
System restore points displayed in descending sequence of creation.

Version 2.08
Portuguese translation of the user interface contributed by Dick Spade.

Version 2.07
Czech translation of the user interface contributed by Karel Michal.
Changes: A few data item names have been modified.
Bug Fix: Missing uptime statistics in CSV output.
Bug Fix: Missing user accounts on some operating systems.

Version 2.06.x
Minor updates and bug fixes:
- Security: added programmes permitted to execute data.
- Security: added dates of system restore points.
- PDF: added bookmarks to document.
- Database: improved concurrency.
- Bugs: fixes for PDF permissions and processor numbering.

Version 2.06
Italian translation of the user interface contributed by Roberto Tresin.

Version 2.05
Added a facility to log audit messages and activity.
Added a facility for user friendly message in command line mode.
Fixed wide/international character bugs.

Version 2.04
Added processor APIC physical identification, logical count and number of cores.
Added detection of Windows® 2003 Server R2.
Added a facility to save raw processor data (CPUID) to a text file.
Corrected a System Management BIOS bug.

Version 2.03
Export report to Microsoft® SQL Server 2005 database.

Version 2.02
Added command line timeout option.

Version 2.01
Spanish translation of the user interface contributed by Juan Miguel Martí.

Version 2.0
This version of WinAudit is a significant improvement upon earlier releases. The programme reports on virtually every important aspect of computer inventory, configuration and operation. WinAudit displays results in web-page format, categorised for ease of viewing and text searching. Whether your interest is in software compliance, technical support, security or just plain curiosity, WinAudit has it all. The programme now has advanced features such as service tag detection, hard-drive failure diagnosis, network port to process mapping, network connection speed, system availability statistics as well as Windows® update and firewall settings. WinAudit is able to export audits to enterprise level databases such as Oracle®, SQL Server® and Firebird®. The programme auto-detects transaction capabilities to optimise record insertion and can be used in bulk insertion mode where concurrency and network traffic issues are important. Server side time stamping and logon authentication ensures that you have an audit trail of every audit posted to the database.
- Software licenses, usage and Windows® Installer data.
- Operating system details.
- Security settings, audit logs, open ports and updates.
- Groups and user accounts.
- Windows® networking details.
- Hardware devices and their state.
- System Management BIOS information.
- Extensive processor information.
- Physical disk detection.
- Information on services.
- List of loaded modules.
- File searching.
- Save report in portable document format.
- Enhanced printing and document previewing.
- Database export to Oracle® and SQLite.

Version 1.3
Added e-mail support.
Added BIOS information.
Additional drive information.

Version 1.2.4
Minor change to command line support.
Minor changes to help documentation.

Version 1.2.3
Included export of audit report to dBase™ and Firebird® databases.

Version 1.2.2
WinAudit issued under Freeware license.
Executable Compression by UPX.

Version 1.2.1
Minor ODBC bug fix on Windows® 98.

Version 1.2
Added ODBC database support.
Added XML support.
Added command line support.
Improvements to user interface.

Version 1.1
Overall improvements in performance.
Minor bug fixes.

Version 1.0
Initial release.

3) Install/Remove WinAudit

3.1) System Requirements
WinAudit runs on the Windows® operating system and requires XP or newer.

3.2) Installing WinAudit
WinAudit is 'ready to run'. It has been designed so that you do not need to go through a setup procedure. The programme neither installs files onto the computer nor modifies the system registry. WinAudit is a well-behaved auditing programme in the sense that it attempts not to alter the computer it is examining.
Tip: to create a shortcut on your computer's desktop select: File + Desktop Shortcut

3.3) Removing WinAudit
Because WinAudit did not install any files onto the computer, there is no un-install procedure. Delete the programme file WinAudit.exe and possibly WinAudit.ini that may have been created. If you created a desktop shortcut, you should delete that as well.

4) Frequently Asked Questions

Q1: How Much Does WinAudit Cost?
WinAudit is freeware, which means that it comes at no cost whatsoever. You may make as many verbatim copies of the programme as you desire and distribute them to anyone. Under no circumstances are you allowed to charge for the software itself. Parmavex Services retains the right to change its licensing policy for future releases of the programme.

Q2: Can I Send You a Message?
Send a message to winaudit_at_parmavex_dot_co_dot_uk. Be sure to include WinAudit in the subject otherwise it will be automatically deleted. We receive a lot of e-mail concerning WinAudit, so we tend to prioritise messages. Reported bugs and programme misbehaviours will receive our highest attention. Requests for feature additions or clarification of the report will generally get a prompt reply.

Q3: I Did Not Receive a Reply to My E-mail
To get a prompt reply be sure to send your message to winaudit_at_parmavex _dot_co_dot_uk and include WinAudit in the subject. If you did that, re-send your message as it may have been inadvertently deleted along with the daily dose of spam.
Parmavex Services automatically rejects email with suspect content or originating from mail servers known to send unsolicited e-mail. In general, neither you nor us will receive notification that this has happened. Some Internet providers, in an effort to reduce spam, are using 'white lists', that is they will only accept e-mail from people who have manually registered themselves on their list. Consequently, your Internet provider may block our reply to you.

Q4: When Is The Next Update Due?
We do not have a schedule of regular updates. Improvements are made on an ad-hoc basis depending on the time available and requests from users. In general, if a bug is found this is corrected as quickly as possible. We do not keep mailing lists or send e-mail alerts. If you are interested in programme updates you should check our website.

Q5: Can I Audit a Remote Computer?
No, for security and performance reasons WinAudit has been specifically designed not to audit a remote/networked computer. The programme's small size, no setup and Freeware license means that you can readily copy it to a networked computer. The programme can be executed in batch or user mode and reports obtained by means of a network save, database export or e-mail. Alternatively, run the programme in the remote desktop environment.

Q6: Why Does WinAudit Show IP Address 0.0.0.0?
Most probably, you are connected to the Internet via a dial up connection. Developing a robust method for determining the IP address while using a modem is problematic. Also, for computers configured to obtain a dynamic address from a DHCP server, this value may be 0.0.0.0 and the item DHCP IP Address will show the leased address in use.

Q7: Hey, That's Not Correct!
WinAudit reports information as found on your computer. If the original data is incorrect or missing, the report will simply reflect that. Some types of information, such as System Management, are known to be error prone. Further, if the operating system does not support certain functionality or forbids it, the programme cannot report it. If you are in doubt about something in the audit report send it to your IT support person for an opinion. If you think you have discovered a bug in the programme you can send us a message to winaudit_at_parmavex_dot_co_dot_uk.

Q8: A Software Product ID Is Not Shown
Guidelines exist for where software vendors should store their product information. Most vendors follow these but it is not a requirement. WinAudit looks in these recommended places and other specific locations used by popular software. If, for some reason, the software vendor has not followed the guidelines, changed their habitual storage location or simply chosen to store the information in some proprietary manner WinAudit will not be able report on it.

Q9: Does WinAudit Show Installation Keys?
No. WinAudit shows Product IDs, these are not installation keys. Typically, the product ID is presented to you during installation of the software. It is often found on the 'Help + About' box and is used to register the software. Installation keys are those that are found on original packaging, software certificates or license agreements. WinAudit does not attempt to recover lost installation keys.

Q10: Can WinAudit Search for Files?
No. That feature has been removed as it usually results in very lengthy run times.

5) Auditing Your Computer

Start Windows® Explorer and go to the folder where you saved WinAudit.exe, double-click on the programme to start it. Normally, the programme will automatically begin collecting data. If not, click the Audit button on the toolbar.

WinAudit can generate copious amounts of information that is of interest only to the specialist user. To tailor the audit report's content, on menu select View + Audit Options and check the boxes that interest you. Next, click Apply to start auditing your computer.

System Overview
The computer's identification, asset/service tags and an overview of its resources.

Installed Software
Itemised list of installed software, licenses, usage etc.

Operating System
Name, registration and version details.

Peripherals
Lists standard peripherals as well as network printers for which connection information is stored locally. WinAudit does not interrogate remote/networked peripherals.

Security
Entries from the security log, open ports, important security settings as well as software and updates.

Groups and Users
Groups and user accounts. Includes details on policies, password ages etc.

Scheduled Tasks
Lists the programmes set to run at scheduled intervals.

Uptime Statistics
Statistics based on system availability, start-ups and shutdowns.

Error Logs
Errors posted by the operating system, services and applications to system log files.

Environment Variables
The environment variables used for running process.

Regional Settings
Date, time and currency settings used by the current user.

Windows Network
Details of connected sessions, files in use and shared resources.

Network TCP/IP
Shows adapter names, IP addresses and other network related parameters.

Hardware Devices
A list of devices in and attached to the computer.

Display Capabilities
A summary of the displays characteristics and supported features.

Display Adapters
A list of the computer's display adapters, also known as graphics cards.

Installed Printers
Locally installed printers, network printers are ignored by design.

BIOS Version
System and video identification and dates.

System Management
Extensive information ranging from chassis to system slots to memory devices.

Processors
Name, speed, instructions, cache etc.

Memory
RAM and swap file usage.

Physical Disks
Disk detection showing capacity, manufacturer, serial number etc.

Drives
Details of usage and geometry. Network drives are ignored by design.

Communication Ports
Parallel and serial ports for peripherals.

Startup Programs
Itemised list of automatically started programmes .

Services
Itemized list of installed services

Running Programs
List of programmes currently in use with a brief description and memory usage.

ODBC Information
The Open Database Connectivity drivers and data source names found on the computer.

OLE DB Drivers
The OLE DB drivers installed on the computer.

Software Metering
Shows a list of programs that have been used and how often.

User Logon Statistics
Shows summary statistics of the users that have logged on to the computer.

6) Audit Report

6.1) System Overview

This category gives an overall summary of the computer's identification and resources.

Computer Name
The name that identifies the computer on a network. Names are usually in upper case and unique on a given network.

Domain Name
The domain or workgroup, if any, to which the computer belongs. A domain is a set of computers that has access to a centralised database of user account and other information.

Site Name
The site or location of the computer. This is Active Directory® functionality and requires. By design, only the local computer is interrogated for this information. If a dynamic site name can be discovered it will be reported in preference to a static name.

Roles
The services or functions that the computer fulfils such as Workstation, Server, Primary Domain Controller etc.

Description
An administrative description or comment about the computer.

Operating System
Combined description of the operating system using its name and edition or release.

Manufacturer
The system or chassis manufacturer as recorded in the BIOS.

Model
The model of the computer. This is the “Product Name” designated by the manufacturer in the BIOS.

Serial Number
The system or chassis serial number as recorded in the BIOS. Sometimes referred to as the service tag.

Asset Tag
The asset tag number as recorded in the BIOS.

Number of Processors
The number of physical processor packages detected.

Processor
Combined description using its name and speed. The name is obtained from the processor itself or is resolved from its signature and physical characteristics. Speed in is MHz and is either estimated over a number of processor cycles or taken from the registry. On multi-processor systems, only data for the first one is shown.

Total Memory
Amount of installed random access memory in MB. WinAudit adopts the most widely used convention that 1MB = 1024*1024 bytes = 1,048,576 bytes.

Total Hard Drive
Sum of the capacities of all local hard drives, commonly expressed in GB.

Display
A description of the display such as its size.

BIOS Version
The version of the system BIOS as reported in the system registry.

User Account
The name of the user logged onto the system.

System Uptime
The length of time since the system was turned on (booted).

Local Time
The date and time in YYYY-MM-DD HH:MM:SS format of the computer's local time.

