We help IT Professionals succeed at work.

get a remote windows server OS version and IP address without access permission on that server

howruaz9
howruaz9 used Ask the Experts™
on
Is it possible to get a remote windows server OS version and IP address without access permission on that server?

I know VBScript (  Set colGroups = GetObject("WinNT://" & strComputer & "")      colGroups.Filter = Array("group")  ) can get remote windows server groups information. Is there similar way to get server OS, IP address information.

When I use Windows Management Instrumentation (WMI) query, do I must have access permission on that server?

Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Generally it is not possible.
You should have access rights before you can use WMI, remote registry or any other method.
You can do some fingerprinting i.e. with nmap. Sometimes some services can give you additional information. i.e. when webpage responds "IIS 7.5" you can guess it's Windows 7 or 2008R2 etc.
Darren CollinsTech Lead (Windows), Endpoint Device Management Services

Commented:
Hi howruaz9,

It is not completely clear from your question if the ADSI WinNT provider queries on the groups are working for you.  If they are then you must have some sort of minimum permissions.

If the ADSI WinNT provider IS working, you can use it to obtain the operating system and the OS version.

The code below (VBScript) demonstrates this. For XP for example, it will return OS = Windows NT and OS Ver = 5.1 - Windows XP internally is version NT 5.1

I have also included one method of obtaining an IP address from any ping-able computer, provided you already know the computer name, by using ping via WMI.  The fResolveIP function below uses WMI on the local computer, it does not attempt to bind to a remote computer using WMI, it effectively runs 'ping' from the local computer.

Hope this helps,
Daz.
strComputer = "SRV01"  '# Change to your server name
Set objComputer = GetObject("WinNT://" & strComputer & ",computer")

MsgBox "OS = " & objComputer.OperatingSystem & vbCrlf & "OS Ver = " & objComputer.OperatingSystemVersion

MsgBox  "IP Address = " & fResolveIP(strComputer)


Function fResolveIP(strComputer)
    Dim wmiQuery, objWMIService, objPing, objStatus
    
    wmiQuery = "Select * From Win32_PingStatus Where " & _
    "Address = '" & strComputer & "'"
    
    Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
    Set objPing = objWMIService.ExecQuery(wmiQuery)
    
    For Each objStatus in objPing
        If IsNull(objStatus.StatusCode) Or objStatus.Statuscode<>0 Then
            fResolveIP = "Computer is Unreachable!"
        Else
            fResolveIP = objStatus.ProtocolAddress
        End If
    Next
End Function

Open in new window

Author

Commented:
Thanks so much Daz_1234.
I have tested your VBScript. It worked very well on the local computer and some remote computers in intranet.
I'm very new in VBScript. I was wondering why I can get all groups information from all servers in a domain without access permission (using "Set colGroups = GetObject("WinNT://" & strComputer & "") " and  "colGroups.Filter = Array("group")"); but can't get OS version and IP address without access permission from these servers.
I really appreciate your help!
 
 
Darren CollinsTech Lead (Windows), Endpoint Device Management Services

Commented:
Hi howruaz9,

When you say 'without access permission', you must have some permission, even if it is basic in order to get the information, depending on how the security in your domain / network is configured.  If you literally had no permission then you would not be able to extract any information from the computer.

If you can enumerate the groups using the WinNT provider, then I would expect getting the OS Version should work on the same computers.  
- Can you confirm that there are computers you can get groups from but not the OS Version?   If so I find this surprising.

Getting the IP address using the method I gave you relies on the name being able to be resolved and a ping being returned from the computer - this is dependent on the WINS / DNS setup of your network and whether any firewalls are set to block returns when pinged.

If you post the script you are using it might help me to see what is happening.

Regards,
Daz.

