Improve company productivity with a Business Account.Sign Up

x
?
Solved

Scriupt to look for XP machines

Posted on 2014-04-09
9
Medium Priority
?
205 Views
Last Modified: 2014-04-28
Greeting Experts,

Does anybody know of a script that can scan for Windows XP based on a IP range instead of Windows Active Directory.  I support large number of sites using windows XP and do not have it registered in AD.  So to reduce our risk, I need to find those machines hiding out in the dark corners of my network.  Unfortunately, most people do not want to give up a legacy machine that is no longer supported by Microsoft. So they try to let one or two slip throw the cracks… but when you add all of those up in enterprise environment the numbers can get very high…..
0
Comment
Question by:Mike
9 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39989949
You can use Nmap with the switch -o, and it will try to guess the OS of the live hosts.

See here: http://nmap.org/book/man-os-detection.html

HTH,
Dan
0
 

Author Comment

by:Mike
ID: 39989994
ok... but I looking for something that will ignore everything else and report back only those machines using XP....
0
 
LVL 42

Expert Comment

by:footech
ID: 39990027
Are you saying the WinXP machines are not joined to the domain?
You might try something like what is posted in
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28406930.html
You can look up the OS type via WMI if you have the proper credentials.  If that would work for you it should easy enough to modify to perform a scan based on IP address rather than computer names.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39991546
are they all having the same local Administrator password?
0
 

Author Comment

by:Mike
ID: 39991591
yes... they would have the same password...
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39991719
when the machine is online, do they register their name in DNS?

another word, if you nslookup the IP of the xp machine, does it resolve to name?

you can try this when prompt for credential
username: .\Administrator
password: the local admin password

$Cred = Get-Credential
$IPs = Get-Content 'C:\IP.csv'
Foreach ($IP in $IPs)
{
$Ping = Test-Connection $IP -Count 1 -Quiet -ErrorAction SilentlyContinue
if ($Ping -eq $True)
{
$Win32Obj = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $IP -Credential $Cred -ErrorAction SilentlyContinue
}
if ($Ping -eq $False)
{
Write-Host "$IP is not pingable"
$Win32Obj.caption = $Null
}

$array = @()
$Properties = @{"IP Address"=$IP;"Pingable"=$Ping;"Operating System"=$Win32obj.caption}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

#$Outpath = "C:\Export.csv"
$array | Select-Object "IP Address",Pingable,"Operating System"`
#| export-csv $Outpath -Append
}

Open in new window

0
 

Author Comment

by:Mike
ID: 39991748
Most are registered with DNS but some are not... those are the ones I looking to track down
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 2000 total points
ID: 39994006
nmap is the way

try something like this

sudo nmap -O 192.168.1.1 192.168.1.29 | sed -n '/report/ h ; /XP/ {x ; p}' | grep report

the sed reads any 'report' line and sticks them in the hold space.
if 'XP' is found the contents of the hold space is printed ('x' exchanges hold and pattern and 'p' prints. the same letters are used but it is just by chance)

the additional grep is to remove garbage if 'XP' appears multiple times under the host which i am too lazy to do with the sed
0
 

Author Closing Comment

by:Mike
ID: 40027932
Nmap string worked perfect... thank you
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Excel allows various different methods to link Excel files to each other. This includes relative paths, mapped drives (or the local drive) and UNC paths. UNC paths are the least robust of the three.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Screencast - Getting to Know the Pipeline

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question