Identify Non windows clients on a network

[Guest]

Hi
I have cobbled up a vbs script to inventory all clients on our network. It goes through the entire subnet starting from the first IP address all the way to the last. There is just one problem. We have some HP network printers and a few Unix boxes also in this subnet. Is there a way to determine if each IP address is a windows client or not, before I try to create an object reference and so on. In short, if it is not a windows client I want to write the IP address to another file. Any help would be highly appreciated

Thanks in advance.

 

[David Candy]

Try connecting to a share on it. There is always C$ share for admins.

if exist \\127.0.0.1\C$\boot.ini echo ISShare

But you could use WMI I'm sure and ask it.

 

[Mark V]

Try connecting to a share on it. There is always C$ share for admins.

Hidden adminstrative shares are not guaranteed to exist.
And it need not necessarly be "C$". "ADMIN$" would be better.

 

[David Candy]

And MS-Dos stopped working if you deleted all it's files too. Can't stop users being stupid. If they set a registry entry it's their problem. If they use it as designed it is created at every boot.

 

[Joe Richards [MVP]]

Someone could have turned off sharing or threw up a firewall (this will most
likely be the norm once XP SP2 hits).

Disabling server services or making them unavailable from outside the machine on
a workstation class machine is pretty intelligent thing to do for the most part.

Additionally if someone has a UNIX/LINUX box with SAMBA or some other SMB
Emulator running you could have shares put into place as well. Also many NAS
devices are basically *nix boxes with an SMB Emulator so you could catch those
as well.

It isn't possible to positively prove a machine isn't a Windows machine from
vbscript.

You need something that will look at the IP header signatures to be positive.
Things like nmap or superscan and other scanner tools will do this for you.

Now on the flip side, if you know for sure what is on your network (which I
don't think the person involved here does or we wouldn't be going through an IP
scanning exercise in the first place) and how the machines are configured, you
could look for a specific service or netbios or share or whatever.

Also I have a tool on my website in the free win32 tools page that will try to
find Windows machines, it is called FindNBT. It will try to find machines that
are responding to NetBIOS status queries. This will also find the SMB Emulator
machines mentioned above and it will not find any machines that have fired up a
firewall. But it is less intensive and requires less skill than say an nmap
would require. If you don't mind using a GUI, check out SuperScan.


joe

 

[David Candy]

It's a network so no firewall. If they choose to break their computer, well can't help that. I'm not aware other computers have a boot.ini file, though the share to windir would be drive letter independent (though I would reinstall if the boot drive (what NT calls the system drive) wasn't C.

Systeminfo can connect to remote computers if WMI scripting is beyond one.

cmd /k systeminfo /s 127.0.0.1 /u Domain\User /p password

 

[Matthias Tacke]

Someone could have turned off sharing or threw up a firewall (this
will most likely be the norm once XP SP2 hits).

Disabling server services or making them unavailable from outside the
machine on a workstation class machine is pretty intelligent thing to
do for the most part.
Additionally if someone has a UNIX/LINUX box with SAMBA or some other
SMB Emulator running you could have shares put into place as well.
Also many NAS devices are basically *nix boxes with an SMB Emulator so
you could catch those as well.

It isn't possible to positively prove a machine isn't a Windows
machine from vbscript.

You need something that will look at the IP header signatures to be
positive. Things like nmap or superscan and other scanner tools will
do this for you.
Now on the flip side, if you know for sure what is on your network
(which I don't think the person involved here does or we wouldn't be
going through an IP scanning exercise in the first place) and how the
machines are configured, you could look for a specific service or
netbios or share or whatever.
Also I have a tool on my website in the free win32 tools page that
will try to find Windows machines, it is called FindNBT. It will try
to find machines that are responding to NetBIOS status queries. This
will also find the SMB Emulator machines mentioned above and it will
not find any machines that have fired up a firewall. But it is less
intensive and requires less skill than say an nmap would require. If
you don't mind using a GUI, check out SuperScan.

joe

Very well pointed out Joe.

There are truth's which are no *candys*, they taste bitter and you have
to take off the blinkers to see the world from another point of view.

A true *candy* says: "Can't stop users being stupid." One can only try
to stop that with oneself. Problem is the sufferers need selfknowledge.

 

[David Candy]

F*ck off c*nt.

 

[Matthias Tacke]

F*ck off c*nt.

I'm so sorry, if I hit you with your trousers down.

 

[Joe Richards [MVP]]

Just being on an internal network doesn't necessarily mean no firewall. It might
in your world but it isn't something we can assume when people ask for help
without a complete setup. You will also find internal LANs get firewalled more
and more with workstations themselves being firewalled and actual quarentine
networks getting set up, especially on the larger networks.

The number of viruses and other programs that do bad things on corporate
networks is growing to the point that companies have little to no choice not to
do it.