Author

Commented:
Sorry Daz_1234,  I forgot to post my script. Please check that script as below.
I do hope your script can find the OS and IP on the servers that my script can get group information. That is what I really need.
After testing, I found if I'm admin on that server, both script work. If not, your script get error message: while my script work. I really want to know WHY.
Error: General access denied error
Code: 80070005
Source: Active Directory
 Thanks very much Daz_1234
------------------

Dim var1
Dim var2
Dim strComputer
const ADS_SCOPE_SUBTREE = 2

on error resume next

Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile("PC_Info.txt",2,true)

tf.write("Server" + ";" + "Group(s)" + ";" + "Member(s)" + ";" + "Display Name" + ";")
tf.writeline("AdsPath")

 strComputer = "server name"
 Set colGroups = GetObject("WinNT://" & strComputer & "")
 colGroups.Filter = Array("group")
 For Each objGroup In colGroups
  For Each objUser in objGroup.Members
   var1 = objUser.Name
   var2 = objUser.FullName
   If Err.Number = 0 then
    tf.writeline(strComputer + ";" + objGroup.Name + ";" + objUser.Name + ";" + chr(34) + objUser.FullName + chr(34) + ";" + objUser.AdsPath)
   Else
    tf.writeline(strComputer + ";" + objGroup.Name + ";" + objUser.Name + ";" + Chr(34) + chr(34) + ";" + objUser.AdsPath)
    Err.clear()
   End if
   var1 = empty
   var2 = empty    
      Next
 Next
tf.close()
Wscript.quit
Darren CollinsTech Lead (Windows), Endpoint Device Management Services

Commented:
Hi howruaz9,

Below is your script with some minor amendments and one significant one.

I have put in the bit to get the OS Version.

Please can you test on a computer that failed before?

(Other changes I made were mostly cosmetic, and I have commented out On Error Resume Next for testing)

Regards,
Daz.
Dim var1
Dim var2
Dim strComputer

'on error resume next

Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile("PC_Info.txt",2,true)

tf.write("Server;OS Version;Group(s);Member(s);Display Name;")
tf.writeline("AdsPath")

strComputer = "oucs-ds"
Set objComputer = GetObject("WinNT://" & strComputer)
OSVer = objComputer.OperatingSystemVersion

objComputer.Filter = Array("group")

For Each objGroup In objComputer
    For Each objMember in objGroup.Members
        var1 = objMember.Name
        If objMember.Class <> "Group" And Err.Number = 0 Then
            var2 = objMember.FullName
            tf.writeline(strComputer & ";" & OSVer & ";" & objGroup.Name & ";" & var1 & ";" & chr(34) & var2 & chr(34) & ";" & objMember.AdsPath)
        Else
            tf.writeline(strComputer & ";" & OSVer & ";" & objGroup.Name & ";" & var1 & ";" & Chr(34) & chr(34) & ";" & objMember.AdsPath)
            Err.Clear
        End If
        var1 = ""
        var2 = ""
     Next
Next 
tf.close()

MsgBox "Done!"

Wscript.quit

Open in new window

Author

Commented:
Daz_1234, Please check testing result  as below. Thanks very much.
1.bmp
2.bmp

Author

Commented:
Hi Daz_1234,
I have tested 3 servers that I'm administrator. on one of them you rscript work; other 2 server failed as "An unknown directory user object was requested"
Darren CollinsTech Lead (Windows), Endpoint Device Management Services

Commented:
Hi howruaz9,

Well I'm afraid the news isn't good.  The unknown directory user object just needs  more robust scripting to avoid, but the access denied error is pretty conclusive.

For some reason the server is happy for you to know all the groups and members of its local groups, but is not happy to give up which version of Windows it is running (certainly by the WinNT provider anyway).

Are you logging onto a domain?  Are the servers you want to query on the same domain?

If so and you don't mind waiting (I'm a bit busy today) I'll sort out a sample LDAP AD query for you which may work depending on your domain rights and setup.

Regards,
Daz.

Author

Commented:
Yes Daz_1234, I login a domain and all servers on the same domain.
I'm very new in VBScript. The script I posted written by my colleague and he went to another company. So I do need your help.
Take your time and thanks a lot.
Tech Lead (Windows), Endpoint Device Management Services
Commented:
Hi howruaz9,

Below is a script that should return all what you want.  You will recognize some of the script as I just added to what you already had.

