Stanford Network Registration Tool Version 3 Changes since version 2: * name changed from Health Check Tool to Stanford Network Registration Tool * support added for all 64-bit Windows OSes * support for Snow Leopard (Mac OS X 10.6) and Windows 7 * greatly improved MAC address detection and filtering (using both a "black list" and a "white list" of all IEEE-registered ethernet OUIs) * greatly improved AV software detection on both Windows (using Security Center) and Mac OS X (using a larger list of known AV products) * users are prevented from opening and running a web browser during registration (SNSR only, recognized browser processes only) * support different security software requirements for different platforms in NetDB template (SNSR only) * network throughput is estimated in order to provide a guess at how long downloading required patches will take * greatly improved logging * numerous bug fixes SNRT 3.0.12.15: * fixed serious bugs including: BigFix incorrectly required in many cases, and Mac log file not being created (causing the program to hang) * for ResComp registrations only: Mac AV will not be required for anyone using the student (jesa) organizational template SNRT 3.0.12.18: * fixed problem with AV software detection on Vista SP1 and above SNRT 3.0.13.1: * added "Save Log File to Desktop" command (Help menu) * corrected Mac BigFix detection to accommodate upgrade to Stanford's BigFix service * added Mac AV detection for: avast!, BitDefender, ClamXav, Dr.Web, McAfee VirusScan, Sophos, Symantec Norton AV, and Trend Micro Security SNRT 3.0.14.0: * new SNRT icon and graphics (including Stanford slide show during program run) * added automatic "relaunch-after-reboot," as appropriate, with file clean-up afterwards * bug reports can now be sent while on the registration network (SNSR only) * fixed crash that (rarely) occurred during admin password strength-checking on Windows * added function to check if a personal firewall (etc) is blocking SNRT * fixed a bug that might cause MAC address detection to fail if network connectivity suddenly disappeared * if a test has been run and passed within the last 60 minutes, it won't be run again * now using a much improved password-guessing dictionary (1525 basic words) * fixed several problem(s) in "What Settings Will Be Changed?" Help menu item * many other small fixes and improvements SNRT 3.0.14.2: * corrected SNRT's failure to delete itself after its last run (Mac OS X 10.6 only) * added "YankIP" functionality: when user hits Cancel, machine's IP address is removed from iptables REGSET (SNSR only) SNRT 3.0.14.3: * for ResComp registrations only: go to "exit URL" even if computer is already registered in NetDB * for ResComp registrations only: do not send HTTP header request with HTTP GET SNRT 3.0.14.4: * fixed MOSX 10.5/10.6 bug that prevented Software Update from running properly when launched from within SNRT * added variant ActiveSync MAC address to black list (00-80-00-60-0F-E8) * fixed bug introduced in 3.0.14.0 that would cause AV and BigFix tests to fail on all but first run SNRT 3.0.14.5: * removed beta tag * eliminated need for separate SNSR and "Hostreg Classic" compilations (all differences now specified in configuration file) * improved querying and logging of AV software health (Windows Security Center); improved AV software detection for Win 7 * added new Credits and Copyright Notice windows (About... box) * improved appearance of HTML in "What Settings Will Be Changed?" (Help menu) SNRT 3.0.14.6: * specifically excluded null MAC address (00:00:00:00:00:00), which apparently can sometimes slip past other exclusion rules * made download URL for MAC address white list a configurable option (in case nmap.org goes down) * created new configuration option (maxnum_macaddr) to control the number of retrieved MAC addresses that SNRT will return to the server * added NIC descriptions to log, in order to help determine WHERE Vista is getting some of the innumerable NICs it reports SNRT 3.0.14.7: * added 10.15.0.0/16 (new West Campus wireless network) to list of private registration address ranges * updated MAC address white list included in SNRT package (see http://nmap.org/svn/nmap-mac-prefixes) * modified password strength-checking routine slightly, to try to catch error on Windows XP SP3 (problem fixed in next release) SNRT 3.0.14.8: * fixed password test failures on Windows XP SP3 that would sometimes cause SNRT to hang (modified call to Win32 NetLocalGroupGetMembers()) * for slow method for Windows password strength-checking (as for domain-joined machines unable to contact DC), now using smaller dictionary * improved default short version of password-guessing dictionary * modified MAC address exclusion rules slightly to further reduce number of bogus addresses potentially returned to server (see below) * modified delete_snrt.app compiled AppleScript (which runs at login) so that it will better identify itself and its purpose SNRT 3.0.14.9: * added workaround for possible failures to write a log file on Mac OS X (will fall back on ~/Library/Logs if /Library/Logs can't be written to) * Windows only: SNRT will no longer relaunch itself after a reboot initiated solely because security settings were reconfigured on a registered machine * improved quasi-random sequencing of the splash screen's "Stanford slide show" (with a few other cosmetic changes) * for ResComp registrations only: configure SNRT to use MS Windows update site rather than