6.2) Installed Software

This section shows the software installed on the computer. Installation usually involves some form of setup procedure. It may have occurred manually or automatically and may have used a generic installation programme or the one provided by the Windows® operating system. Because different software publishers adopt different procedures when installing software, WinAudit searches in several places to discover the information. Software that has simply been copied onto a machine (e.g. WinAudit) has not been installed, so it will not appear in the list. Necessarily, software that masks its presence will not be found.

Active Setup Software

This section shows Active Setup software components. Active Setup is a method of downloading software to keep applications up-to-date. This normally happens when a user visits a software vendor's website. The components themselves often form part of a larger software application.

Name
The name of the software component.

Version
The version of the software component.

Installed
Indicates if the software is installed. Normally this item is 'Yes' or 'No'. However, if the software component has not registered its installation status this data item will be blank.

Installed Programs

This section shows software installed on to the computer using a setup programme. The amount of and how this information is stored during setup is at the publisher's discretion. In general, most publishers do not record the install date or version in a standard way. Where possible software usage data is also shown.

Software usage data presented in this is read from the operating system's so-called Add/Remove Programs cache. This data is of low quality hence it should be used with caution.

Name
The name of the software typically as recorded in the system registry.

Vendor
The publisher or manufacturer of the software.

Version
The version of the software, if any, This information is supplied at the discretion of the software vendor. Only a minority choose to record this in a standard machine-readable format.

Product Language
The language of the software, expressed in English e.g. Greek.

Install Date
The date on which the software was installed. Note, the recommended guidelines for installing software do not make provision for recording this date. If present, it usually takes a YYYYMMDD form, i.e. a four digit year followed by a two digit month then a two digit day. For example, 20050630 would be June 30, 2005. Other formats are not uncommon.

Install Location
The location of the installed software.

Install Source
The location from where the software was installed.

Install State
The state of the software e.g. Installed or Absent. Requires that the software was installed using Windows® Installer.

Assignment Type
The visibility of the software on the computer, either Per Machine or Per User. In the former case this means that the software is installed or advertised for use by all user accounts on the machine. Requires that the software was installed using Windows® Installer.

Package Code
The identifier of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Package Name
The name of the package from which the software was installed. Requires that the software was installed using Windows® Installer.

Local Package
Where the package is stored locally, from which the software was installed. Requires that the software was installed using Windows® Installer.

Product ID
The product identifier of the installed software. WinAudit shows product identifiers, not installation keys.

Registered Company
The company registered to use the software. Requires that the software was installed using Windows® Installer.

Registered Owner
The owner registered to use the software. Requires that the software was installed using Windows® Installer.

Times Used
The number of times the software has been used during the last 30 days. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Last Used
The date on which the software was last used formatted according to the user' settings. WinAudit reports the data as presented by the operating system and it may not reflect actual software usage. On Windows® Vista™ this data is at the user level.

Executable Path
The location of the executable file used for determining how often the software is being used as described above.

Executable Version
The file's version number. This data, if present, was embedded in the file when it was created by its vendor.

Executable Description
A description of the functionality the file provides. This data, if present, was embedded in the file when it was created by its vendor. Requires Windows® 2000 or newer.

Software ID
The identifier for the software, typically the name of a registry key.

Software Updates

This section shows the updates installed on the computer. Other installation event types, such as failures, are ignored. Both operating system and software application updates are presented here. Note, the operating system can be reported as an update if it has been itself upgraded, e.g. Windows® 98 to Window® XP.

Update ID
The identifier of the update, not necessarily unique. Typically a Knowledge Base (KB) number but can be in any format.

Installed On
The date the update was installed. If possible dates are presented in ISO format (YYYYMMDD).

Description
A description of the update as specified by the publisher.

6.3) Operating System

Administrative and compliance details concerning the operating system.

Name
The name of the operating system. e.g. 2008.

Edition
The edition, also known as the release, specifies the variation of the operating system. For example, Home Edition, Professional Edition or Enterprise Edition. Note, there many editions and WinAudit has not been, nor is ever likely to be validated on all possible name-edition combinations of the Microsoft® Windows® operating systems.
A computer that has had the Small Business Edition of the operating system installed will continue to identify itself as such, even if it has been upgraded to another edition such as Standard or Enterprise.

Install Date
The operating system installation date formatted according to the user's settings.

Registered Owner
The person to whom the operating system is registered as recorded in the system registry.

Registered Organization
The organization to which the operating system is registered as recorded in the system registry.

Product ID
The Product ID of the operating system. Note, the product ID is not the same as the installation key.

Major Version Number
The major version of the operating system.

Minor Version Number
The minor version of the operating system.

Build Number
A number to identify the version of the operating system as it is being developed, e.g. 2600.

Service Pack
Description of the service pack or Corrective Service Diskette (CSD) installed on the computer, e.g. Service Pack 3.

Service Pack Version
The version of the service pack expressed as a 'major.minor' string, e.g. 3.0 .

Plus! Version Number
The Plus! version number as recorded in the system registry.

DirectX® Version
The version of DirectX® installed on the computer. This application is comprised of several components such as DirectDraw® and DirectSound®. The version number shown refers to the overall DirectX installation. Individual component versions may be shown in the Active Setup and Windows Installer sections. In some cases, a system library file version may be shown.

Windows Directory
The directory that contains the operating system's applications, help files and other information.

System Directory
The directory containing the files required by the operating system, hardware and software applications.

Temporary Directory
The current user’s directory used for temporary storage of files and data.

Operating System Language
The installation language of the operating system.

Number of Bits
The bit size of operating system, e.g. 32 or 64.

6.4) Peripherals

This section lists the common types of peripherals attached to or installed on the computer.

Name
The name or type of peripheral. WinAudit reports the following common ones: mouse, keyboard, display, local and remote printers, mapped drives and if a network is installed.

Description
A description appropriate to the peripheral in question. For example, if a mouse is installed the number of buttons is shown as well as if those buttons are reversed. By design, WinAudit does not directly interrogate networked resources such as printers and mapped drives. Instead, it reports locally stored information concerning previous connections made to networked resources. This is a performance consideration, if the network is down or if a resource no longer exists then the programme would have to wait for a network time out (typically 30 seconds per resource).

6.5) Security

This section shows details relevant to the secure operation of the computer. WinAudit discovers various types of data and groups these according to functionality. Computer security is a large area and the content of the report emphasises those that are of key interest. Not all information is available on all versions of Windows® and in a few cases, administrator level privileges are required to report certain items detailed below.

Kerberos Policy
The currently defined Kerberos policy. Administrator privileges are required to view this information.

Enforce user logon restrictions
Validate every request for a session ticket against the user rights policy of the user account.

Maximum lifetime for service ticket
The maximum time that a granted session ticket can be used to access a particular service.

Maximum lifetime for user ticket
The maximum time that a user's ticket-granting ticket (TGT) may be used.

Maximum lifetime for user ticket renewal
The time during which a user's ticket-granting ticket (TGT) may be renewed.

Maximum tolerance for computer clock synchronization
The maximum time difference that Kerberos tolerates between the time on the client clock and the time on the domain controller that provides Kerberos authentication.

Kerberos Tickets

The list of Kerberos tickets currently in use by the logged on user. Administrator privileges are required to view this information.

Server Name
The name of the server the ticket applies to.

Realm Name
The name of the realm the ticket applies to.

Start Time
The time at which the ticket becomes valid. This data point is optional and is formatted to UTC in the user's locale.

End Time
The time when the ticket expires formatted to UTC in the user's locale.

Renew Time
If shown it is the time beyond which the ticket cannot be renewed. Formatted to UTC in the user's locale.

Encryption Type
Description or a defined constant of the encryption used in the ticket.

Ticket Flags
The properties of the ticket. This may be a combination of any or none of Forwardable, Forwarded, HW authent, Initial, Invalid, May postdate, OK as delegate, Postdated, Pre authent, Proxiable,Proxy and Renewable.

Network Time Protocol

The current settings for Network Time Protocol.

Name
The name of the setting.

Setting
Value as taken directly from the system registry at HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

Printer Permissions

This section shows the security on the installed printers. For each printer is displayed is a list of trustees. For each trustee is displayed a list of permissions. The same trustee may occur multiple times. The trustees, hence the permissions, are reported in the same order that the operating system uses when its determines a trustee’s access.

Name
The name of the printer to which the permission applies.

Object Type
The Windows® operating system maintains many types of objects on which permissions can be applied. In this context, the securable object is 'Printer'.

Trustee
The account on which permissions have been set. This is usually a group name but can be specia lname such as CREATOR OWNER. In some instances, for example if the trustee account has been deleted a string representation will be reported. This begins with S and is followed by a sequence of digits and hyphens such as S-1-2-32-544. This particular string is the default Administrators group (BUILTIN\ADMINISTRATORS)that was created when Windows was installed. For objects with no security the term 'No Trustee' will be shown.

ACE Type
ACE is an abbreviation of Access Control Entry, i.e. a set of permission for a given trustee. The type reported is usually Allow or Deny.

Permissions
A list of permissions that apply to the Trustee. For example, if the trustee is Guests, the ACE type is Allow and this list contains Print then Guests would be able to print. Typically the permissions are shown as common English Language words however, upper case strings may be reported. Their interpretation is Object Type dependent.

ACE Flags
A list that enumerated the behaviour of this permission set. The interpretation of this list is Object Type dependent but typically it describes how the permissions relate its parent and/or children.

Access Mask
A binary representation of the permissions that have been set on the trustee. This is 32 characters long with the least significant bit to the right. A one (1) indicates a permission is set. The exact meaning of each permissions Object Type dependent. This is the raw data from which the Permissions list is created.

Owner
The owner of the printer. This is at the securable object level, in other words it is the same for all trustees.

Registry Security Values

A list of security related values read directly from the registry. The values displayed are drawn from those typically reported by Microsoft's secedit.exe.

Subkey
The trailing part of the registry subkey as shown in bold below, their full paths are:
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled
HKLM\Software\Microsoft\Driver Signing\Policy
HKLM\System\CurrentControlSet\Services\Eventlog\Application\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Security\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\System\RestrictGuestAccess
HKLM\System\CurrentControlSet\Services\Eventlog\Application\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Security\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\System\Retention
HKLM\System\CurrentControlSet\Services\Eventlog\Application\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\Security\MaxSize
HKLM\System\CurrentControlSet\Services\Eventlog\System\MaxSize
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature
HKLM\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
HKLM\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
HKLM\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
HKLM\System\CurrentControlSet\Control\Lsa\DisableDomainCreds
HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
HKLM\System\CurrentControlSet\Control\Lsa\ForceGuest
HKLM\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing
HKLM\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
HKLM\System\CurrentControlSet\Control\Lsa\NoLMHash
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
HKLM\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
HKLM\System\CurrentControlSet\Control\Session Manager\ProtectionMode
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\optional
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine
HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine

Setting
The corresponding value found at the subkey, formatted as a string.

Security Log
The operating system can be configured to keep an audit log of security related operations. WinAudit examines this log and extracts those entries identified as audit failures. These entries generally arise when an operation is attempted and permission is denied. An example would be trying to read a file for which a user does not have sufficient privileges. The audit log can grow quite large, so only the twenty five (25) most recent unique entries are shown. Entries are reported in reverse chronological order with duplicates being ignored. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.
Source Name
The name of the programme which generated the audit entry.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

Security Settings
This section shows various configuration settings that are related to computer security.

Item
The type of application, configuration, service or policy to which the information pertains. One of Accounts, Account Lockout Policy, AutoLogon, Automatic Updates, Audit Policy, Execute Data, Internet Explorer, Network Access, Network Security, Password Policy or Screen Saver.

Name
The name of the configuration item.

