Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Collecting information from every PC on the network


  • Please log in to reply
9 replies to this topic

#1 sburns1992

sburns1992

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 23 January 2014 - 11:22 AM

Hey Guys,
First post, sorry if this is in the wrong section or has previously been answered. I've tried searching around but cannot find anything.
 
Can someone please tell me if there is a way of scanning an entire network of computers and pulling back information from the registry by using a batch file/VB script or other program?
 
Basically I need to get a date from a specific area with the PCs registry, but would prefer not to connect into each and every one manually to retrieve the data. Would be handy if there was a way of pulling this from every PC on the network, into a text file, using a script.
 
This would need to include automatic scanning of the network addresses (possibly by using arp -a), this is because there are a number of businesses I need to run this on, which all use different IP ranges.
 
Thanks in advance!
 
Scott.

Edited by sburns1992, 23 January 2014 - 11:32 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:55 PM

Posted 23 January 2014 - 04:29 PM

You might want to try this: http://technet.microsoft.com/en-us/library/bb491007.aspx

You might want to try this one for network discovery: http://www.manageengine.com/products/oputils/download-free.html

Edited by cryptodan, 23 January 2014 - 04:32 PM.


#3 sburns1992

sburns1992
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 23 January 2014 - 05:11 PM

Hey thanks for the reply, that's not really what I'm after though. I'm generally just looking for a batchfile that will scan the network using arp -a then use those IP  addresses to pull one registry key in regedit and display this specific key from all of the computers in a single text file.



#4 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:55 AM

Posted 23 January 2014 - 05:58 PM

Then why not use something like this (Off the top of my head)

@ echo off

:: Get the list of computers, Make sure you have nertwork discovery on the server

net view >> C:\MachineList.txt

:: Now iterate through the list to get your registry key


FOR /F "delims=\\" %%a IN (C:\MachineList.txt) DO (
    Reg.exe QUERY "Somekeyehere" >> C:\%%a_Reg.txt
    )
pause

 

Now i havnt tested this but it should work.



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:55 AM

Posted 23 January 2014 - 06:06 PM

another version using wmic to get simple info

@ echo off

:: Get the list of computers, Make sure you have nertwork discovery on the server

del C:\MachineList.txt && net view | find /i "\\" | sort >> C:\MachineList.txt

:: Now iterate through the list to get your registry key


FOR /F "delims=\\" %%a IN (C:\MachineList.txt) DO (
    echo Scanning %%a
        ::Reg.exe QUERY "Somekeyehere" >> C:\%%a_Reg.txt
    wmic /node:%%a /output:"%%a.html" computersystem list full /format:htable.xsl
    )
pause

Odviously you can much more info about a computer and using wmic and a batch fiel you dont even need to purchase software LOL.


Edited by JohnnyJammer, 23 January 2014 - 06:10 PM.


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:55 PM

Posted 23 January 2014 - 07:12 PM

The reason why you do not use the arp -a command is that it will only display the arp cache for any computer that has been pinged by the others on the network.  Doing a network discovery will discover all connected and powered on devices from printers to phones.  net view will only work on machines that have file and printer sharing enabled and not firewalled.  THat is why I recommended the network discovery process.  You can then take the IP's out of that, and use a command like the above to get the information you want from the registry. 

 

The network discovery process not only give you an over view of your network, but you can easily then track your devices and make a spreadsheet or database called a configuration management db to manage all devices on the network making it easier to perfrm simple tasks and to track them.

 

so for instance you have computer a with IP of 10.9.9.234 it has been pinged or has touched the following

 

10.9.9.1 - router

10.9.9.9 - dns server1

10.8.8.9 - dns server2

10.9.9.12 - printer1

10.9.9.23 - fileserver1

10.8.8.23 - fileserver2

 

Where as there are other computers on the network and your information would be incomplete.



#7 sburns1992

sburns1992
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 24 January 2014 - 04:15 AM

@JohnnyJammer - Thanks for the help, unfortunately that script only brings back random information about the computer and not the Reg key that I specified.



#8 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:55 AM

Posted 24 January 2014 - 06:55 PM

@JohnnyJammer - Thanks for the help, unfortunately that script only brings back random information about the computer and not the Reg key that I specified.

But you didnt specify a registyry at all hence i commented out that command using the ::, take them away and it will work with the key you provide.

Reg.exe QUERY "Somekeyehere" >> C:\%%a_Reg.txt



#9 sburns1992

sburns1992
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 27 January 2014 - 09:29 AM

No worries, got it sorted with a VBS script. (Pasting into the forums makes it all go out of align)

CheckStartMode

On error resume next

 

Const RegistryKeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine"

Const RegistryKeyName = "AVDatDate"

 

Const Logfile = "RegReport.txt"

CreateLogfile

Call addToLog("REGISTRY KEY SCAN" &vbCrLf)

Call addToLog("Key path: " & RegistryKeyPath)

Call addToLog("Key name: " & RegistryKeyName &vbCrLf)

Wscript.StdOut.WriteLine "Searching the network for key values..." &vbCrLf

 

' Create temporary ARPCache TXT file

' %comspec% is the environment variable for cmd.exe

Set Shell = WScript.CreateObject("WScript.Shell")

Return = Shell.Run("%comspec% /c arp -a > %temp%\ARPcache.txt", 0 ,True)

Set fso = CreateObject("Scripting.FileSystemObject")

Const ForReading = 1

Set ARPcacheTXTFile = fso.OpenTextFile(fso.GetSpecialFolder(2) & "\ARPcache.txt", ForReading)

strSearchString = ARPcacheTXTFile.ReadAll

ARPcacheTXTFile.Close

 

' Regular Expression to match IP octets

Set objRegEx = CreateObject("VBScript.RegExp")

objRegEx.Global = True   

objRegEx.Pattern = "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"

 

' Find IP Addresses in ARPCache.txt

Set colMatches = objRegEx.Execute(strSearchString)  

If colMatches.Count > 0 Then

            FilterFlag = 0

            For Each IPMatch In colMatches       

                        ' Filtering out the default gateway 

                        strComputer = "."

