Stanford Network Registration Tool Version 3

Changes since version 2:

* name changed from Health Check Tool to Stanford Network Registration Tool
* support added for all 64-bit Windows OSes
* support for Snow Leopard (Mac OS X 10.6) and Windows 7
* greatly improved MAC address detection and filtering (using both a "black list" and a "white list" of all IEEE-registered ethernet OUIs)
* greatly improved AV software detection on both Windows (using Security Center) and Mac OS X (using a larger list of known AV products)
* users are prevented from opening and running a web browser during registration (SNSR only, recognized browser processes only)
* support different security software requirements for different platforms in NetDB template (SNSR only)
* network throughput is estimated in order to provide a guess at how long downloading required patches will take
* greatly improved logging
* numerous bug fixes

SNRT 3.0.12.15:

* fixed serious bugs including: BigFix incorrectly required in many cases, and Mac log file not being created (causing the program to hang)
* for ResComp registrations only: Mac AV will not be required for anyone using the student (jesa) organizational template

SNRT 3.0.12.18:

* fixed problem with AV software detection on Vista SP1 and above

SNRT 3.0.13.1:

* added "Save Log File to Desktop" command (Help menu)
* corrected Mac BigFix detection to accommodate upgrade to Stanford's BigFix service
* added Mac AV detection for: avast!, BitDefender, ClamXav, Dr.Web, McAfee VirusScan, Sophos, Symantec Norton AV, and Trend Micro Security

SNRT 3.0.14.0:

* new SNRT icon and graphics (including Stanford slide show during program run)
* added automatic "relaunch-after-reboot," as appropriate, with file clean-up afterwards
* bug reports can now be sent while on the registration network (SNSR only)
* fixed crash that (rarely) occurred during admin password strength-checking on Windows
* added function to check if a personal firewall (etc) is blocking SNRT
* fixed a bug that might cause MAC address detection to fail if network connectivity suddenly disappeared
* if a test has been run and passed within the last 60 minutes, it won't be run again
* now using a much improved password-guessing dictionary (1525 basic words)
* fixed several problem(s) in "What Settings Will Be Changed?" Help menu item
* many other small fixes and improvements

SNRT 3.0.14.2:

* corrected SNRT's failure to delete itself after its last run (Mac OS X 10.6 only)
* added "YankIP" functionality: when user hits Cancel, machine's IP address is removed from iptables REGSET (SNSR only)

SNRT 3.0.14.3:

* for ResComp registrations only: go to "exit URL" even if computer is already registered in NetDB
* for ResComp registrations only: do not send HTTP header request with HTTP GET

SNRT 3.0.14.4:

* fixed MOSX 10.5/10.6 bug that prevented Software Update from running properly when launched from within SNRT
* added variant ActiveSync MAC address to black list (00-80-00-60-0F-E8)
* fixed bug introduced in 3.0.14.0 that would cause AV and BigFix tests to fail on all but first run

SNRT 3.0.14.5:

* removed beta tag
* eliminated need for separate SNSR and "Hostreg Classic" compilations (all differences now specified in configuration file)
* improved querying and logging of AV software health (Windows Security Center); improved AV software detection for Win 7
* added new Credits and Copyright Notice windows (About... box)
* improved appearance of HTML in "What Settings Will Be Changed?" (Help menu)

SNRT 3.0.14.6:

* specifically excluded null MAC address (00:00:00:00:00:00), which apparently can sometimes slip past other exclusion rules
* made download URL for MAC address white list a configurable option (in case nmap.org goes down)
* created new configuration option (maxnum_macaddr) to control the number of retrieved MAC addresses that SNRT will return to the server
* added NIC descriptions to log, in order to help determine WHERE Vista is getting some of the innumerable NICs it reports

SNRT 3.0.14.7:

* added 10.15.0.0/16 (new West Campus wireless network) to list of private registration address ranges
* updated MAC address white list included in SNRT package (see http://nmap.org/svn/nmap-mac-prefixes)
* modified password strength-checking routine slightly, to try to catch error on Windows XP SP3 (problem fixed in next release)

SNRT 3.0.14.8:

* fixed password test failures on Windows XP SP3 that would sometimes cause SNRT to hang (modified call to Win32 NetLocalGroupGetMembers())
* for slow method for Windows password strength-checking (as for domain-joined machines unable to contact DC), now using smaller dictionary
* improved default short version of password-guessing dictionary
* modified MAC address exclusion rules slightly to further reduce number of bogus addresses potentially returned to server (see below)
* modified delete_snrt.app compiled AppleScript (which runs at login) so that it will better identify itself and its purpose

SNRT 3.0.14.9:

* added workaround for possible failures to write a log file on Mac OS X (will fall back on ~/Library/Logs if /Library/Logs can't be written to)
* Windows only: SNRT will no longer relaunch itself after a reboot initiated solely because security settings were reconfigured on a registered machine
* improved quasi-random sequencing of the splash screen's "Stanford slide show" (with a few other cosmetic changes)
* for ResComp registrations only: configure SNRT to use MS Windows update site rather than Stanford's WSUS servers