Setting
The value of the configuration item. The value reported necessarily depends on the type of data. For example if the type is AutoLogon then the value will be either Yes or No to signify that this feature is enabled or disabled respectively.
Accounts: Shows the status and names of the built-in 'Administrator' and 'Guest' accounts.
Account Lockout Policy: Shows the account lockout policy.
AutoLogon: If enabled, at computer startup the logon screen is not shown and the logon takes place automatically using a domain/username/password combination stored in plain text in the registry.
Automatic Updates: Shows if Windows® is configured to perform scheduled downloads of updates. The periodicity of the schedule is shown. Requires at least Windows® 2000 with Service Pack 3 or newer.
Audit Policy: Shows the audit policy for the event security log.
Execute Data: Shows the programmes that are allowed to execute data. Data execution prevention is a processor-based feature that monitors programmes. It is available on Windows® XP with Service Pack 2 and Windows®2003 with Service Pack 1. The programmes listed in this section have been given permission to by-pass this security check thereby giving them access to normally protected areas of memory.
Network Access: Shows if anonymous users can translate Security Identifiers to account names.
Network Security: Shows settings from the Security Options section of Local Computer Policy.
Password Policy: Shows the password policy.
Screen Saver: Applies to the logged on user. Shows if enabled, the timeout and if it is password protected. On newer versions of Windows® local screen saver settings can be overridden by group wide policies.

System Restore

Sequence
The order in which the restore point was created. The first one is the most recent, regardless of the time setting of the computer's clock.

Creation Time
The time and date when the state of the system was saved. WinAudit attempts to display this date in yyyy-mm-dd hh:mm:ss format. It is the time of the computer's clock.

Description
A description of this particular restore point.

User Privileges

This section shows the privileges of the logged on user.

Privilege Name
The programme attempts to translate the privileges as understood by the operating system into a human readable form. On some systems, no translation may be available therefore, WinAudit presents the privilege's raw name. It will start with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

User Rights Assignment

The rights and privileges granted to accounts as specified in the User Rights Assignment section of the Local Computer Policy. Administrative level privileges are required to discover security related data.

Policy
The name or description of the right or privilege granted.

Security Setting
A comma separated list of grantees. If no name could be resolved, the Security Identifier will be displayed.

Windows® Firewall

Name
The name of an aspect of the firewall. One of Firewall Enabled, Authorised Application, Authorised Service or Authorised Port.

Setting
A description of a setting appropriate to the item in question. For example, Firewall Enabled might be Yes or No.
Firewall Enabled: Shows the state of the firewall, either Yes, No or Unknown.
Authorised Application: The name of an application that has been authorised to connect to a remote computer through the firewall. An example is Outlook Express.
Authorised Service: The name of a service that has been authorised to listen and accept incoming connections through the firewall. An example is File and Printer Sharing.
Authorised Port: A port that is authorised to be opened and to allow data to flow through it. The format is protocol:port_number:remote_address where the protocol is either TCP or UDP. If the remote address is an asterisk then the port can connect to any host. An example is TCP:80:*.

6.6) Groups and Users

This section enumerates the local groups, global groups and user accounts on the computer. By design, no attempt is made to discover account information held on remote computers. Administrator or Account Operator privileges are required to report on local groups. The distribution/mailing type groups as used by Active directory® are not enumerated.

6.6.1) Groups
The membership and permissions are shown for each local group. A local group is a set of users who have common permissions on the local computer. For security reasons, Administrator or Account Operator privileges are required to discover this information.
Group Type
Either a local or global group.

Group Name
The name of the group

Comment
Free formatted string typically entered by the system administrator.

 
6.6.2) Group Members

Group Name
The name of the group.

Member Name
The member name.

 
6.6.3) Group Policy

An enumeration of the policy privileges accorded to the group.

Group Name
The name of the group.

Privilege Name
The privilege name granted to the group. This starts with 'Se' and by examining it, one can usually make an intelligent guess as to the type of privilege granted.

 
6.6.4) Users

A listing of the user accounts held on the system. Depending on the version of the operating system and the security policy in effect, some account information is securable and may require administrator privileges to view.

User Account
The user's name for this account.

Full Name
The full name of the user who uses the account.

Description
A description or comment of the user's account.

Account Status
The status of the account such as enabled, disable or locked.

Local Groups
A list of local groups to which this account belongs.

Global Groups
A list of global groups to which this account belongs.

Last Logon
The last time the user logged on. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Last Logoff
The last time the user logged off. The date shown is formatted according to the date style in use. Information is obtained from the local machine only.

Number of Logons
The number of times the user has logged on. Information is obtained from the local machine only.

Bad Password Count
The number of times the user attempted to logged on but failed due to a bad password. Information is obtained from the local machine only.

Password Age
The age of the password, i.e. for how many days the user has been using the same logon password.

Password Expired
Indicates whether or not the user's password has expired, typically the user must supply a new one at next logon.

Account Expires
The date on which the account is due to expire. If blank, then it never expires.

6.7) Scheduled Tasks

This section enumerates the automated tasks that are scheduled to run on the computer.

Task Name
The name of the task.

Status
The current status of the task, such as ready, disabled, running etc.

Schedule
Textual description of the periodicity at which the task is scheduled to run.

Next Run Time
The next time that the task will run.

Run Command
The command(s) to perform, typically a path to an executable file or short cut. Any parameters passed to the executing programme will also be shown. On Windows® Vista this may also be an action such as 'Send e-mail'.

Maximum Run Time
The maximum time that the task is allowed to run.

Last Run Time
The time at which the task last ran.

Last Result
The result or exit code of the task when it last ran. Its interpretation is programme specific but often zero signifies success, assuming the task actually ran. Check the programme's documentation for the exact meaning of its exit codes to determine if the task ran successfully.

6.8) Uptime Statistics

This section shows information concerning the computer's availability based on records in the system's event file. As such, the reported values are dependent upon the quantity and integrity of the data in this file. If the reported period is short, the statistics may not give an accurate measure of the system's availability. Purging the event file means that no statistics can be calculated.

Data Start
The date of the earliest relevant entry in the event file. Reported values pertain subsequent to this date and are only valid for entries in strict chronological order.

System Uptime
The time elapsed since the computer was last started.

System Availability
A percentage measure of how often the computer has been powered up. Essentially, this is the total uptime divided by the time since the earliest relevant log entry.

Total Uptime
The total time that the computer was on.

Total Downtime
The total time that the computer was off.

Times Booted
A count of the number of times the computer has been turned on.

Clean Shutdowns
A count of the number of times the computer was properly shutdown.

Unexpected Shutdowns
A count of the number of times the computer was turned off abnormally, such as a power failure.

6.9) Error Logs

This section shows those errors posted by programmes into the computer's log files. These errors often require manual attention to rectify. On an NT type computer there are Application, Security and System log files. There may also be additional logs, such as Directory Service. These files can grow quite large and frequently the same errors repeat at regular intervals. To this end, only the twenty five (25) most recent unique entries are shown. These entries are reported in reverse chronological order with duplicates being ignored. Purging these logs necessarily means that no errors can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

Time Generated
The time at which the audit entry was posted to the security log.

Source Name
The name of the programme which generated the audit entry.

Log File
The name of the event log file from which this record was taken, e.g. Application.

Description
A textual, and sometimes cryptic, description of the information contained in the log. WinAudit will only attempt to resolve those parts of the description that reside on the local machine.

6.10) Environment Variables

This section shows the defined environment variables for the current process. These are the same ones that are listed by using Set at the command prompt. For example, if a computer has a NetBIOS type name then the variable COMPUTERNAME normally maps to it.

Name
The name of the environment variable, e.g. COMPUTERNAME.

Variable Value
The value associated with the environment variable.

6.11) Regional Settings

This section shows computer specific settings that are typically associated with a particular region or culture such as time zone or language. The Windows® operating system has several such settings and an ad hoc list is presented. Omission of a particular setting does not negate its importance. Some data may be shown in the characters of the language for which it is intended. Choose a font that is appropriate to the language to view these characters.

Item
The type of regional setting. One of locale, number, currency, date or time.

Name
The name of the setting. For example, Country or Measurement System. The Language item is the user configurable setting found in Control Panel. To see the operating system's installation language refer to the Operating System section.

Setting
The value of the setting. For example, Country may be United Kingdom or the Measurement System may be Metric.

6.12) Windows® Network

This section shows the information typically associated with Windows® networking.

6.12.1) Network Files

A list of files on the computer that are being accessed by remote users. Administrator or Account Operator privileges are required to view this information.

Path
The full path to the file in use.

User Account
The user or possibly the computer that is using the file.

Locks
The number of locks the user has on the file.

Permissions
The permissions the user has on the file such as create, read and write.

6.12.2) Network Sessions

A list of remote computers and users connected to the computer.

Computer Name
The name of the remote computer that established the session.

User Account
The name of the remote user that established the session.

Connected Time
The number of minutes for which the connection has been made.

Idle Time
The number of minutes for which the connection has been idle, i.e. no network activity.

6.12.3) Network Shares
This section shows information about shared resources on the computer. For security reasons, to view the number of connections and the path, Administrator or Account Operator privileges are required.

Share Name
The name of the share. Share names that end with a dollar sign are for administrative purposes. Interprocess Process Communication shares are shown as IPC$.

Share Type
The type of resource shared, such as a disk drive or a print queue.

Connections
Number of connections to the share.

Share Path
The local path to the shared resource.

Path
The local path to the shared resource.

6.13) Network TCP/IP

This section shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration of the computer. For completeness, WinAudit reports all configurations found. For example, the Network Driver Interface Specification (NDIS) allows network cards to support multiple network protocols. Some data items such as Adapter Type require Windows Management Instrumentation (WMI) enabled.

6.13.1) Network Adapters

Adapter Number
A number to identify the adapter on systems with multiple adapters. Counting starts at 1.

Adapter Name
The name of the adapter.

DNS Host Name
The host name as specified in the Domain Name System (DNS) configuration.

DNS Servers
A list of the IP addresses of those computers used to translate domain names to IP addresses.

IP Address
The IP address of the computer. This may also be 0.0.0.0 if the network adapter obtains an address from a DHCP server, in this case refer to the DHCP IP Address for the last leased value.

IP Subnet
The mask used to determine to which subnet an IP address belongs.

Default IP Gateway
The IP address of the default gateway.

DHCP Enabled
Indicates whether DHCP is enabled.

DHCP Server
The IP address of the DHCP server.

DHCP IP Address
The IP address assigned to the computer by the server.

DHCP Lease Obtained
The timestamp, formatted in the user's settings, of when the dynamic IP address was assigned.

DHCP Lease Expires
The timestamp, formatted in the user's settings, of when the dynamic IP address assigned by the server expires.

Status Code
A numerical code indicating the status of the adapter, zero means OK. A readable description is also given. Requires the Windows Management Instrumentation service to be running.

Adapter Status
A textual description of the status code above. Requires the Windows Management Instrumentation service to be running.

Adapter Type
The type of network adapter, such as Ethernet 802.3. Requires the Windows Management Instrumentation service to be running.

MAC Address
The network adapter's Media access control address. Requires the Windows Management Instrumentation service to be running.

Connection Status
A textual description of the state of the network connection, examples are Connected and Media disconnected. Requires the Windows Management Instrumentation service to be running.

Connection Speed
The current speed setting of the network adapter in bits-per-second. The reported value is only meaningful if the adapter is in a connected state. Requires the Windows Management Instrumentation service to be running.

6.13.2) Open Ports

This section lists the network ports in use. With sufficient privileges, WinAudit maps open ports to their owning processes.

