script to scan networks

Posted on 2012-09-16
Last Modified: 2012-10-26
Hi all,

I was wondering if there is a way to do a script I can run from a command prompt that will scan the network checking for workstations that do not have a specific application installed or a service running, or a utility that will do this but that does not require installation.

I work with organizations that have an internal IT department monitoring their systems, and reporting to upper management. We monitor the system using an Agent but rely on in-house IT to install the agent and sometimes they don’t install the agent on all the workstations.  

Question by:rudym88
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    It depends if wmi and remoteregistry is allowed in the firewall otherwise many powershell/vbscripts can do this enumeration for you without an agent.  If you are outside of the Local Network then your options are severely limited as what may be acceptable within the LAN is not on the WAN.
    LVL 11

    Expert Comment

    As mentioned by v23ofa it's depandant on firewalls etc..

    You could look at there is a windows client

    Author Comment

    Thanks for the responce.

    I have full access to network resources, including the domain administrator password.

    The problem with nmap is that I have to install it. I need something that does not require installation.

    A tool like ipangry scanner or netscan.

    LVL 16

    Assisted Solution

    by:Dale Harris
    Using Active Directory, you can simply do a scan by computer name with powershell for each computer found and do the remote check to see if a program exists (you can do this by folders under program files), or if a service is running.

    This will only check computers that are online.  Here's a script example that I wrote to get computers from AD, and get the computer information for each.  You can use this as a template.

    "ComputerName;IP;Description;OS;OU;Make;Model;RAM" >> "ComputerInfo.csv"
    $Computers = @()
    #Search term is an optional way to find only computers beginning with a certain prefix to help you dial down into a list of computers by name, and not by OU
    $SearchTerm = "TEST"
    $SearchRoot = ""
    #OUCommonNames can be replaced with the different OUs you'd like to search for
    #If you don't have multiple OUs that have a common name, you can just omit
    #the entire OU's portion and search just a single OU
    $OUs = get-qadobject "OUCommonNames" -type "OrganizationalUnit" -searchroot $SearchRoot
    foreach ($OU in $OUs){
    $Computers += get-qadcomputer $SearchTerm -searchroot $OU.dn
    foreach ($Computer in $Computers){
    $ComputerName = $
    $Results = Ping $ComputerName -n 1
    $IP = ($Results[2].split(":")[0]).split(" ")[2]
    $Description = $Computer.description
    $OS = $Computer.OSName
    $OU = $Computer.dn.split(",")[2].split("=")[1]
    if ($Results[2].contains("bytes=32")){
    $ComputerInfo = gwmi -computer $ComputerName win32_ComputerSystem
    $Make = $ComputerInfo.Manufacturer
    $Model = $ComputerInfo.Model
    $RAM = (($ComputerInfo.totalphysicalmemory)/1000000000).tostring().split(".")[0]
    $LastUser = gci "\\$ComputerName\c$\users" | ?{$_.psiscontainer} | sort LastWriteTime -desc | select -first 1
    "$ComputerName;$IP;$Description;$OS;$OU;$Make;$Model;$RAM" >> "ComputerInfo.csv"
    $Description = $null
    $LastUser = $null
    $Make = $null
    $Model = $null
    $RAM = $null
    $ComputerInfo = $null
    }#end if
    }#end foreach

    Open in new window

    LVL 77

    Accepted Solution

    This script will return all computers that have software starting with something.

    # Title: Get-InstalledSoftware
    # Author: Jon Gurgul
    # ------------------------------------------------------------------
    # Modified by: David Johnson 18-Sep-2012
    # Global Variables
    $subnet = "192.168.0"
    $start= 1 
    $end = 230 
    $searchproduct = "Microsoft"
    Function Get-InstalledSoftware ($ComputerName) {
    	$Base = New-Object PSObject;
    	$Base | Add-Member Noteproperty ComputerName -Value $Null;
    	$Base | Add-Member Noteproperty Name -Value $Null;
    	$Base | Add-Member Noteproperty InstallDate -Value $Null;
    	$Results =  New-Object System.Collections.Generic.List[System.Object];
    	$Registry = $Null;
    	Try{$Registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$ComputerName);}
    		If ($Registry){
    			$UninstallKeys = $Null;
    			$SubKey = $Null;
    			$UninstallKeys = $Registry.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Uninstall",$False);
    				$SubKey = $UninstallKeys.OpenSubKey($_,$False);
    				$DisplayName = $SubKey.GetValue("DisplayName");
    				If ($DisplayName.Length -gt 0){
    					$Entry = $Base | Select-Object *
    					$Entry.ComputerName = $ComputerName;
    					$Entry.Name = $DisplayName.Trim(); 
    								[ref]$ParsedInstallDate = Get-Date
    					If ([DateTime]::TryParseExact($SubKey.GetValue("InstallDate"),"yyyyMMdd",$Null,[System.Globalization.DateTimeStyles]::None,$ParsedInstallDate)){					
    					$Entry.InstallDate = $ParsedInstallDate.Value
    					if (($$searchproduct)) {[Void]$Results.Add($Entry);}
                        else { 
    $count = 0
    $count1 = 1
    $counter = 0
    $Computers =  New-Object System.Collections.Generic.List[System.Object];
    #Write-Output("Starting Ping Search")
    $colitems = ($end - $start)+2
    $nodes  =$start..$end | foreach-object {"$subnet.$_"}
    foreach ($node in $nodes){  
        Write-Progress -Activity "Gathering Reachable Computers" -status "Found  $counter" -percentComplete ($count / $colItems*100)
        $test = test-connection $node -quiet -Count 1
        if ($test -ne $false) {
            $counter ++
            [void] $computers.add($node)         
    foreach ($comp in $computers) { 
        $numcomputers = $Computers.Count
        Write-Progress -Activity "Checking for Computers that have $searchproduct" -status "$count1 of $numcomputers" -percentComplete ($count1 / $numcomputers*100)
        $count1 ++

    Open in new window


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
    Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now