Category - Reporting Contents Under Construction Contents: ------------------------------------------------------------------------------------------------------------------------------------------ Customized Windows Service Reporting How To Enumerate Local Admin Members ------------------------------------------------------------------------------------------------------------------------------------------ Δ Customized Windows Service Reporting Written by Eddie Jackson on Saturday, 08/15/2009 10:38:00 AM [filed under Shell & Reporting] ------------------------------------------------------------------------------------------------------------------------------------ Okay, there are really many ways to query for an existing Windows service. But our script specs will entail a few extra details, making coding the script a little bit time consumeing in VBScripting alone. Here are our specs: Query for the dameware service ...................................Output results in real-time to screen ...................................Output results to log file ...................................Log if workstation is offline ...................................Must be coded and report compiled in 1 day The specs are plenty easy with enough time, however, due to the timeline, we must throw something together quickly and get to reporting. What we end up coding is a 2 part script: The first part is a batch script (which saves a lot of scripting time) that loops through a text file containing the target workstations, does error handling, and outputs in real-time to screen. And secondly, a VBScript that queries the dameware service via a WMI routine and outputs results to log. ------------------------------------------------------------------------------------------------------------------------------------ Script: @rem ****************************************************************************************** @rem Script Language: Batch Shell @rem Script Name: _RUNME TO CREATE DAMEWARE LOG.BAT @rem Purpose: TO COMPILE REPORT WITH WORKSTATIONS THAT HAVE THE DAMEWARE SERVICE RUNNING @rem Creation Date: 08/11/09 @rem Last Modified: 08/12/09 @rem Author: EDDIE JACKSON @rem E-Mail: EDDIE.JACKSON@halifax.org @rem ******************************************************************************************* @ECHO off CLS @COPY /Y "\\PathTo\COMPUTERS.TXT" C:\ @COPY /Y "\\PathTo\damewareservice.vbs" C:\ @color 0a @title=Querying Dameware Service... For /F "tokens=1" %%a in (C:\computers.txt) do set PC=%%a& call :REMOTE Pause @REM ERRORTRAPPING AND OFFLINE LOGGING INTO LOG.TXT :REMOTE IF EXIST "\\%PC%\C$\BOOT.INI" GOTO NEXT ;ERRORTRAPPING IF NOT EXIST "\\%PC%\C$\BOOT.INI" GOTO ERR ;ERRORTRAPPING @REM BEGIN QUERYING FOR DAMEWARE SERVICE :NEXT Echo Querying %PC% for Dameware Service sc.exe \\%PC% getdisplayname "dwmrcs" echo. echo. Echo Querying %PC% for Dameware Service >> c:\Dameware_Log_Raw_Data.txt sc.exe \\%PC% getdisplayname "dwmrcs" >> c:\Dameware_Log_Raw_Data.txt echo. >> c:\Dameware_Log_Raw_Data.txt echo. >> c:\Dameware_Log_Raw_Data.txt @REM This runs the VBScript WMI Query wscript.exe c:\damewareservice.vbs %PC% GOTO END @REM THIS IS THE OFFLINE LOGGING :ERR Echo %PC% is not online Echo %PC%, is not online >> c:\Dameware_Log.txt @REM DONE :END   ‘ ****************************************************************************************** ‘ Script Language: VBScript ‘ Script Name: damewareservice.vbs ‘ Purpose: QUERIES DAMEWARE SERVICE VIA WMI ‘ Creation Date: 08/11/09 ‘ Last Modified: 08/12/09 ‘ Author: EDDIE JACKSON ‘ E-Mail: EDDIE.JACKSON@halifax.org ‘ ******************************************************************************************* On error resume next args = WScript.Arguments.Count strComputer = WScript.Arguments.Item(0) '''WScript.Echo strComputer Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colListOfServices = objWMIService.ExecQuery _ ("Select * from Win32_Service Where Name = 'DWMRCS'") For Each objService in colListOfServices '''WScript.Echo "Service DOES Exist" Const ForAppending1 = 8 'This creates the object Set objFSO = CreateObject("Scripting.FileSystemObject") 'This sets the LogFile Set objLogFile1 = objFSO.OpenTextFile("c:\Dameware_Log.txt", ForAppending1, True) 'This writes to the test file Set objNetwork = CreateObject("WScript.Network") objLogFile1.WriteLine