Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Scriupt to look for XP machines

Greeting Experts,

Does anybody know of a script that can scan for Windows XP based on a IP range instead of Windows Active Directory.  I support large number of sites using windows XP and do not have it registered in AD.  So to reduce our risk, I need to find those machines hiding out in the dark corners of my network.  Unfortunately, most people do not want to give up a legacy machine that is no longer supported by Microsoft. So they try to let one or two slip throw the cracks… but when you add all of those up in enterprise environment the numbers can get very high…..
0
Mike
Asked:
Mike
1 Solution
 
Dan CraciunIT ConsultantCommented:
You can use Nmap with the switch -o, and it will try to guess the OS of the live hosts.

See here: http://nmap.org/book/man-os-detection.html

HTH,
Dan
0
 
MikeSecurityAuthor Commented:
ok... but I looking for something that will ignore everything else and report back only those machines using XP....
0
 
footechCommented:
Are you saying the WinXP machines are not joined to the domain?
You might try something like what is posted in
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28406930.html
You can look up the OS type via WMI if you have the proper credentials.  If that would work for you it should easy enough to modify to perform a scan based on IP address rather than computer names.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Justin YeungCommented:
are they all having the same local Administrator password?
0
 
MikeSecurityAuthor Commented:
yes... they would have the same password...
0
 
Justin YeungCommented:
when the machine is online, do they register their name in DNS?

another word, if you nslookup the IP of the xp machine, does it resolve to name?

you can try this when prompt for credential
username: .\Administrator
password: the local admin password

$Cred = Get-Credential
$IPs = Get-Content 'C:\IP.csv'
Foreach ($IP in $IPs)
{
$Ping = Test-Connection $IP -Count 1 -Quiet -ErrorAction SilentlyContinue
if ($Ping -eq $True)
{
$Win32Obj = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $IP -Credential $Cred -ErrorAction SilentlyContinue
}
if ($Ping -eq $False)
{
Write-Host "$IP is not pingable"
$Win32Obj.caption = $Null
}

$array = @()
$Properties = @{"IP Address"=$IP;"Pingable"=$Ping;"Operating System"=$Win32obj.caption}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

#$Outpath = "C:\Export.csv"
$array | Select-Object "IP Address",Pingable,"Operating System"`
#| export-csv $Outpath -Append
}

Open in new window

0
 
MikeSecurityAuthor Commented:
Most are registered with DNS but some are not... those are the ones I looking to track down
0
 
skullnobrainsCommented:
nmap is the way

try something like this

sudo nmap -O 192.168.1.1 192.168.1.29 | sed -n '/report/ h ; /XP/ {x ; p}' | grep report

the sed reads any 'report' line and sticks them in the hold space.
if 'XP' is found the contents of the hold space is printed ('x' exchanges hold and pattern and 'p' prints. the same letters are used but it is just by chance)

the additional grep is to remove garbage if 'XP' appears multiple times under the host which i am too lazy to do with the sed
0
 
MikeSecurityAuthor Commented:
Nmap string worked perfect... thank you
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now