I have also added in the IP Address part - But this slows down the query considerably.  I can't think of a faster way to get the IP address other than an effective ping of the computername (without permissions to query the server directly that is).

Anyway, see how you go!

Regards,
Daz.

Dim var1
Dim var2
Dim strComputer
Dim dicCompOS

'on error resume next

Set dicCompOS = CreateObject("Scripting.Dictionary")
GetOSs()   '# Load Dictionary with all Domain Computers' Operating Systems

Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile("PC_Info.txt",2,true)

'### Set Computer Here ###
strComputer = "YOUR_SRV"



tf.write("Server;IP Address;OS Name;OS Service Pack;Group(s);Member(s);Display Name;")
tf.writeline("AdsPath")

Set objComputer = GetObject("WinNT://" & strComputer)

objComputer.Filter = Array("group")

strIPAddress = fResolveIP(strComputer)

For Each objGroup In objComputer
    For Each objMember in objGroup.Members
        var1 = objMember.Name
        If objMember.Class <> "Group" And Err.Number = 0 Then
            var2 = ""
            On Error Resume Next
            var2 = objMember.FullName
            On Error Goto 0
            OSName = Split(dicCompOS(UCase(strComputer)), "¶")(0)
            OSSP   = Split(dicCompOS(UCase(strComputer)), "¶")(1)
            tf.writeline(strComputer & ";" & strIPAddress & ";" & OSName & ";" & OSSP & ";" & objGroup.Name & ";" & var1 & ";" & chr(34) & var2 & chr(34) & ";" & objMember.AdsPath)
        Else
            tf.writeline(strComputer & ";" & strIPAddress & ";" & OSName & ";" & OSSP & ";" & objGroup.Name & ";" & var1 & ";" & Chr(34) & chr(34) & ";" & objMember.AdsPath)
            Err.Clear
        End If
        var1 = ""
        var2 = ""
     Next
Next 
tf.close()

MsgBox "Done!"

Wscript.quit




Sub GetOSs()

    '# ADO Init
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    strConfig = objRootDSE.Get("configurationNamingContext")
    Set objCommand = CreateObject("ADODB.Command")
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open = "ADProvider"
    objCommand.ActiveConnection = objConnection
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 900
    '#

    '### LDAP Filter ###
    strFilter = "(&(objectClass=computer))"

    '### Attributes to retrieve ###
    strAttributes = "sAMAccountName,operatingSystem,operatingSystemServicePack"

    '### Execute LDAP Query ###
    strBase = "<LDAP://" & strDNSDomain & ">"'
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    objCommand.CommandText = strQuery
    'On Error Resume Next
    Set objRecordSet = objCommand.Execute

    '### Go through records returned and store info ###
    Do Until objRecordSet.EOF
        dicCompOS(UCase(Replace(objRecordSet.Fields("sAMAccountName"), "$", ""))) = objRecordSet.Fields("operatingSystem") & "¶" & objRecordSet.Fields("operatingSystemServicePack")
        'MsgBox dicCompOS(objRecordSet.Fields("sAMAccountName")),,objRecordSet.Fields("sAMAccountName")
        objRecordSet.MoveNext
    Loop

End Sub

Function fResolveIP(strComputer)
    Dim wmiQuery, objWMIService, objPing, objStatus
    
    wmiQuery = "Select * From Win32_PingStatus Where " & _
    "Address = '" & strComputer & "'"
    
    Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
    Set objPing = objWMIService.ExecQuery(wmiQuery)
    
    For Each objStatus in objPing
        If IsNull(objStatus.StatusCode) Or objStatus.Statuscode<>0 Then
            fResolveIP = "Unknown"
        Else
            fResolveIP = objStatus.ProtocolAddress
        End If
    Next
End Function

Open in new window

Author

Commented:
Excellent, This script is exact what I need.

Daz_1234, I really appreciate your help!

Hope you had a nice weekend.