Port Protocol
The type of port, either one of Transmission Control (TCP) or User Datagram (UDP) Protocol.

Local Address
These are normally 0.0.0.0, 127.0.0.1 and any the computer uses to identify itself on the network. Some administrators adopt the form 192.168.xxx.xxx .

Local Port
The local port number.

Caption
Combined string of the Protocol, Local Address and Local Port, e.g. TCP 127.0.0.1:135

Service Name
The type of service the local port is being used for. Pertains to privileged ports only; this is optional information and it will be displayed if a suitable name can be obtained.

Remote Address
The address to which, if any, a connection been made. Applicable to TCP ports only.

Remote Port
The port number of a remote computer to which, if any, a connection been made. Applicable to TCP ports only.

Connection State
The state of the connection. WinAudit reports many different connection states however, the ones of most interest are the LISTENING and ESTABLISHED. Applicable to TCP ports only.

Process Name
The process that has opened the port. This is either the name or full path to the executable file of the process. Requires administrator privileges.

Process ID
The numerical identifier of the process that opened the port. Requires administrator privileges.

Process Description
The description, if any, of the process that opened the port. This is embedded in the executable file by its manufacturer. Requires administrator privileges.

Process Manufacturer
The manufacturer's name, if any, of the executable file that opened the port. Requires administrator privileges.

6.14) Hardware Devices

This section lists the devices installed on the computer. These are grouped by type and the list includes legacy/hidden devices. By design, WinAudit does not interrogate the devices on remote computers.

Device Type
A description of the type of device, such as keyboard and mouse. These descriptions are provided by the operating system.

Device Name
The name of the device as provided by its manufacturer.

Description
A description of the device as provided by its manufacturer.

Manufacturer
The manufacturer of the device or possibly a 'standard device'.

Location
Information about the location of the device e.g. PCI bus 0, device 19.

Driver Provider
The name of the publisher of the software driver used to control the device.

Driver Version
The version of the software driver used to control the device.

Driver Date
The publication date of the software driver used to control the device.

Status Code
A number indicating the status of the device. Sometimes called a problem number. Zero means that no problem was reported by the device driver.

Status Message
A translation of the error code above, OK means that no problem was reported. The specific translation available depends on the version of Windows® in use.

Class GUID
A globally unique identifier that specifies the type of device.

Device ID
A system wide unique identifier for the device.

6.15) Display Capabilities

This section shows data concerning the identification and supported features of displays attached to the computer. This data is specified by the manufacturer and is held in the system registry. Usually it is refreshed at boot time. Consequently, if the display is not turned on at boot time or if it is changed without a system re-boot, stale data may be presented. Errors and omissions may exist in the data. Requires a Plug and Play display supporting the Extended Display Identification Data specification (EDID) as published by Video Electronics Standards Association (VESA).

Display Number
The number of the display for which the data pertains, counting starts at 1.

Display Name
The name of the display as specified by its manufacturer.

Manufacturer
The name of the display's manufacturer or a 3-digit EISA code.

Manufacture Date
The week and year of manufacture, if known.

Serial Number
The serial number which identifies the display. This may be either a decimal number or a text string.

Product ID
An identifier formed by concatenating the manufacturer's 3-digit EISA code and the ID Product Code expressed as 4-digit number. Example: ABC1234.

Display Size
A textual description of the maximum viewable size of the display.

Display Type
A textual description of the display. Includes if it is analogue or digital and possibly its colour mode.

Supported Features
An enumeration of features supported by the display. Includes if standby, suspend and active-off power management modes are supported.

Display Resolution
The resolution of the display in pixels, e.g. 1024 x 768.

6.16) Display Adapters

This section shows details of display adapters or graphics cards in the computer. There may be some duplication of this data with that in the Hardware Devices section.

Adapter Number
A number to identify the adapter on systems with more than one installed. Counting starts at 1.

Name
The name or description of the adapter.

Adapter RAM
The amount of video memory on the adapter, expressed in MB.

Colour Depth
The configured number of colours, expressed in bits.

Vertical Resolution
The configured vertical resolution, expressed in dots per inch (dpi), typically 96dpi.

Current Refresh Rate
The configured vertical refresh rate, expressed in Hertz (Hz). Requires Windows® NT or above.

Video Processor
The name of the chip set on the adapter.

Adapter DAC Type
The type of digital to analogue converter.

Adapter ID
The manufacturer's designated name or identifier for the adapter.

BIOS
BIOS specific information about the adapter.

6.17) Installed Printers

This section shows the configuration and settings of local printers installed on the computer. For performance reasons, WinAudit does not show information about network printers.

Printer Number
A number to identify the printer on systems with more than one printer installed. Counting starts at 1.

Printer Name
The printer's name.

Share Name
The name by which this printer is known if it is a shared resource.

Port Name
The port to which the printer is assigned.

Location
An optional description of where the printer is located (user settable).

Pages Per Minute
The number of pages the printer is configured to print per minute.

Attributes
Description of properties of the printer such as if it is queued, shared etc.

Printer Status
The printer's current status such as Busy, Initializing, Paused, Printing etc.

Paper Size
The current setting of paper size.

Orientation
The current setting of paper orientation, i.e. portrait or landscape.

Print Quality
A description of the printer's quality setting usually, in Dots Per Inch (DPI).

Driver Name
The name of the software used to control the printer, typically the same name as for the printer.

Driver File
The location of the software library file that is the driver.

Driver Version
A number to indicate the version of the driver, this information is embedded in the driver file by its manufacturer.

Driver Manufacturer
The manufacturer or publisher of the driver software.

Driver Description
A description of the driver, this information is embedded in the driver file by its manufacturer.

Driver Data File
The location of the software file that contains data used by the driver.

Driver Configuration File
The location of the software library file that contains configuration data used by the driver.

6.18) BIOS Version

This section shows the system and video Basic Input/Output System (BIOS) version and dates. The BIOS is built-in software that, among other things, controls the system's hardware.

BIOS Version
The version of the system BIOS as reported in the system registry. When the computer starts, the operating system identifies the BIOS then records it in the registry for informational purposes. More comprehensive BIOS information is available in the System Management section.

Release Date
The publication date of the system BIOS as reported in the system registry.

Video BIOS Version
The version of the video BIOS as reported in the system registry.

Video BIOS Date
The publication date of the video BIOS as reported in the system registry.

6.19) System Management

This section shows the major types of information stored in the System Management BIOS, formerly referred to as the Desktop Management Interface. Note, WinAudit reports the information as stored by the manufacturer. This data often suffers from errors and omissions. As such, incorrect system information is neither indicative of a fault with WinAudit nor a problem with the computer.

6.19.1) BIOS Details

SMBIOS Version
The version expressed as 'major.minor' of the System Management BIOS (SMBIOS) specification used to describe the formatting of the information. This is not the same as the BIOS version. When applicable “0” means no and “1” means yes.

BIOS Vendor
The BIOS vendor's name.

BIOS Version
The version of the BIOS, this may be in any format the vendor has chosen.

Start Address
The memory address where the BIOS information starts.

Release Date
Publication or release date of the BIOS usually in the form mm/dd/yy or mm/dd/yyyy.

ROM Size
Size of the ROM chip holding the BIOS, expressed in KB.

BIOS Characteristics
A number indicating features that the BIOS supports.

Characteristics Ext. 1
An optional number indicating the extended features that the BIOS supports.

Characteristics Ext. 2
An optional number indicating the extended features that the BIOS supports.

System BIOS Major
The major version number of the System BIOS.

System BIOS Minor
The minor version number of the System BIOS.

Firmware Major
The major version number of the firmware.

Firmware Minor
The minor version number of the firmware.

No Characteristics
Indicates if the BIOS contains information about the features and characteristics that it supports.

ISA Support
Indicates if Industry Standard Architecture is supported.

MCA Support
Indicates if Micro Channel Architecture is supported.

EISA Support
Indicates if Extended Industry Standard Architecture is supported.

PCI Support
Indicates if Peripheral Component Interconnect is supported.

PCMCIA Support
Indicates if Personal Computer Memory Card International Association is supported.

PnP Support
Indicates if Plug and Play is supported.

APM Support
Indicates if Advanced Power Management is supported.

BIOS Upgradeable
Indicates if the BIOS can be upgraded/flashed.

BIOS Shadowing
Indicates if the BIOS can be copied from the ROM into the RAM, usually for performance reasons.

VL-VESA Support
Indicates if Video Electronics Standards Association is supported.

ESCD Support
Indicates if Extended System Configuration Data for plug and play is supported.

CD Boot
Indicates if the system can boot from a CD drive.

Selectable Boot
Indicates if BIOS allows the boot drive to be selected.

ROM Socketed
Indicates if ROM chip is socketed.

PCMCIA Boot
Indicates if the system can boot from a PC-Card.

EDD Support
Indicates if the BIOS supports Enhanced Disk Drive technology.

Floppy NEC 1.2MB
Indicates if the NEC 9800 1.2MB floppy is supported by the BIOS.

Floppy Toshiba 1.2MB
Indicates if the Toshiba 1.2MB floppy is supported by the BIOS.

Floppy 360 KB
Indicates if the 360 KB floppy is supported by the BIOS.

Floppy 1.2 MB
Indicates if the 1.2 MB floppy is supported by the BIOS.

Floppy 720 KB
Indicates if the 720 KB floppy is supported by the BIOS.

Floppy 2.88 MB
Indicates if the 2.88 MB floppy is supported by the BIOS.

Print Screen
Indicates if the BIOS supports print screen functionality.

Keyboard 8042
Indicates if the 8042 Keyboard is supported by the BIOS.

Serial Services
Indicates if serial services are supported buy the BIOS.

Printer Services
Indicates if print services are supported buy the BIOS.

CGA-Mono Video
Indicates if Color Graphics Adapter/Mono Video is supported by the BIOS.

NEC PC-98
Indicates if the NEC PC-98 series Japanese architecture is supported.

APCI Support
Indicates if Advanced Configuration and Power Interface is supported by the BIOS.

USB Support
Indicates if Universal Serial Bus is supported by the BIOS.

AGP Support
Indicates if Accelerated Graphics Port is supported by the BIOS.

I2O Boot
Indicates if Intelligent I/O is supported by the BIOS.

LS-120 Boot
Indicates if the computer can boot from an LS-120 (SuperDisk™) disk.

ATAPI ZIP Boot
Indicates if the computer can boot from a AT Attachment Packet Interface drive is supported.

Firewire Boot
Indicates if the computer can boot from a FireWire® (IEEE 1394) device.

Smart Battery
Indicates if the BIOS supports a smart battery, i.e. one that provides the computer with information about its power status.

6.19.2) System Information

Manufacturer
The name of the system's manufacturer.

Product Name
The product name as described by the manufacturer.

Version
The version of the product.

Serial Number
A system serial number.

Universal Unique ID
A 16 character long string to uniquely identify the system.

Wake-Up Type
The manner in which the system was powered-up, normally power switch.

SKU Number
The Stock Keeping Unit number of the computer.

Product Family
The product family to which a computer belongs.

6.19.3) Base Board

Board Number
A number to identify the baseboard on systems with more than one baseboard. Counting starts at 1.

Manufacturer
The baseboard's manufacturer.

Product
The product name as described by the manufacturer.

Version
The product version of the base board.

Serial Number
The serial number of the base board.

Asset Tag
A manufacturer specific asset tag to identify the base board.

Features
Features of the baseboard such as if it is hot swappable, replaceable or removable.

Board Type
The type of baseboard, normally motherboard.

6.19.4) Chassis Information

Manufacturer
The name of the chassis' manufacturer.