Stanford's WSUS servers SNRT 3.0.15.0: * Mac OS X: automatically handle privilege elevation for standard (non-admin) users who provide admin credentials during installation * added mutex to prevent multiple instances of SNRT from running concurrently * "active IP addresses" should now be correctly logged regardless of SNRT's configuration or host's network location * added logic that might allow a single SNRT configuration to work properly for both SNSR and ResComp registrations (testing required) * 60-min no re-testing grace period now includes runs of new instances of SNRT (previously only applied to one continuous run, with or without a reboot) * Mac OS X: added awareness of (forthcoming) Google Chrome browser * Mac OS X: record details of failure to write log file to its default location in /Library/Logs * if the active NIC cannot be identified, SNRT will still register MAC addresses that are not excluded by any of the usual rules (up to maxnum_macaddr) * improvements to bug reporter UI (SNSR only) * fixed bug in MAC address detection routines (doubtful that this will help with the hanging problem described below, but it might shed light) SNRT 3.0.15.1: * Mac OS X: fixed a bug that might prevent correct detection of the BigFix client and its version number on Mac OS X 10.3 * Mac OS X: fixed a bug that in some cases might result in multiple entries for delete_snrt.app in Login Items * Mac OS X: modified delete_snrt.app to remove support files as well as the SNRT application itself (only the log file isn't deleted) * Mac OS X: cleaner authenticated relaunch of SNRT, with prompt for admin credentials, for unprivileged users after logout or system restart * Mac OS X: corrected bug that might result in SNRT relaunch helper program not being removed from user's Login Items when no longer needed * corrected bug that could lead to early termination of certain long-running operations (eg, Mac OS X password checks, Windows MSRT) * added "Save Log File to Desktop" command to Help menu for all SNRT configurations (had previously appeared only for ResComp builds) * several minor bug fixes to password-checking functions and splash screen slide show SNRT 3.0.16.0: * Mac OS X: implemented new method for password strength-checking that improves performance by multiple orders of magnitude (enabled only for testing) * fixed contingently inert string-formatting bug (trailing ampersand in MAC address list returned to server if number of NICs exceeded maxnum_macaddr) * fixed bug that sometimes would prevent logging of all active IP addresses (see 3.0.15.0 above) * Mac OS X: fixed bug that could prevent SNRT from quitting if Software Update were launched automatically after a system restart * Mac OS X: ensured that the correct home directory will be used if SNRT is running in a user context other than that of the logged-in user * Windows: all support files are now deleted when SNRT is removed (excepting the log file); cf 3.0.15.1 supra for Mac OS X * Mac OS X: fixed bug in shared library function that might have caused failures to write log files to /Library/Logs (see also above) * Mac OS X: fixed bug in delete_snrt.app that generated a harmless but annoying "file not found" error dialog on Tiger * added awareness of new 10.31.0.0/16 wireless pilot range for ResComp SNRT 3.0.16.1 (not yet released): * when an exception error is caught, the record of tests already passed is now summarily deleted * numerous small improvements to exception handling, primarily with a view to preventing unusual error conditions from causing tests to be skipped * disabled "Quit" menu item and keyboard shortcut while tests are being performed: if the process has to be killed, external means must be employed * added checksum to record of passed tests, written upon normal termination and verified at program launch * Mac OS X: modified post-installation scripts to log more information about occasional launch failures on Mac OS X 10.6 (see below) KNOWN OR SUSPECTED PROBLEMS POSSIBLY STILL EXTANT IN SNRT 3.0.16.1: * on Windows Vista (perhaps Windows 7) errant MAC addresses are appearing that, while almost certainly wrong, cannot be excluded by any existing rules - a workaround is now in place, and logging is improved to better document the scope and nature of the problem [implemented in 3.0.14.6 et seq] - SNRT logs from successful runs on Vista and Win 7 are needed to provide more troubleshooting information * on Windows XP, installed AV software (other than Sophos AV, Stanford's site-licensed solution) rarely is not recognized - possibly a WMI query is failing - install Sophos AV to bypass problem * SNRT hangs in rare cases during MAC address detection on Windows Vista and above - possibly triggered by network problems (?) - for affected computers, the problem often doesn't appear to resolve itself spontaneously - SNRT's CPU usage may become very high when it's caught in this state * on Mac OS X 10.6 (perhaps not all versions) SNRT may fail to launch after being installed - need install.log, system.log, secure.log (in /var/log) from such machines in order to diagnose * on Windows XP (not observed for other OSes), after automatically relaunching, SNRT may not recognize inactive NICs - SNRT is launched while the OS is still starting up, so Windows is failing to report complete information - when this happens, SNRT will fail to register certain MAC addresses w/ the SNSR server - a future release of SNRT (3.0.16.1?) will take steps to avoid this circumstance