Couple of questions

[Hemo2]

I've downloaded the eval version of TNI 1.6.7 and am reviewing it. I have a couple of questions that I've run into and hope to get answered.

 

1. - We are interested in scanning computers that are a member of our Domain. Our Active Directory setup in our domain is branched out into sub-OU's. For example:

 

root\

----\Finance Dept\

-----------------\Laptops

-----------------\Special permissions

----\Personnel Dept\

-------------------\Laptops

-------------------\Special permissions

 

When I run the inventory wizard and scan using the "Network Places Overview" and select the "Microsoft Windows Network", I am able to browse our domain name and find computers. However, TNI doesn't seem to find any of the computers that are located in the sub-OU's like "Laptops". Am I missing something on why TNI doesn't also list all these computers?

 

Also, we have thousands of computers in our AD structure and many sub branches of OU's to organize them. Is there no way in TNI to simply "browse by OU" in our AD structure and then click on an OU and select "scan this OU and all sub OU's"? This is really what we need to be able to do. Giving a single list of thousands of comptuers in our AD is just too cumbersome to wade through. We need to first browse by OU before we even see any computer names to select, and then we need to scan all computers that exist at that OU level and any sub-OU's at that level. Can TNI do this, or is this ability planned for a future release?

 

2. - One report that is important for us is a "software count". I found a "software installations count" report, but this report doesn't list the "version" of the software. We need a total count for software installs, but we need the count broken out by "version number". We would use this to help determine which of our offices/departments need a particular software program installed. For example, the report shows a total count for Adobe Reader 9. But how do we tell if everyone is this office have Adobe Reader v9.3? If the report would break out the total counts by individual version number, we could quickly tell what offices need to have their Adobe Reader updated to the latest v9.3 to fix the security flaw. As it is, a total count that simply shows "v9" doesn't help us. Is there a "software count" report in TNI that breaks out the count by version number and not by the name of the software product?

 

3. - Since we have thousands of computers in our domain, we are constantly adding/removing/renaming computers. How does TNI reconcile this? In other words, today we run a scan and TNI brings in all the computer names. Then next month we run another scan but 50 computer names have been removed from our domain. Does TNI leave these now defunct computer names in the inventory database and our inventory is no longer accurate because it is including computer/software info in reports that no longer exist? If so, is there a way to do "ad-hoc" reports in TNI? Or perhaps an easy way to "completely empty out the TNI database" so everytime we run a scan we are assured that we are up to date on the computers that exist and the reports accurately reflect that? (If we could easily wipe out the database and start over fresh, that would be sufficient, but it would be nice if you could also do quick ad-hoc scans.)

 

EDIT: Sorry, but had another question. We wouldn't do the inventory via login scripts. When running the immediate scan, I see a message "installing service" as part of this process. What service is being installed on the remote pc and is this permanent? Also, how would we remove it from the remote pc if necessary?

 

Thank you.

[Support]

1. Network places overwiew is getting information from Windows network browser service. It lists all computers in a domain in one list, without OU's. But even this list may be incomplete, because it is refreshed by the system each 12 minutes and thus does not include computers that are offline or that were powered on less than 12 minutes ago, and so on. It also has other drawbacks specified in this article: http://en.wikipedia.org/wiki/Browser_service
Browsing the AD structure by OU's will be introduced in the next version of the program, which should be available in about two months.

2. Unfortunately there is no software installations count report broken out by version numbers at the moment. We will add such report in the next version of the program.
Currently software is considered the same if it has the same "display name", even if the "display version" is different. Some software products list their exact version in the title (e.g. Mozilla Firefox), so they are calculated as separate software, others don't do this (e.g. Adobe Reader), so they are calculated as the same software.
However looking at some available computer databases I can see that particularly Adobe Reader 9 and 9.3 can be distinguished by the title, because they are listed exactly as "Adobe Reader 9" (version 9.0.0) and "Adobe Reader 9.3" (version 9.3.0).
Besides, you can run the report which shows the versions: "Reports - Detailed reports - Installed software", then sort the table by the software title column (click on the column header), scroll to the specific software and see which computers have the version that needs an update.

3. TNI does not remove anything from the database automatically. The computers which were scanned earlier and are not present at the moment are kept in the database. So the inventory may not be accurate from this point of view. We are going to add reporting capabilities to filter out such computers or some means to remove them based on the "last updated" timestamp. Meanwhile you can empty out the database before each scan. To do this, select the first node (group) on the second level of hierarchy (just under the "Network" node), press "Ctrl+A" to select all nodes on this level, right-click the selection and choose "Delete" from the context menu.

4. The service named "TNIHelperService" (file "tniservice.exe") is installed temporarily to allow remote launch of the audit tool. This service is always stopped and uninstalled after the scan is finished and all files are removed from the remote computer, so no traces are left. More details are available here: http://docs.softinventive.com/tni/techpaper

[Hemo2]

Thank you very much for the information. I look forward to testing the next version.

[Hemo2]

As long as I'm wishing for functionality while reviewing TNI, I thought I'd add another comment.

 

The ability to browse our active domain structure and select an OU and subOU's below it to scan is a very important feature for us to have. If this ability gets added, it would also be nice if TNI would create a log (or something) of the computer names it couldn't scan. (For example, we tell it to scan all computer names that exist in a certain active directory OU but not all the computers are powered on.) If TNI kept a log of computers that didn't get scanned, it would make it easier for us to know which computers to target in the next scan to complete the inventory.

 

Also, when performing the scan, TNI allows you to specify the credentials to use for the scan. This is a vital function. But would it be possible for TNI to allow you to specify an alternate set of credentials to use if the first set fails? All of our domain admin accounts 'should' be in the local administrators group on every computer. But once in awhile that isn't the case. If we could specify an alternate set of credentials, such as specifying a "local" administrator account name/password to use, that would be nice. We specifically set the local admininstrator account names and passwords, so we know what that is for every computer we have and if a domain admin credentials were to fail, we could always use the local admin account.

[Support]

1. Surely there will be a possibility to see which computers were not scanned. It will be either a log, or those computers will be added to the network tree with a special icon, or even placed to a separate group... the final decision is not made yet.

 

2. In the current state of the new version that we have, it is possible to specify only one name and password for the domain scan. However, we will see if it's possible to add alternative credentials for the situation you describe.