Running a firewall or disabling services on a machine that aren't used on the
machine isn't really "breaking" it. In fact, in the last corporate environment I
was in, I firewalled everything on my workstatio, except for the RDP port for my
own incoming calls from other machines. I did it to protect the machine from all
of the machines on the LAN/WAN that were infected with everything from Nimda to
Code Red to Mumu, to Sasser, to whatever. There was no reason for anyone to
connect to the machine for any served resources, no reason to advertise them.

 

[David Candy]

Then your machine isn't really on the network is it. If you come to an MS group I assume you are a MS Network with Domain controllers and clients managed by that domain controller. I was wondering why you just didn't look in Active Directory. Just in case you were a non admin or on a peer to peer network I told you how to do it. But if NetBIOS isn't open they are not part of the network. I did assume that noone in their right mind would bother configuring a firewall with NetBIOS open because it isn't worth the effort as most exploits use NetBIOS. But no NetBIOS no network. But if you do configure the firewall and open NetBIOS then shares are available because you can network.

 

[Joe Richards [MVP]]

You are absolutely 100% incorrect.

A machine can be on a network and participating with the network without sharing
resources to the network. The proper functioning of a client is to reach out and
use server resources, it is not necessarily to serve out resources. If it isn't
serving out resources it doesn't need to advertise them.

Additionally, you can have multiple domains and workgroups all on the same
network, there is nothing that requires all Windows machines to be on the same
domain on the same network. In fact, any company over say 500 users I would
expect has multiple domains/workgroups as well as standalone machines.

You are either a troll or an extremely misinformed network admin. Good luck in
whatever your goals are.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Then your machine isn't really on the network is it. If you come to an MS group I assume you are a MS Network with Domain controllers and clients managed by

that domain controller. I was wondering why you just didn't look in Active
Directory. Just in case you were a non admin or on a peer to peer network I told
you how to do it. But if NetBIOS isn't open they are not part of the network. I
did assume that noone in their right mind would bother configuring a firewall
with NetBIOS open because it isn't worth the effort as most exploits use
NetBIOS. But no NetBIOS no network. But if you do configure the firewall and
open NetBIOS then shares are available because you can network.

 

[Matthias Tacke]

MS has a script that can be run to determine the windows version. You
could use this to find you windows version, and if it's not a windows
machine (any of the versions listed on the script) it can return a
result of 0, or something that will tell you this is not a windows
machine. here is the link.
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm26.mspx

Hello Drumgod,
the script is dedicated to run on a windows computer with wsh and wmi.
It won't help to identify *different* network devices.

 

[David Candy]

Dickwad. There is no requirement to identify them.

If you f*ckwits actually read the questions.

If Client = Windows then
do wmi stuff
write IP to filea
Else
write IP to fileb
End If

 

[David Candy]

Well you've only been here for 3 years or so so I suggest you hang around for a bit longer before posting. Networks are logical costructs. As our computers are connected through the international telecommunication system you would say that we are networking. Yet we are not. You refer to web based stuff which is not networking. Networking is Novell, Lan Manager, OS/2, Dos, Windows, NT. I'm sure Unix (long known as a toy) have their equivelents to the above.

My computer is electrically connected to the phone line. Yet I don't network with the phone company, though my phone itself does (using a rather simple on/off ac/dc communication protocol).

 

[Joe Richards [MVP]]

LOL.

You aren't a very good troll.

 

[David Candy]

Oh Mr new MVP, that's because I'm not a troll. The f*ckwit also in this thread is a well known dick wad and he has a mate that spams these newsgroups. Don't you read DTS-L (I must admit I don't anymore but I get told of anything interesting).

And when you chime in after
a/ not reading the question
b/ with objections to the correct answer to the question because it doesn't answer a different question

I decide not to take shit from newcomers to these groups.

Lets see. You think the answer is wrong because sharing is turned off. If admin shares are off why would he be doing remote administration. If he had clients firewalled how would they network (and if NetBIOS is allowed in the firewall then the firewall is irrelevent).

Perhaps newcomers should stay out of other's fights.

 

[Charles Dye]

You are either a troll or an extremely misinformed network admin.

In my experience, even "misinformed" network admins know how to close
those @#&%! administrative shares.

 

[Joe Richards [MVP]]

Nod, that is why I added the "extremely". )

 

[Al Dunbar [MS-MVP]]

Quite right, that is basically what was asked, i.e. "Is there a way to
determine if each IP address is a windows client or not, before I try to
create an object reference". Thanks for bringing this back on track.

The next question to consider is which of the responses advances the OP
closer to a solution.

Drumgod's suggestion does not because it does the wmi stuff first in an
attempt to determine if the device is a windows computer. Your suggestions
(connect to c$) were constructive, but others pointed out the possibility of
some errors in the assumptions you made in the general case. Systeminfo
looks interesting, but it appears to be a little fat, taking more time on my
system than would a WMI script attempting to bind to a non-Windows device.


/Al

PS: you might want to buy a can of compressed air to clean out your
keyboard, the "u" key seems to produce an asterisk instead for some reason
;-)

Dickwad. There is no requirement to identify them.

If you f*ckwits actually read the questions.

If Client = Windows then
do wmi stuff
write IP to filea
Else
write IP to fileb
End If