Chassis Type
The type of chassis such as laptop, desktop, mini-tower.

Version
A manufacturer specific version for the chassis.

Serial Number
A manufacturer specific serial number to identify the chassis.

Asset Tag
A manufacturer specific asset tag number to identify the chassis.

Boot Up State
The state of the chassis when it was last booted such as safe, warning, critical, non-recoverable.

Power State
The state of the power supply when it was last booted such as safe, warning, critical, non-recoverable.

Thermal State
The state of the thermal supply when it was last booted such as safe, warning, critical, non-recoverable.

Security Status
The state of the power supply when it was last booted such as locked out or enabled.

OEM Defined
Contains OEM- or BIOS vendor-specific information.

Height
The height of the enclosure in inches.

Number Of Power Cords
The number of power cords associated with the enclosure or chassis.

6.19.5) Processor

Processor Number
A number to identify the processor on systems with more than one processor. Counting starts at 1.

Socket Designation
A description of the processor's socket such as 'SLOT1'.

Processor Type
The type of processor, typically central processor.

Processor Family
The processor family such as Pentium®, Pentium® 4, AMD Athlon™ etc.

Processor Manufacturer
The name of the processor's manufacturer.

Processor ID
The processor's ID obtained from its EAX and EDX registers as a result of issuing a CPUID instruction.

Processor Version
A description of the processor.

Voltage
Voltage used by the processor.

External Clock
The external clock frequency in MHz.

Maximum Speed
The maximum processor speed in MHz supported by the system.

Current Speed
The current speed in MHz at which the processor is operating.

Status
The status of the processor such as if the socket is populated and if the processor is enabled.

Processor Upgrade
Information concerning upgrading the processor.

Serial Number
The serial number of the processor as set by the manufacturer.

Asset Tag
The asset tag of the processor.

Part Number
The part number of the processor.

Core Count
The number of cores detected by the BIOS for this processor.

Core Enabled
The number of cores that are enabled by the BIOS and available for use.

Thread Count
The total number of threads detected by the BIOS for this processor.

Processor Characteristics
Any additional processor characteristics detected by the BIOS.

Processor Family 2
Extended processor family information.

6.19.6) Memory Controller

Controller Number
A number to identify the memory controller on systems with more than one controller. Counting starts at 1.

Error Detecting
The method used by the controller to detect for errors in data such as 8-bit parity or CRC.

Error Correcting
The capability to correct for data errors such as single bit error correcting or error scrubbing.

Supported Interleave
The level of interleave supported by the controller, e.g. one way interleave.

Current Interleave
The level of interleave currently in use by the controller.

Max. Memory Module
The maximum memory module the controller can support, expressed in MB.

Supported Memory Speeds
The memory speeds supported by the memory controller, expressed in nanoseconds.

Supported Memory Types
The types of memory supported by the controller such as Standard, EDO, DIMM etc.

Memory Module Voltage
The voltages supported by the memory controller.

Number Memory Slots
The number of memory slots controlled by the controller.

6.19.7) Memory Module

Module Number
A number to identify the memory module on systems support multiple modules. Counting starts at 1.

Socket Designation
A designation for the socket into which the module is plug such as BANK_0.

Bank Connection
A Row Address Strobe (RAS) connection in the memory bank (part of motherboard that contains slots for memory modules)

Current Speed
The speed of the memory module, expressed in nanoseconds.

Current Memory Type
The type of memory such as such as Standard, EDO, DIMM etc.

Installed Size
The size of the memory module, in MB, in the socket.

Enabled Size
The amount of memory, in MB, that is enabled in the module.

Error Status
Description of any errors posted by the memory module to the BIOS.

6.19.8) Cache

Cache Number
A number to identify the cache on systems with multiple processor caches. Counting starts at 1.

Socket Designation
A designation for the cache, typically L1, L2 or L3.

Cache Configuration
The cache's configuration such as support for write-back or is socketed.

Max. Cache Size
The maximum cache size that can be supported, expressed in KB.

Installed Cache
The amount of cache in use, expressed in KB.

Supported SRAM Type
The type of Static Random Access Memory supported, such as burst or synchronous.

Current SRAM Type
The type of Static Random Access Memory currently in use, such as burst or synchronous.

Cache Speed
The speed of the cache in nano-seconds.

Error Correction Type
The error correcting method employed by the cache such as parity or single bit Error-Correcting Code.

System Cache Type
The type of cache, normally either data, instruction or unified.

Associativity
The associative level of the cache, such as Direct Mapped, 4-Way, Fully etc.

6.19.9) Port Connector

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Internal Designation
An internal reference to the port such as COM1 etc.

Internal Connection Type
The type of connection such as 9 Pin Dual Inline and DB-25 pin female.

External Designation
An external designation for the port such as COM1 etc.

External Connection Type
The external connection type such as RJ-45 or DB-9 pin male.

Port Type
The type of port such as USB, Parallel, Serial etc.

6.19.10) System Slot

Slot Number
A number to identify the slot on systems with multiple slots. Counting starts at 1.

Slot Designation
A designation for the slot, commonly its such as ISA or PCI.

Slot Type
The type of slot such as Industry Standard Architecture (ISA) or Peripheral Component Interconnect (PCI).

Data Bus Width
The data buss width, for example 32-bit.

Current Usage
Whether or not the slot is in use.

Slot Length
Either short or long.

Slot ID
An ID for the slot such as MCA or EISA.

Slot Characteristics 1
Description of the slot's characteristics such as voltage.

Slot Characteristics 2
Extended description of the slot's characteristics such as if it supports the Power Management Enable signal.

6.19.11) Memory Array Information

Array Number
A number to identify the memory array on systems with multiple arrays. Counting starts at 1.

Location
The location of the array, e.g. on motherboard.

Use Item
Description of the memory array's function.

Error Correction
The array's error correcting capability such as parity, CRC etc.

Maximum Capacity
The maximum capacity in KB for the array.

Error Handle
An error code, 0xFFFF indicates that no errors have been detected.

Number of Devices
The number of slots available to the memory array.

6.19.12) Memory Device

Device Number
A number to identify the memory device on systems with multiple devices. Counting starts at 1.

Error Handle
A number to indicate an error status, 0xFFFE indicates no information and 0xFFFF no reported errors.

Total Width
The total width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Data Width
The data width in bits of the memory device. 0xFFFF = 65535 indicates the width is unknown.

Device Size
The size, typically in MB, of the device.

Form Factor
The form factor of the device such as SIMM, DIMM, RIMM etc.

Device Set
Indicates if the device is part of a set of similar devices.

Device Locator
Identifies the socket where the device is located such as A0.

Bank Locator
Identifies the bank where the device is located such as Bank0/1.

Memory Type
The type of memory such as DRAM. VRAM, DDR etc.

Memory Type Detail
Details about the type of memory such as Fast-Paged, Synchronous, RAMBUS etc.

Speed
The speed of the memory device in MHz.

Manufacturer
The name of the manufacturer of the device.

Serial Number
The serial number of the device.

Asset Tag
The asset tag of the device.

Part Number
The part number of the device.

6.20) Processors

Processor Number
A number to identify the processor on systems with multiple processors. Counting starts at 1.

Name
The name is obtained from the processor itself or is resolved from its signature and physical characteristics.

Short Name
Not used, always empty.

Speed - Estimated
The speed in MHz estimated over certain number of processor cycles.

Speed - Registry
The speed in MHz as reported in the system registry. Zero if not present in the registry.

Processor Type
The type of processor, one of: OEM Primary, Overdrive or Secondary.

Manufacturer
The name of the processor's manufacturer.

Serial Number
The serial number, if present, as stored in the processor by its manufacturer. Serial numbers are present on Pentium® III processors only.

APIC Physical ID
A comma separated list of the Advanced Programmable Interrupt Controller identification numbers of the logical processors in the physical processor.

Features
A list of comma separated features or instructions the processor supports.

Cache
A comma separated list of the processor’s cache levels and sizes.

TLB
A comma separated list of the processor’s data and instruction Translation Lookaside Buffers.

Logical Processors
The number of logical processors in the physical processor. Also known as package.

6.21) Memory

This section shows amount of memory, both physical and swap, on the computer.
WinAudit adopts the convention that 1MB = 1024*1024 bytes = 1,048,576 bytes also known as 1 mebibyte.

Total Memory
The total amount of physical memory (RAM) in MB. Also referred to as main memory.

Free Memory
The amount of unused physical memory (RAM) in MB.

Maximum Swap File
The maximum file size, expressed in MB, the operating system will allocate for swapping. Swapping is the process of moving data from physical memory to a file on a hard drive for temporary storage. This file is created by the operating system and allows it to handle quantities of data to large too for the physical memory. The swap file is also referred to as a page file.

Free Swap File
The bytes available to the swap file expressed in MB.

6.22) Physical Disks

This section shows the disks detected in the computer. For security reasons, as of Windows® 2003, this detection requires administrator level privileges. Likewise, to report the result of a S.M.A.R.T. self-test, administrator privileges are required.

Bug Notice! WinAudit can detect disks while running under a restricted user account. However, on multi-disk systems, correct disk numbering requires administrator privileges. Because the majority of computers have only one hard disk and it is preferable to run programmes under a restricted user account, this non-administrative method of disk detection has some utility. If the disk numbering appears to be inconsistent, re-run the programme as administrator to correct for this bug.

Disk Number
A number to identify the disk on systems with multiple disks. Counting starts at 1 and corresponds to the disk's controller position. For example, #1 is Primary Master, #2 is Primary Slave, #3 is Secondary slave etc.

Capacity
The capacity of the disk in MB, i.e. size in bytes divided by 1024 * 1024.

Disk Type
The type of disk, options are fixed and removable.

Manufacturer
The name of the disk's manufacturer.

Model
The model of the disk as specified by the manufacturer.

Serial Number
The serial number of the disk as specified by the manufacturer.

Firmware Revision
The firmware revision of the disk as specified by the manufacturer.

Controller Rank
The rank of the disk on the controller, e.g. primary, secondary etc.

Master/Slave
Indicates if the disk is set as the master or slave on the controller.

Total Cylinders
The number of cylinders, note WinAudit will not report numbers higher than 16383. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Total Heads
The number of heads the disk has. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Sectors Per Track
The number of sectors per track. Requires Windows® NT. The number is only of use for small disks and it presented for Cylinders, Heads, Sectors (CHS) completeness.

Buffer Size
The disk's cache size, if any, expressed in KB. A value of zero may be presented if the buffer's size could not be determined.

SMART Supported
Indicates if Self-Monitoring Analysis and Reporting Technology (S.M.A.R.T.) is supported by the disk.

SMART Enabled
Indicates if S.M.A.R.T. is enabled on the disk.

SMART Self-Test
The result of an auto-diagnostic disk test. The possible responses are OK, Failed and Unknown. Requires administrative privileges. Under some circumstances a SMART self-test may be obtainable without direct access to the SMART Supported and SMART Enabled data items listed above.

6.23) Drives

This section enumerates the drives, also known as volumes, found on the computer. The information displayed depends on the drive type and the presence of removable media. By design, WinAudit only reports on local drives.
WinAudit follows the widely adopted convention that 1MB = 1024*1024 bytes = 1,048,576 bytes which is sometimes referred to as 1 mebibyte. It is common however, for floppy drive manufacturers to use 1MB = 1000*1024 bytes = 1,024,000 bytes.

Letter
The letter used to identify the drive in the range A to Z.

Drive Type
The type of drive; one of removable, fixed, network, CD-ROM or RAM disk. USB devices and floppy drives are reported as removable.