                        Set objWMIService = GetObject("winmgmts:" _

                                                            & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

                        Set IPConfigSet = objWMIService.ExecQuery _

                                                            ("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")

                                                For Each IPConfig in IPConfigSet

                                                                        If Not IsNull(IPConfig.DefaultIPGateway) Then 

                                                                                    For i=LBound(IPConfig.DefaultIPGateway) to UBound(IPConfig.DefaultIPGateway)

                                                                                                If IPMatch=IPConfig.DefaultIPGateway(i) Then 

                                                                                                            Call addToLog(IPMatch & " (Default Gateway)")

                                                                                                            Call addToLog("    n/a" & vbCrLf) 

                                                                                                            FilterFlag=1

                                                                                                End If

                                                                                    Next

                                                                        End If

                                                            ' Filtering out the localhost

                                                            If Not IsNull(IPConfig.IPAddress) Then 

                                                                        For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)

                                                                                                If IPMatch=IPConfig.IPAddress(i) Then

                                                                                                            Call addToLog(IPMatch & " (Localhost/Server)")

                                                                                                            Call addToLog(RegistryKeyValue(".", RegistryKeyPath, RegistryKeyName) & vbCrLf)

                                                                                                            FilterFlag=1

                                                                                                End If

                                                                        Next

                                                            End If

                                                Next                

            

                        ' Filtering out the subnetmask mask & multi-cast addresses

                        If FilterFlag=0 and Left(IPMatch.Value, 3) <> "255" and Left(IPMatch.Value, 3) <> "224" and Left(IPMatch.Value, 3) <> "239" and Right(IPMatch.Value, 3) <> "255" Then 

                                    

                                    ' Display the key value and write it to the logfile

                                    Call addToLog(IPMatch)

                                    Call addToLog(RegistryKeyValue(IPMatch, RegistryKeyPath, RegistryKeyName) & vbCrLf)

                                                                                                

                        End If                          

 

                        ' Reset FilterFlag

                        If FilterFlag=1 Then FilterFlag=0

                        

            Next

End If

 

Call addToLog("Search completed")

WScript.StdOut.WriteLine vbCrLf & "Results saved to %temp%\RegReport.txt"

Wscript.StdOut.WriteLine "Do you want to view the report? (y/n)"

StrOption = Wscript.StdIn.ReadLine

            If StrOption="Y" Or StrOption="y" Then

                        Return = Shell.Run("%comspec% /c %temp%\RegReport.txt")

            End If

            

Function RegistryKeyValue(Hostname, KeyPath, KeyName)

            Const ForReading = 1

            Set Shell = WScript.CreateObject("WScript.shell")

            ' Execute Reg Query and send output to TXT file

            ErrReturn = Shell.run("%comspec% /c reg query ""\\" & Hostname & "\" & KeyPath & """ /v """ & KeyName & """ > %temp%\RegValue.txt",0,true)

            Set fso  = CreateObject("Scripting.FileSystemObject")

            Set txtFile = fso.OpenTextFile(fso.GetSpecialFolder(2) & "\RegValue.txt", ForReading)

            If ErrReturn = 0 Then

                        'Skip the first two lines of the Reg Query output 

                        txtFile.Skipline

                        txtFile.Skipline

                        RegistryKeyValue = txtFile.ReadLine

                        txtFile.Close

            Else

                        RegistryKeyValue = "    Key not found or not accessible"

            End If

End Function

 

Sub CreateLogfile

            Const Overwrite = True

            Set fso = CreateObject("Scripting.FileSystemObject")

            ' fso.GetSpecialFolder(2) returns the environment variable for the %temp% folder

            Set objLogFile = fso.CreateTextFile(fso.GetSpecialFolder(2) & "\" & Logfile, Overwrite)

End Sub

 

Sub addToLog(Text)

            Const ForAppending = 8

            Wscript.StdOut.WriteLine Text

            Set fso = CreateObject("Scripting.FileSystemObject")        

            Set objLogFile = fso.OpenTextFile(fso.GetSpecialFolder(2) & "\" & Logfile, ForAppending)

            objLogFile.WriteLine Text

End Sub

 

Sub CheckStartMode

     ' Returns the running executable as upper case from the last \ symbol

     strStartExe = UCase( Mid( wscript.fullname, instrRev(wscript.fullname, "\") + 1 ) )

     If Not strStartExe  = "CSCRIPT.EXE" Then

          ' This wasn't launched with cscript.exe, so relaunch using cscript.exe explicitly

          ' wscript.scriptfullname is the full path to the actual script

          Set Shell = CreateObject("WScript.shell")

          Shell.Run "cscript.exe """ & Wscript.scriptfullname & """"

          Wscript.quit

     End If

End Sub

 



#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:55 AM

Posted 28 January 2014 - 10:37 PM

man thats a lot of code for such a simple task, seriously mate you could have achieved the same thing but usign the batch file posted above and also called the different network subnets (A server located one ach subnet) to do all the work and save to a  DFSR namespace.

like

wmic /node:server1,server2,server3,server4 process call craete "\\somenetwork.com.au\netlogon\batchfilehere.bat"

 

Anyway at least you found a solution.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users