[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Scriupt to look for XP machines

Greeting Experts,

Does anybody know of a script that can scan for Windows XP based on a IP range instead of Windows Active Directory.  I support large number of sites using windows XP and do not have it registered in AD.  So to reduce our risk, I need to find those machines hiding out in the dark corners of my network.  Unfortunately, most people do not want to give up a legacy machine that is no longer supported by Microsoft. So they try to let one or two slip throw the cracks… but when you add all of those up in enterprise environment the numbers can get very high…..
0
Mike
Asked:
Mike
1 Solution
 
Dan CraciunIT ConsultantCommented:
You can use Nmap with the switch -o, and it will try to guess the OS of the live hosts.

See here: http://nmap.org/book/man-os-detection.html

HTH,
Dan
0
 
MikeSecurityAuthor Commented:
ok... but I looking for something that will ignore everything else and report back only those machines using XP....
0
 
footechCommented:
Are you saying the WinXP machines are not joined to the domain?
You might try something like what is posted in
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28406930.html
You can look up the OS type via WMI if you have the proper credentials.  If that would work for you it should easy enough to modify to perform a scan based on IP address rather than computer names.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Justin YeungSenior Systems EngineerCommented:
are they all having the same local Administrator password?
0
 
MikeSecurityAuthor Commented:
yes... they would have the same password...
0
 
Justin YeungSenior Systems EngineerCommented:
when the machine is online, do they register their name in DNS?

another word, if you nslookup the IP of the xp machine, does it resolve to name?

you can try this when prompt for credential
username: .\Administrator
password: the local admin password

$Cred = Get-Credential
$IPs = Get-Content 'C:\IP.csv'
Foreach ($IP in $IPs)
{
$Ping = Test-Connection $IP -Count 1 -Quiet -ErrorAction SilentlyContinue
if ($Ping -eq $True)
{
$Win32Obj = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $IP -Credential $Cred -ErrorAction SilentlyContinue
}
if ($Ping -eq $False)
{
Write-Host "$IP is not pingable"
$Win32Obj.caption = $Null
}

$array = @()
$Properties = @{"IP Address"=$IP;"Pingable"=$Ping;"Operating System"=$Win32obj.caption}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

#$Outpath = "C:\Export.csv"
$array | Select-Object "IP Address",Pingable,"Operating System"`
#| export-csv $Outpath -Append
}

Open in new window

0
 
MikeSecurityAuthor Commented:
Most are registered with DNS but some are not... those are the ones I looking to track down
0
 
skullnobrainsCommented:
nmap is the way

try something like this

sudo nmap -O 192.168.1.1 192.168.1.29 | sed -n '/report/ h ; /XP/ {x ; p}' | grep report

the sed reads any 'report' line and sticks them in the hold space.
if 'XP' is found the contents of the hold space is printed ('x' exchanges hold and pattern and 'p' prints. the same letters are used but it is just by chance)

the additional grep is to remove garbage if 'XP' appears multiple times under the host which i am too lazy to do with the sed
0
 
MikeSecurityAuthor Commented:
Nmap string worked perfect... thank you
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now