Percent Used
The percentage of the media that is in use. For optical drives a value of 100% is reported regardless of the amount in use because it is customary to assume there is no free space.

Used Space
The space used on the media. The reported value may be less than the actual amount if user quota's are implemented. Windows® 95 release 1 has a detection ceiling of 2GB.

Free Space
The free space available on the media. Optical drives normally show zero free space regardless of the amount of information actually written to the media.

Total Space
The total space available on the media. For optical drives this value is the amount in use and not its total capacity.

Volume Name
The volume name of the drive, also known as the label.

File System
The file system used to store data on the media, common types are FAT , FAT32 , NTFS and CDFS.

Volume Serial Number
The volume serial number, this number changes when the drive is formatted. To obtain the manufacturer's serial number set the option for physical disk detection.

Sectors Per Cluster
The number of sectors in a cluster. A cluster is comprised of sectors. A sector is the smallest amount of space useable on a drive.

Bytes Per Sector
The number of bytes each sector can store. Typical numbers are 512, 1024 and 2048.

Free Clusters
The number of clusters that are available to store information. May be fewer than the actual amount if user quotas are implemented.

Total Clusters
The total number of clusters available on the drive. May be fewer than the actual amount if user quotas are implemented.

6.24) Communication Ports

Port Number
A number to identify the port on systems with multiple ports. Counting starts at 1.

Port Name
The name of the port such as COM1.

Monitor Name
The name of an installed monitor for the port.

Description
A description of the port, e.g. local port.

Port Type
The type of port, i.e. if can read, write, redirected or remote.

6.25) Startup Programs

This section shows programmes that start automatically. The list is presented in an order that as closely as possible matches the startup sequence. This section does not include services.

Program Name
The name of the programme.

Settings Folder
The folder where the settings are stored for this program, typically a registry path or an operating system defined 'special' folder.

Startup Command
The command used to start the programme.

6.26) Services

This section shows the services on the computer. These are divided into two types namely, drivers and processes. Requires appropriate privileges on some installations of Windows®.

Name
The name of the service.

Service Type
A description of the type of service such as kernel driver or own process.

State
The state of the service, such as if it has been started.

Start Mode
The manner in which the service is to be started for example, automatic or manual.

Path Name
The path to the service's binary file. For example, cdrom.sys is the file for the CD-ROM device driver. Some services may run in the context of the generic host process svchost.exe.

Service Name
The account the service process will be logged on as when it runs. Typically this is empty for device services.

6.27) Running Programs

This section shows programmes that are running on the computer.

Name
The name of the programme in use. This is most often the programme's executable file, but it can also be a special process such as 'System Idle Process' or 'System'.

Process ID
The process identifier (PID), a number that uniquely identifies the process.

Memory
The memory, expressed in KB, being used by the process. The reported value will either be the Working Set or the Private Commit depending on the version of the operating system.

Description
The description, if any, of the programme. This is embedded in the executable file by its manufacturer and to report it, special access privileges may be required for a given programme.

6.28) ODBC Information

This section shows the Open Database Connectivity (ODBC) data sources and drivers found on the computer. File based data source names can reside anywhere on the computer but typically these are to be found in DefaultDSNDir or CommonFilesDir. These are themselves defined in the system registry. Sometimes file data sources may be in the user's home directory.

6.28.1) ODBC Data Sources

DSN Type
The Data Source Name (DSN) type may be one of File, System or User. The first type stores the information required to connect to the database in a file on the computer. For the other two, this connection information is stored in the system's registry.

DSN
The name of the data source.

Description
A brief description of the data source name. Typically File DSNs have no description and for System andUser DSNs it is the name of the driver software.

6.28.2) ODBC Drivers

Name
The name of the ODBC driver.

Company
The software publisher.

File Name
The name of the ODBC driver’s binary file. Typically a dll.

File Version
The version of the ODBC driver’s binary file. This is extracted from the file.

Driver ODBC Version
The ODBC specification level that the driver implements, e.g. 03.51

6.29) OLE DB Drivers

Name
The name of the OLE DB driver

Description
The software publisher’s description of the driver

6.30) Software Metering

A scan of the system's security log is performed to identify events associated with executable starts and exits. Normally, auditing of these events is not enabled so if you wish to collect metering information you need to review your audit policy. Ensure that 'Audit Process Tracking' is enabled. For example, if auditing is enabled then when a programme starts event 592 or 4688 will be recorded in the security log. The log can grow very large and it is not uncommon for it to contain several hundred thousand entries. Summarising this information may take some time to complete.

Tracking process exits is not sufficiently reliable so executable runtimes are not computed. Clearly, if the security log is purged then no data can be reported. Accessing security log may require special privileges depending on the security policy in effect. This statistics generated in this section should be should be treated as of low quality and used with caution.

File Name
The name of the executable that was started, e.g. Word.exe .

File Path
The full file path the executable that was started.

File Version
The file's version number. This data, if present, was embedded in the file when it was created by its manufacturer.

Publisher
The name of the file's manufacturer (publisher). This data, if present, was embedded in the file when it was created by its manufacturer.

First Start Timestamp
The first entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Start Timestamp
The last entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Starts
The number of times the executable was started at the console. That is, started by a user who logged on at system's keyboard.

Remote Starts
The number of times the executable was started via a remote session such as remote desktop.

Other Starts
The number of times the executable was started but not as either from within a console or remote session. Examples of this are as a service, batch job or the machine account.

6.31) User Logon Statistics

User logon events are stored in the system's security log. If you wish to report this you need to ensure that 'Audit Account Logon Events', 'Audit Logon Events' and 'Audit System Events' are enabled in the Audit Policy. The security log can grow very large therefore summarising it may take some time to complete. Clearly, if the security log is purged then no data can be reported. Accessing the security log may require special privileges depending on the security policy in effect.

User Account
The name of the logged on account, usually reported as Domain_Name\User_Name.

First Logon Timestamp
The first entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Logon Timestamp
The last entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Logons
The number of times the user logged on at the console. That is, an interactive logon at system's keyboard.

Remote Logons
The number of times the user logged on via a remote session such as remote desktop.

Other Logons
The number of logons at neither the console nor from a remote computer. Examples of this are logons for a service, batch job or the machine account.

7) Saving the Audit

To save your audit report, on the menu select File + Save then enter the file name of your choice, WinAudit usually provides the computer's name for you. Next, from the drop down list choose the type of document. Options are Comma Delimited, Rich Text and Web Page. Finally, click the Save button.

Comma Delimited
This format is used by spreadsheets and custom data analysis programmes. The csv file is written out in little endian UTF-16 with the customary byte order marker of 0xFF 0xFE. Commas are used as field delimiters regardless of locale settings. The data generated WinAudit is heterogeneous in nature so to facilitate processing, each row begins with a numerical category identifier. The first field is the name of the category. The subsequent fields are the data item values. All fields are double quoted. Any double quote in a data value is escaped with a double quote. For example, 15” becomes 15””.

Rich Text
Save in rtf format if you intend to view the results in a the WordPad text editor.

Web Page
Save in html format if you intend to view the results in a browser.

8) Sending by E-Mail

To send the data by e-mail, on the menu, select File + Send E-Mail at which point WinAudit will attempt to start your e-mail programme and create a new message containing the audit report. Enter the recipient(s) address then click the send button. WinAudit will not send an e-mail without the user's knowledge. The audit report is sent as an attached web page. Other types of data are as an ordinary message.

9) Export to Database

To send the audit to a database, on the menu select File then Database Export. A window will be shown allowing you to control how the data is exported. Select the database's type (e.g. Microsoft Access). For MySQL® and PostgreSQL select, from the adjacent list, the software used to connect to it. Next, enter the database's name into the box. Your database administrator will provide you with all the required information. Ignore the remaining options unless otherwise instructed by the administrator. Press the Export button, if requested enter your credentials. The data export will begin. The time taken for this to complete depends on how much data you are sending, so be sure to wait for it to finish. You will then see a result message indicating how many records where exported. Finally, click the Close button.
The remainder of this document is intended for the database administrator.

9.1) Administration - DBA

The following DBMS versions are supported:
- Microsoft® Access 2000 and newer
- MySQL® 5 and newer
- Microsoft® SQL Server 2005 and newer
- PostgreSQL 8.3 and newer

9.1.1) Create the Database

WinAudit can create Access, MySQL and SQL Server databases. For PostgreSQL, an existing database is required with WinAudit then creating its tables and related objects. Start the logger by selecting Help + Start Logging on the menu. Next, select File + Database Export. On the window, select the Database Management System Name (DBMS). For MySQL or PostgreSQL, select its ODBC driver as well. The drivers found on the computer are shown in the drop down lists. In the Database Name text box enter a name as follows:

Access - the full file path to the database e.g. C:\Data\WinAuditDB.mdb.
MySQL - the database name.
SQL Server - the database name.
PostgreSQL - the database name.

Access databases can be created provided the corresponding OLEDB component is installed on the computer. For MySQL and SQL Server a simple CREATE DATABASE statement will be issued against the server. If you intend to use PostgreSQL, create an empty database now before proceeding. You can do this with pgAdmin. Next, click the Administration button, the Administrative Tasks window will be shown. Your choice of DBMS and database name are shown under the window's title. You cannot change these properties while this window is visible. The following options are available for creating your database. The ones shown depend on your choice of DBMS.

Unicode
If you wish to store Unicode characters check the Unicode box, In this context, Unicode is 2-bytes per character (UCS-2). Identifier columns used in the Computer_Master table are always in low ASCII, so Unicode (NVARCHAR/WVARCHAR) are not used for these. Hence, if you intend to run queries on this table you do not need to prefix your string literals with 'N'. No provision is made for labels of a fully qualified domain name to be in Unicode as this is a non-standard extension to the specification. Microsoft Access is Unicode by design. For PostgreSQL, the database code page is specified on creation.

OLE DB Driver
If you have specified Access as the DBMS then a drop down list will be shown. WinAudit will select the correct OLEDB driver based on the file extension. Access 2000 (.mdb) uses the Microsoft.Jet.OLEDB.4.0 driver. Newer versions of Access (.accdb) use the Microsoft.ACE.OLEDB.x driver. If no driver is shown in the drop down box, close the window and review the log for error messages. Most probably you need to install the driver for .accdb or fallback to .mdb file type.

Grant Privileges to PUBLIC
For SQL Server you can specify if you want PUBLIC to have a minimal set of privileges to post data into the database. Essentially, this allows users to post but not to view or delete data. If this is undesirable for your security requirements then you will need to implement a security arrangement that better suits your environment. See below for more details on user privileges.

Click, the Create button. On completion a status message will be shown. Close the window and review the log for any error or warning messages.

Important: once a connection to the database has been established, it is held until this Administrative window is closed. If the connection to the server drops you will need to close the window and re-open it. When you are finished performing your administrative tasks close the window to severe the connection.

9.1.2) Client Connection

After an audit has been completed, clients send the result to the database by selecting File then Database Export in the menu. Connection to the database is via ODBC, therefore you must ensure that:
- the database's ODBC driver is installed on client's machine
- your clients know which DBMS they are to use
- your clients know the name of the database
- for MySQL® and PostgreSQL your client's know which ODBC driver to use

Microsoft's Access and SQL Server ODBC drivers ship with the operating system and are installed by default. ODBC drivers for MySQL and PostgreSQL databases are available from their respective vendors. The other information shown on the Export Audit to Database window is optional. When then user clicks Export, WinAudit creates a connection string that is passed to the ODBC driver. Normally, a login window will be displayed requesting additional connection information such as a password. Logging of the completion connection string may be suppressed if it contains a password so if there is a login error, instruct your users to copy any messages shown to them. As soon as the data transfer is complete the connection is closed. Users must therefore login every time they attempt a database export. Winaudit prevents the same audit data from being posted twice to the same database.