SNRT 3.0.15.0:

* Mac OS X: automatically handle privilege elevation for standard (non-admin) users who provide admin credentials during installation
* added mutex to prevent multiple instances of SNRT from running concurrently
* "active IP addresses" should now be correctly logged regardless of SNRT's configuration or host's network location
* added logic that might allow a single SNRT configuration to work properly for both SNSR and ResComp registrations (testing required)
* 60-min no re-testing grace period now includes runs of new instances of SNRT (previously only applied to one continuous run, with or without a reboot)
* Mac OS X: added awareness of (forthcoming) Google Chrome browser
* Mac OS X: record details of failure to write log file to its default location in /Library/Logs
* if the active NIC cannot be identified, SNRT will still register MAC addresses that are not excluded by any of the usual rules (up to maxnum_macaddr)
* improvements to bug reporter UI (SNSR only)
* fixed bug in MAC address detection routines (doubtful that this will help with the hanging problem described below, but it might shed light)

SNRT 3.0.15.1:

* Mac OS X: fixed a bug that might prevent correct detection of the BigFix client and its version number on Mac OS X 10.3
* Mac OS X: fixed a bug that in some cases might result in multiple entries for delete_snrt.app in Login Items
* Mac OS X: modified delete_snrt.app to remove support files as well as the SNRT application itself (only the log file isn't deleted)
* Mac OS X: cleaner authenticated relaunch of SNRT, with prompt for admin credentials, for unprivileged users after logout or system restart
* Mac OS X: corrected bug that might result in SNRT relaunch helper program not being removed from user's Login Items when no longer needed
* corrected bug that could lead to early termination of certain long-running operations (eg, Mac OS X password checks, Windows MSRT)
* added "Save Log File to Desktop" command to Help menu for all SNRT configurations (had previously appeared only for ResComp builds)
* several minor bug fixes to password-checking functions and splash screen slide show

SNRT 3.0.16.0:

* Mac OS X: implemented new method for password strength-checking that improves performance by multiple orders of magnitude (enabled only for testing)
* fixed contingently inert string-formatting bug (trailing ampersand in MAC address list returned to server if number of NICs exceeded maxnum_macaddr)
* fixed bug that sometimes would prevent logging of all active IP addresses (see 3.0.15.0 above)
* Mac OS X: fixed bug that could prevent SNRT from quitting if Software Update were launched automatically after a system restart
* Mac OS X: ensured that the correct home directory will be used if SNRT is running in a user context other than that of the logged-in user
* Windows: all support files are now deleted when SNRT is removed (excepting the log file); cf 3.0.15.1 supra for Mac OS X
* Mac OS X: fixed bug in shared library function that might have caused failures to write log files to /Library/Logs (see also above)
* Mac OS X: fixed bug in delete_snrt.app that generated a harmless but annoying "file not found" error dialog on Tiger
* added awareness of new 10.31.0.0/16 wireless pilot range for ResComp

SNRT 3.0.16.1 (not yet released):

* when an exception error is caught, the record of tests already passed is now summarily deleted
* numerous small improvements to exception handling, primarily with a view to preventing unusual error conditions from causing tests to be skipped
* disabled "Quit" menu item and keyboard shortcut while tests are being performed: if the process has to be killed, external means must be employed
* added checksum to record of passed tests, written upon normal termination and verified at program launch
* Mac OS X: modified post-installation scripts to log more information about occasional launch failures on Mac OS X 10.6 (see below)


KNOWN OR SUSPECTED PROBLEMS POSSIBLY STILL EXTANT IN SNRT 3.0.16.1:

* on Windows Vista (perhaps Windows 7) errant MAC addresses are appearing that, while almost certainly wrong, cannot be excluded by any existing rules
	- a workaround is now in place, and logging is improved to better document the scope and nature of the problem [implemented in 3.0.14.6 et seq]
	- SNRT logs from successful runs on Vista and Win 7 are needed to provide more troubleshooting information
* on Windows XP, installed AV software (other than Sophos AV, Stanford's site-licensed solution) rarely is not recognized
	- possibly a WMI query is failing
	- install Sophos AV to bypass problem
* SNRT hangs in rare cases during MAC address detection on Windows Vista and above
	- possibly triggered by network problems (?)
	- for affected computers, the problem often doesn't appear to resolve itself spontaneously
	- SNRT's CPU usage may become very high when it's caught in this state
* on Mac OS X 10.6 (perhaps not all versions) SNRT may fail to launch after being installed
	- need install.log, system.log, secure.log (in /var/log) from such machines in order to diagnose
* on Windows XP (not observed for other OSes), after automatically relaunching, SNRT may not recognize inactive NICs
	- SNRT is launched while the OS is still starting up, so Windows is failing to report complete information
	- when this happens, SNRT will fail to register certain MAC addresses w/ the SNSR server
	- a future release of SNRT (3.0.16.1?) will take steps to avoid this circumstance