Re: Patch Management & Identifying Hosts
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam@hydro.com)
Date: 02/27/03
- Next message: George Taylor: "Deny login on member server"
- Previous message: Danny Sanders: "Re: Security Groups"
- In reply to: Ray: "Patch Management & Identifying Hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> Date: Thu, 27 Feb 2003 23:08:15 +0100
Ray wrote:
> I'm working on building a patch management system for 500+ servers. In
> addition to hfnetchk (both MS & Shavlik) I've started to evaluate 3rd party
> tools. I've read Ch.5: Patch Management of the (MS) Security Operations
> Guide for Win2k Srv. The catchy part deals with identifying (OS, patch
> status & installed apps) all the hosts on the network. Other than logging
> into each server and going through Control Panel (brute force & ignorance)
> how can this be done? How can this info be gathered and put in a database?
Hi
Some input:
(a)
Command line utility PsInfo.exe in the free PsTools suite can give you OS and
patch status (but not installed apps):
>From a script, make a loop of all the server names and redirect the output from
PsInfo.exe to a file and then parse the file
http://www.sysinternals.com/ntw2k/freeware/pstools.shtml
(b)
WMI is also an option (used from e.g. a vbscript).
For inventory to a csv file using WMI from vbscript (WMI comes default with
WinME, Win2k and WinXP), in the quickFIND field, search for:
poor mans sms
at Win32 Scripting [Clarence Washington]
http://cwashington.netreach.net
for a good example of this written by Steve Pyatt.
You could also take a look at this project (WMI based):
http://poormanssms.sourceforge.net
Here is another one:
Using WMI for Inventory Management
http://www.serverwatch.com/tutorials/article.php/1475601
"A WSH script using VBScript is explained. The script uses
WMI to query a computer for some predetermined information.
The acquired information is written to a database using ADO."
If the "Add/Remove Programs" list in registry is good enough for a list of
installed programs:
In the link below it is a script that gets all computer names defined in AD
(easily rewritten to work in a NT 4.0 domain), pings them to see if they are
online, and if they are, uses WMI to enumerate the "Add/Remove Programs" list
in
registry (Function InstalledApplications).
It also get information about the OS version and the IP configuration.
Two files are created, one with a list of offline computers, and the other with
the result from the online computers.
The script can be run from any domain computer with a user that has access to
the remote computers.
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam@hydro.com)
Subject: Re: Software inventory
Newsgroups: microsoft.public.scripting.wsh
http://groups.google.com/groups?selm=3E45B735.4F5BB4D8%40hydro.com
To make a loop that handles all the computers in the domain, there exists
several ways to do this. See this articles for more on this:
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam@hydro.com)
Subject: Script that remotely moves local users from Administrators to Power
Users group
Newsgroups: microsoft.public.scripting.wsh, microsoft.public.adsi.general
Date: 2003-02-18 20:22:06 PST
http://groups.google.com/groups?selm=3E530599.8EF9AA2C%40hydro.com
Inventory of Domain Users and Computers Using ADSI
http://www.serverwatch.com/tutorials/article.php/1476791
-- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter
- Next message: George Taylor: "Deny login on member server"
- Previous message: Danny Sanders: "Re: Security Groups"
- In reply to: Ray: "Patch Management & Identifying Hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
