WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
Solved
Scriupt to look for XP machines
Posted on 2014-04-09
Greeting Experts,
Does anybody know of a script that can scan for Windows XP based on a IP range instead of Windows Active Directory. I support large number of sites using windows XP and do not have it registered in AD. So to reduce our risk, I need to find those machines hiding out in the dark corners of my network. Unfortunately, most people do not want to give up a legacy machine that is no longer supported by Microsoft. So they try to let one or two slip throw the cracks… but when you add all of those up in enterprise environment the numbers can get very high…..
Does anybody know of a script that can scan for Windows XP based on a IP range instead of Windows Active Directory. I support large number of sites using windows XP and do not have it registered in AD. So to reduce our risk, I need to find those machines hiding out in the dark corners of my network. Unfortunately, most people do not want to give up a legacy machine that is no longer supported by Microsoft. So they try to let one or two slip throw the cracks… but when you add all of those up in enterprise environment the numbers can get very high…..
-
4
2
- +2
9 Comments
Active 3 days ago
You can use Nmap with the switch -o, and it will try to guess the OS of the live hosts.
See here: http://nmap.org/book/man-os-detection.html
HTH,
Dan
See here: http://nmap.org/book/man-os-detection.html
HTH,
Dan
Active 1 day ago
ok... but I looking for something that will ignore everything else and report back only those machines using XP....
Active today
Are you saying the WinXP machines are not joined to the domain?
You might try something like what is posted in
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28406930.html
You can look up the OS type via WMI if you have the proper credentials. If that would work for you it should easy enough to modify to perform a scan based on IP address rather than computer names.
You might try something like what is posted in
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28406930.html
You can look up the OS type via WMI if you have the proper credentials. If that would work for you it should easy enough to modify to perform a scan based on IP address rather than computer names.
when the machine is online, do they register their name in DNS?
another word, if you nslookup the IP of the xp machine, does it resolve to name?
you can try this when prompt for credential
username: .\Administrator
password: the local admin password
another word, if you nslookup the IP of the xp machine, does it resolve to name?
you can try this when prompt for credential
username: .\Administrator
password: the local admin password
$Cred = Get-Credential
$IPs = Get-Content 'C:\IP.csv'
Foreach ($IP in $IPs)
{
$Ping = Test-Connection $IP -Count 1 -Quiet -ErrorAction SilentlyContinue
if ($Ping -eq $True)
{
$Win32Obj = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $IP -Credential $Cred -ErrorAction SilentlyContinue
}
if ($Ping -eq $False)
{
Write-Host "$IP is not pingable"
$Win32Obj.caption = $Null
}
$array = @()
$Properties = @{"IP Address"=$IP;"Pingable"=$Ping;"Operating System"=$Win32obj.caption}
$Newobject = New-Object PSObject -Property $Properties
$Array +=$Newobject
#$Outpath = "C:\Export.csv"
$array | Select-Object "IP Address",Pingable,"Operating System"`
#| export-csv $Outpath -Append
}
Active 1 day ago
Most are registered with DNS but some are not... those are the ones I looking to track down
Active 1 day ago
nmap is the way
try something like this
sudo nmap -O 192.168.1.1 192.168.1.29 | sed -n '/report/ h ; /XP/ {x ; p}' | grep report
the sed reads any 'report' line and sticks them in the hold space.
if 'XP' is found the contents of the hold space is printed ('x' exchanges hold and pattern and 'p' prints. the same letters are used but it is just by chance)
the additional grep is to remove garbage if 'XP' appears multiple times under the host which i am too lazy to do with the sed
try something like this
sudo nmap -O 192.168.1.1 192.168.1.29 | sed -n '/report/ h ; /XP/ {x ; p}' | grep report
the sed reads any 'report' line and sticks them in the hold space.
if 'XP' is found the contents of the hold space is printed ('x' exchanges hold and pattern and 'p' prints. the same letters are used but it is just by chance)
the additional grep is to remove garbage if 'XP' appears multiple times under the host which i am too lazy to do with the sed
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Excel allows various different methods to link Excel files to each other. This includes relative paths, mapped drives (or the local drive) and UNC paths. UNC paths are the least robust of the three.
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month9 days, 5 hours left to enroll
595 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.