Maximum Errors [%]
An audit report may up to a few thousand records. Usually there are no errors when posting to a database. However, occasionally some data cannot fit into the allocated column size in the database. Typically these are long file paths. It is not always desirable to fail an entire database operation because of a few errors. Consequently, you can instruct your users to set this tolerance parameter thereby allowing the operation to succeed. For example if you set this to 1% and 1000 records are sent to the database, if fewer that 10 records fail to be posted the operation as a whole will be deemed to have succeeded. The default setting is 5% with a range of 0 (no errors allowed) to 25%.

Max. affected rows
You can specify a limit the number of records that can be posted to the database in a single operation. The default value is 9999 with a range of 1 to 9999.

Connect timeout [secs]
Specify the connection timeout for the database. This setting applies to both the initial login timeout (SQL_ATTR_LOGIN_TIMEOUT) and subsequent communications (SQL_ATTR_CONNECTION_TIMEOUT) with the database. The default value is 30s with a range of 5s to 99s.

Query timeout [secs]
Specify a query timeout for the database. WinAudit often sends large quantities of data to the database, depending on database load it may take some time for the query to complete. WinAudit will not use an infinite timeout. The default value is 60s with a range of 5s to 999s.

9.1.3) Data Maintenance

Your database will increase in size unless you delete the old audits. WinAudit operates on the assumption that connecting clients do not have DELETE privilege, hence this step cannot be automated. From time to time you need to purge the database of its old audits. Roughly speaking, a default audit is expected to require about 1MB. Before proceeding it is strongly recommended that you back up your data. To delete the old audits, on the Administrative Tasks window click, in the Data Maintenance section, the Delete button. This will purge the database of all but the last audit for each computer.

9.1.4) Reporting

WinAudit allows you to create some simple reports from your data. This requires SELECT privilege on database tables. In the Reports section, select a report from the drop down list. You can specify a limit to the number of rows returned by using the parameter Maximum Rows. To fetch all the rows use a value of zero (0). Click Run to create the report.

You can, of course, use your own database's software to create reports. When the database is created a set of views were also created. For example, to see System Overiew records use the v_System_Overview view. If you wish to write your own SQL statements, bear in mind:
- Data is stored in the Audit_Data table
- Audits are identified by the Audit_ID column
- The Audit_Data table may have several audits for a given computer
- The most recent Audit_ID is in Computer_Master.Last_Audit_ID
- To view current data INNER JOIN Computer_Master to Audit_Data
- Audit_Data columns are character data, avoid numerical computations
To help you create your own queries check the Show SQL box, this will show the statement used to generate the report. These statements serve as working examples which you can use to build your own queries.I n particular, you will need to map the category of data you want to its numerical identifier and the names of the columns. This information is found in the Display_Names table. For example, to get a list of installed software in your organisation:
SELECT DISTINCT
Audit_Data.Item_1 As Software_Name
FROM Computer_Master INNER JOIN Audit_Data ON
Computer_Master.Last_Audit_ID = Audit_Data.Audit_ID
WHERE Audit_Data.Category_ID = 500

The INNER JOIN ensures you are viewing only current data. In the Display_Names table you will see that Software Programs has a Category_ID of 500. Similarly, Item_1 correspondsto the data item of Name.

10) Command Line Usage

You can invoke WinAudit from the command line, in this mode the programme executes without showing its main window. In this manner, you can automate the auditing of computers using batch files or login scripts on a domain controller. If need be, you can post the results directly to a database or save them to a centralised networked drive.
Some tips:
- Try to use WinAudit in user interface mode before invoking it via the command line.
- Ensure you have included the report switch '/r=' with some category letters.
- The category letters are case sensitive
- Use only backslashes slashes '\' for file path separators.
- It is not necessary to quote output or log file paths even if there are spaces.
- WinAudit returns a code of zero (0) on success and non-zero if an error occurred.
- A logging facility is provided to help you diagnose problems.
The command syntax (all on one line) is:
WinAudit.exe /h /r=gsoPxuTUeERNtnzDaIbMpmidcSArCOHG /f=file /T=file_timestamp /l=log_file

All switches are optional, if none are supplied the programme runs in user interface mode. See examples below.

Switches

/h
Show a help message then exit.

/r
Report content, default is NO sections, i.e. nothing is done.
g Include System Overview
s Include Installed Software
o Include Operating System (Small letter o)
P Include Peripherals
x Include Security
u Include Groups and Users
T Include Scheduled Tasks
U Include Uptime Statistics
e Include Error Logs
E Include Environment Variables
R Include Regional Settings
N Include Windows Network
t Include Network TCP/IP
z Include Devices
D Include Display Capabilities
a Include Display Adapters
I Include Installed Printers (Capital I )
b Include BIOS Version
M Include System Management
p Include Processor
m Include Memory
i Include Physical Disks
d Include Drives
c Include Communication Ports
S Include Startup Programs
A Include Services
r Include Running Programs
C Include ODBC Information
O Include OLE DB Drivers (Capital O)
H Include Software Metering
G Include User Logon Statistics

/f
Output file or database connection string. Valid file types are comma separated, rich text and web page:
/f=computer_audit.csv
/f=computer_audit.rtf
/f=computer_audit.html
Only one file type may be specified. If no /f switch is specified, the output is written to 'computer_name.html’ where computer_name is the NetBIOS name of the computer.

macaddress is a reserved word (case insensitive). If specified, the output will be written to a file named using a Media Access Control (MAC) address. If no MAC address can be resolved, then the computer's name will be used. On systems with multiple network adapters, the address of the first one discovered will be used. Usage: /f=macaddress.html . If a connection string is supplied, it must begin with DRIVER= or DBQ=. This string must not have any forward slashes.

/T
Use an ISO style date, time or data-time in the output file name. The timestamp precedes the file extension e.g. Audit-20130320-123655.txt, options are:
/T=date - YYYMMDD format
/T=time - hhmmss format
/T=datetime - YYYYMMDD-hhmmss format
This switch is for use with regular file names, do not use when exporting data to a database.

/l
The log file path to record diagnostic and activity messages. The log files are tab separated text that can be view in notepad hence the .txt extension is recommended. If only a file name is supplied, the log file will be written to the same directory in which the WinAudit executable resides. To avoid concurrency issues, be sure to use a different name for each concurrent job. For example /l=%COMPUTERNAME%.txt

10.1) Command line examples

To view the command line usage, at the command prompt type:
WinAudit.exe /h

To get a System Overview with the output saved in the same directory as the WinAudit executable in the default format of html and filename of 'computername.html':
WinAudit.exe /r=g

To get a System Overview and Operating System information saved in a specified directory in rich text format using the computer’name as defined in the environment:
WinAudit.exe /r=go /f=C:\Temp\%COMPUTERNAME%.rtf

To audit your computer showing the System Overview, Operating System and Installed Software sections then save the report in CSV format on remote computer called SERVER in the networked shared directory Audits using a filename based on the MAC address:
WinAudit.exe /r=gos f=\\SERVER\Audits\macaddress.csv

Get a System Overview and log the audit to a file called log.txt. The audit will be saved in 'computername.html' with the log file written to the directory containing WinAudi.exe.
WinAudit.exe /r=g /l=log.txt

Save data about displays and adapters using a file name that contains a timestamp. The output file name will be of the form Displays-20131020-130425.rtf:
WinAudit.exe /f= Displays.rtf /r=gDa /T=datetime

Send a system overview to an Access (.mdb) database using a DSN-Less connection string:
WinAudit.exe /r=g /f=DBQ=C:\Temp\Test.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;

Save many data categories to a password protected Access 2007 or newer database.
WinAudit.exe /r=gsopxuTUeERNt /f=DRIVER={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=C:\Temp\WinAuditDB.accdb;UID=admin;PWD=123456

Send a system overview to SQL Server on a computer named PXSSQLSVR using a DSN-Less connection string. Connect as user WinAuditUser to a database named WinAuditDB and write out a log file to log.txt. Note, there is a space between 'SQL' and 'Server':
WinAudit.exe /r=g /f=DRIVER=SQL Server;SERVER=PXSSQLSVR;UID=WinAuditUser;PWD=Cvb5dP3g;DATABASE= WinAuditDB; /l=log.txt

Save a system overview to a SQL Server database on a trusted connection.
WinAudit.exe /r=g /f=DRIVER={SQL Server};SERVER=PXSSQLSVR;DATABASE=WinAuditDB;Trusted_Connection=Yes;

Send a system overview to a MySQL database named winauditdb on the local computer using a DSN-Less connection string. Connect as root with a password.
WinAudit.exe /r=g /f=DRIVER=MySQL ODBC 3.51 Driver;SERVER=localhost;UID=root;PWD=123456;DATABASE=winauditdb;

11) Privacy and Security

The WinAudit programme has no networking capabilities. It cannot send, transmit or in anyway communicate any information about your computer to anyone else. Parmavex Services does not receive a copy of your data.

WinAudit cannot autonomously send e-mail. It creates a message then displays it for the user to send.

WinAudit is provided as freeware. Its freeware license is embedded in the executable. This means that its terms are fixed into perpetuity.

WinAudit is open source software, its operation can be verified by examining the source code.

12) Contact Information

Our preferred method of communication is e-mail. When doing so please be sure to include WinAudit in the subject otherwise your message will be automatically deleted.

Parmavex Services
17 Perry Hill Lane
Oldbury
West Midlands
England B68 0AG
Fax: +44 (0)121 421 7114
Email: winaudit at parmavex dot co dot uk
Web: www.parmavex.co.uk

13) European Union Public Licence

WinAudit is licensed under the European Union Public Licence (EUPL). It is free open source software. It must not be sold, leased, rented, sub-licensed or used for any form of monetary recompense whatsoever. You may make as many verbatim copies of the executable“WinAudit.exe” as you need and distribute them to anyone. This includes commercial organisations. By using this software, you will have agreed and are agreeing to be bound by the terms of EUPL set forth below. The EUPL is copyright of the European Community and is reproduced here in accordance with their best practices about “establishing” a EUPL contract.

European Union Public Licence
V. 1.1
EUPL © the European Community 2007

This European Union Public Licence (the “EUPL”) applies to the Work or Software (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work).

The Original Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following notice immediately following the copyright notice for the Original Work:

Licensed under the EUPL V.1.1

or has expressed by any other mean his willingness to license under the EUPL.

1. Definitions

In this Licence, the following terms have the following meaning:

- The Licence: this Licence.

- The Original Work or the Software: the software distributed and/or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be.

- Derivative Works: the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15.

- The Work: the Original Work and/or its Derivative Works.

- The Source Code: the human-readable form of the Work which is the most convenient for people to study and modify.

- The Executable Code: any code which has generally been compiled and which is meant to be interpreted by a computer as a program.

- The Licensor: the natural or legal person that distributes and/or communicates the Work under the Licence.

- Contributor(s): any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work.

- The Licensee or “You”: any natural or legal person who makes any usage of the Software under the terms of the Licence.

- Distribution and/or Communication: any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, on-line or off-line, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal person.

2. Scope of the rights granted by the Licence

The Licensor hereby grants You a world-wide, royalty-free, non-exclusive, sublicensable licence to do the following, for the duration of copyright vested in the Original Work:

- use the Work in any circumstance and for all usage,
- reproduce the Work,
- modify the Original Work, and make Derivative Works based upon the Work,
- communicate to the public, including the right to make available or display the Work or copies thereof to the public and perform publicly, as the case may be, the Work,
- distribute the Work or copies thereof,
- lend and rent the Work or copies thereof,
- sub-license rights in the Work or copies thereof.

Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the applicable law permits so.

In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed by law in order to make effective the licence of the economic rights here above listed.

The Licensor grants to the Licensee royalty-free, non exclusive usage rights to any patents held by the Licensor, to the extent necessary to make use of the rights granted
on the Work under this Licence.

3. Communication of the Source Code

The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to distribute and/or communicate the
Work.

4. Limitations on copyright

Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Original Work or Software, of the exhaustion of those rights or of other applicable limitations thereto.

5. Obligations of the Licensee

The grant of the rights mentioned above is subject to some restrictions and obligations
imposed on the Licensee. Those obligations are the following:

Attribution right: the Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties.The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes and/or communicates. The Licensee must cause any Derivative Work to carry prominent notices stating that the Work has been modified and the date of modification.

Copyleft clause: If the Licensee distributes and/or communicates copies of the Original Works or Derivative Works based upon the Original Work, this Distribution and/or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the Licence. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence.

Compatibility clause: If the Licensee Distributes and/or Communicates Derivative Works or copies thereof based upon both the Original Work and another work licensed under a Compatible Licence, this Distribution and/or Communication can be done under the terms of this Compatible Licence. For the sake of this clause, “Compatible Licence” refers to the licences listed in the appendix attached to this Licence. Should the Licensee’s obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence
shall prevail.

Provision of Source Code: When distributing and/or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute and/or communicate the Work.

Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing
the content of the copyright notice.

6. Chain of Authorship

The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence.

Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions to the Work, under the terms of this
Licence.

7. Disclaimer of Warranty

The Work is a work in progress, which is continuously improved by numerous contributors. It is not a finished work and may therefore contain defects or “bugs” inherent to this type of software development.

For the above reason, the Work is provided under the Licence on an “as is” basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this Licence.

This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.

8. Disclaimer of Liability

Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.

9. Additional agreements

While distributing the Original Work or Derivative Works, You may choose to conclude an additional agreement to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or services consistent with this Licence. However, in accepting such obligations, You may act only on your own behalf and on your sole responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by the fact You have accepted any such warranty or additional liability.

10. Acceptance of the Licence

The provisions of this Licence can be accepted by clicking on an icon “I agree” placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms and conditions.

Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution and/or Communication by You of the Work or copies thereof.

11. Information to the public

In case of any Distribution and/or Communication of the Work by means of electronic communication by You (for example, by offering to download the Work from a remote location) the distribution channel or media (for example, a website) must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence and the way it may be accessible, concluded, stored and reproduced by the Licensee.

12. Termination of the Licence

The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms of the Licence.

Such a termination will not terminate the licences of any person who has received the Work from the Licensee under the Licence, provided such persons remain in full compliance with the Licence.

13. Miscellaneous

Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the Work licensed hereunder.

If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or enforceability of the Licence as a whole. Such provision will be construed and/or reformed so as necessary to make it valid and enforceable.

The European Commission may publish other linguistic versions and/or new versions of this Licence, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. New versions of the Licence will be published with a unique version number.

All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take advantage of the linguistic version of their choice.

14. Jurisdiction

Any litigation resulting from the interpretation of this License, arising between the European Commission, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice of the European Communities, as laid down in article 238 of the Treaty establishing the European Community.

Any litigation arising between Parties, other than the European Commission, and resulting from the interpretation of this License, will be subject to the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.

15. Applicable Law

This Licence shall be governed by the law of the European Union country where the Licensor resides or has his registered office.

This licence shall be governed by the Belgian law if:
- a litigation arises between the European Commission, as a Licensor, and any Licensee;
- the Licensor, other than the European Commission, has no residence or registered office inside a European Union country.

Appendix

“Compatible Licences” according to article 5 EUPL are:

- GNU General Public License (GNU GPL) v. 2
- Open Software License (OSL) v. 2.1, v. 3.0
- Common Public License v. 1.0
- Eclipse Public License v. 1.0
- Cecill v. 2.0

14) Acknowledgements

 
User Contributions
Many people have found the time to send us messages, both supportive and critical alike. These have helped to improve the programme's accuracy and usability. Bug reports are particularly welcome and many thanks to those who supplied information when we were unable to reproduce certain bugs on our systems.

The following individuals have contributed translations of the user interface:

Chinese (Traditional) by Minson

Czech by Karel Michal

Danish by Rasmus Bertelsen

Dutch by Ivan Laponder

Finnish by Rami Aalto

French by Fabrice Cherrier and Pages Ludovic

French (Belgium) by Pierre Bierwertz

German by Michael Klein-Reesink

Greek by George Kaub

Hebrew by Eli Ben David

Hungarian by Viktor Varga

Indonesian by Teguh Ramanal

Italian by Roberto Tresin

Japanese by Nardog

Korean by sushizang

Polish by Marek Kordiak

Portuguese by Dick Spade

Portuguese (Brazilian) by Roman Dario Cuattrin

Russian by Valeri Kruvyalis Email: vkvkvkvkvk_at_mail_dot_ru

Serbian(Latin) by Pera Konc

Slovak by Peter of SlovakSoft: www.slovaksoft.com E mail: info_at_slovaksoft_dot_com

Spanish by Juan Miguel MartíEmail: jmmarti_at_adinet_dot_com_dot_uy

Thai by Pongsathorn Sraouthai Email: pongsathorns_at_gmail_dot_com

Turkish by Nejdet Acar

Free Software

WinAudit is free software created using free software:

Application Verfier by Microsoft Corporation

ccm by Jonas Blunck

Code::Blocks by Yiannis Mandravellos and the Code::Blocks team

Cppcheck by Daniel Marjamäki and Cppcheck team

cpplint by Google Inc.

MinGW-w64 by Kai Tietz, Jonathan Yong and project members

Source Monitor by Campwood Software LLC

Visual Studio Express by Microsoft Corportation

Trademarks
WinAudit may display marques that are trademarks or service marks of their respective holders. These are reported as stored on the system. The list below includes, but is not exhaustive of, trademarks mentioned in the documentation:

3D Now!, Athlon, Duron, Opteron, Sempron and Turion are trademarks of Advanced Micro Devices.

Active directory, ActiveX, Microsoft, Windows, Windows NT, Outlook, Visual FoxPro and Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

Ethernet is a trademark of XEROX Corporation

FireWire is a trademark of Apple Computer, Inc.

Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

MySQL is a trademark of Oracle Corporation in the United States and other countries.

Oracle is a trademark of Oracle Corporation.

SuperDisk is a trademark of Imation Enterprises Corporation.

USB is a trademark of Universal Serial Bus Implementers Forum, Inc.

©Copyright 2003-2014 Parmavex Services, all rights reserved.

WinAudit Freeware v3.1 fromParmavex Services

WinAudit is an inventory utility for Windows computers. It creates a comprehensive report on a machine's configuration, hardware and software. WinAudit is free, open source and can be used or distributed by anyone. IT experts in academia, government, industry as well as security conscious professionals in the armed services, defence contractors, electricity generators and police forces use WinAudit.

Screen shot

What's New

Version 3.1

Change: Override default '.txt' extension in log file path (thanks aamjohns)
Bug Fix: Spurious operating system edition descriptions (thanks aamjohns)
Bug Fix: Windows 10 Access Database connection issue (thanks Joao C. & Marius D.)
Bug Fix: Double count of virtual volume storage (thanks Patrick R.)
Bug Fix: Incorrect processor package identifier (thanks Karol O.)
Bug Fix: Updated list of operating system editions (thanks Neil N.)
Bug Fix: Invalid Spanish database VIEW name (thanks Ismael G.)
Bug Fix: Windows 10 incorrectly reported as Vista (thanks Aaron J.)
Bug Fix: Incorrect Japanese (Shift-JIS) characters in comma separated output (thanks Josse Q.)
Bug Fix: Incorrect GMT difference when daylight saving in effect (thanks Chris G.)
Change: Re-work database export by using a locally stored GUID in WinAuditGuid.txt.
Bug Fix: Remove redundant string buffer overflow check on database export of Fully Qualified Domain Name (thanks Chris G.)
Change: Show a message if no Extended Display Identification Data is available.
Added: Detect Windows 10.
Added: Add file extension to path in Save File dialog box.
Added: Separator declaration to csv output for Excel usability (thanks Denis D.)
Bug Fix: Incorrect operating system build number on Windows 8 (thanks Denis D.)
Added: Save data in columnar comma separated output (csv2).
Change: Two computer identifiers used for database export.
Added: Detect "Delayed Start" services (thanks suggestion George N.)
Bug Fix: Redundant rich text escape sequences (thanks Thomas L.)

In Version 3.0.11

•  Bug fix:  Redundant rich text escape sequences (thanks Thomas L.)

 In Version 3.0.10

 •  Bug fix: Missing default strings when run from the command line (thanks Thomas L.)

 In Version 3.0.9

 •  Bug fix:  Incorrect Local Group comma separated list (thanks ZeeDee)

 In Version 3.0.8

•  Bug fix: Missing Automatic Updates in SQL report (thanks RedErik)

In Version 3.0

•  Bug fix: Monitor detection bug (thanks Jiri S.).

•  Bug fix: Missing Windows Product ID on some systems (thanks Jiri S.).

•  Bug fix:  ISO8601 conformat timestamps for SQL Server (thanks Miroslav P.).

•  Added: IP Routing table (thanks James R. for suggestion).

•  Dropped: Support for Windows version prior to XP.

•  Dropped: Printing.

•  Dropped: Export data to Oracle™ database.

•  Dropped: Save report in chm, pdf and formatted text and xml formats.

•  Dropped: The lengthy tasks of finding files and listing system files.

•  Changed: Command line options.

•  Added: OLE DB Drivers.

•  Added: Timestamps in the command line (thanks Aaron J. for suggestion and testing).

•  Added: Support for PostgreSQL (thanks Lukasz Dargiewicz for suggestion and testing).

•  Bug Fix: Missing manufacturer name in data posted to database (thanks Aaron J.)

•  Bug Fix: Output file path truncation at full stop (thanks Ken C.).

•  Added: Additional security related policies and settings.

•  Added: Detect software installed by the current user.

Reviews

•  CNET: Editor reviewed - outstanding

•  BEW Global: Digital Forensics and Data Leakage Protection - Best Practices, 2011

•  e-fense: Included on Helix Live CD

•  Jones & Bartlett Learning: Laboratory Manual to Accompany System Forensics, vLab Solutions Staff

•  MajorGeeks: 5 star rating

•  Malware Forensics: Investigating and Analyzing Malicious Code, Page 85, Cameron et al.

•  Maximum PC: Annual softy award, 2007

•  Redmond Magazine: Productivity on the Go, 2006

•  Smart Computing: July 2008, Vol. 19 Issue 7, Page(s) 56-60 in print issue

•  Snapfiles: Must have freeware app

•  Softpedia: 100% clean of malware

•  Southern Illinois University: Recommend by their information security team

•  UBCD4Win: Included on Ultimate Boot CD for Windows

•  us-cert.gov: Non-Traditional Uses of Forensics in Security Analysis, Kaplan and Bittner, 2013

•  Windows ITPro: Recommended by Douglas Toombs

Known Issues

•  Report creation can be very slow when right-to-left (Hebrew) characters are present

•  Emsisoft Anti-Malware may stop and/or quarantine WinAudit. This happens when WinAudit attempts to obtain a list of programmes running on the computer. You will need to set an exception rule in Emsisoft to allow WinAudit to run.