Date() & "," & Time() & "," & strComputer & "," & "Dameware Service Installed" 'This closes the input objLogFile1.Close Next ------------------------------------------------------------------------------------------------------------------------------------ Δ (doc) * (pdf) * email ------------------------------------------------------------------------------------------------------------------------------------ Δ How To Enumerate Local Admin Members Written by Eddie Jackson on 07/27/2009 00:00:00 PM [filed under VBScript & Reporting] ------------------------------------------------------------------------------------------------------------------------------------ So my manager comes to me asking for a report with the local admin members for all workstations on our network, which is thousands of computers. We are realizing the security risks of having so many unknown members of the local admin group. So now we gather the information and begin removing members that do not need to be a part of the local admin group. Here are our specs: Query the local admin group ..............................Output results to log file, to be later imported into Excel spreadsheet ..............................Log if workstation is offline ..............................Must be coded and report compiled in 1 day For those of you who need to run such a report that enumerates all members of the local admin group, enterprise wide, this is what you're looking for. I am going to modify the code to make it a comma delimited file, but for right now it outputs to a text file, seperated by carriage return or character ^13 if you would like to replace it with commas manually. The comma seperated file will serve you better when importing into an excel spreadsheet. ------------------------------------------------------------------------------------------------------------------------------------ Script: ' ****************************************************************************************** ‘ Script Language: VBScript ‘ Script Name: localadminmembers.vbs ‘ Purpose: QUERIES LOCAL ADMIN GROUP FOR MEMBERS ‘ Creation Date: 07/27/09 ‘ Last Modified: ‘ Author: EDDIE JACKSON ‘ E-Mail: EDDIE.JACKSON@halifax.org '******************************************************************************************* On Error Resume Next Const ForWriting = 2 ' Variable for admin group name, modify this ' variable if the administrators account has ' been renamed. strAdminGroup = "Administrators" ' Format date/time stamp for output file strTimeDate = Year(Date) & "-" & Month(Date) & _ "-" & Day(Date) & "~~" & Hour(Time) & "-" & _ Minute(Time) ' Output file name and path strLogFile = "C:\adminaccounts-" & strTimeDate & _ ".txt" 'Create Log File Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile (strLogFile, _ ForWriting, True) ' Connect to domain and collect computer accounts Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection set objRootDSE = GetObject("LDAP://RootDSE") objCommand.CommandText = _ "SELECT Name, Location FROM 'LDAP://" & _ objRootDSE.Get("defaultNamingContext") & "'" _ & "WHERE objectClass='computer'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst ' Output domain computer accounts, connect to each ' computer, and enumerate admin account members Do Until objRecordSet.EOF strComputer = objRecordSet.Fields("Name").Value objFile.WriteLine "System: " & strComputer Set objGroup = GetObject("WinNT://" & strComputer & _ "/" & strAdminGroup) If Err <> 0 Then objFile.Writeline("*** System Unreachable ***") Err.Clear Else For Each member In objGroup.Members objFile.WriteLine member.Name Next End If objRecordSet.MoveNext objfile.writeline() Loop ------------------------------------------------------------------------------------------------------------------------------------ Δ (doc) * (pdf) * email ------------------------------------------------------------------------------------------------------------------------------------

..About ..I'm a Computer   ..Systems Engineer ..Living and loving life ........................................ ..Author .... ..Categories ....< AD ....< Exchange  ....< SQL ....< Windows ....< VBScript ....< Shell ....< HTML ....< HTA ....< PowerShell ....< Reporting ....< Healthcare ....< Networking ....< General ..Archives ....< October 2009 ....< September 2009 ....< August 2009 ....< July 2009