Solved

need assistance with a custom script

Posted on 2014-09-05
13
252 Views
Last Modified: 2014-09-09
can someone provide a script that we can use for the following requirement:

check the following file located on 200+ computers:
C:\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml

Open in new window


There will be a value in there for <router_name>

The router name should match the computer name.

Example:
<computer_name>
JSMITHCOMPUTER
</computer_name>
<domain>
SKYNET
</domain>
<router_name>
Router$JSMITHCOMPUTER:72034
</router_name>

Open in new window



output a report with all systems that do not have a router name that matches the computer name.

thx in advance!

S.
0
Comment
Question by:siber1
  • 7
  • 6
13 Comments
 

Author Comment

by:siber1
ID: 40306259
can anyone provide assistance with this?

many thanks!

S.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40306356
Do you have admin shares enabled on these servers?  Else accessing the files remotely will be a problem.
0
 

Author Comment

by:siber1
ID: 40306422
hi Subsun, I've confirmed the admin shares are enabled, these are primarily workstations.   thx
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40306480
Can you check the following code using the xml file and let me know the results? Of please post a sample xml file (you can remove/replace confidential information).

$Test = [XML](GC C:\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml)

$Test.computer_name
$Test.router_name

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40306626
Here is a sample code. code.. but it's depends on your xml file structure..
GC C:\server.txt | %{
$server = $_
Write-Host "Working with $server"
 Try{
 #Read xml
 $xml = [xml](GC "\\$server\c$\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml" -EA Stop)

	If ($xml.router_name -match $xml.computer_name){
		New-Object PSObject -Property @{
		Computer = $server
		Match = "Yes"
		router_name = $xml.router_name
		computer_name = $xml.computer_name
		}
	}Else{
		New-Object PSObject -Property @{
		Computer = $server
		Match = "No"
		router_name = $xml.router_name
		computer_name = $xml.computer_name
		}
	 }
	}Catch{
		New-Object PSObject -Property @{
		Computer = $server;Match = "Error"
		router_name = "";computer_name = ""
		}
	}
} | Export-Csv C:\report.csv -nti

Open in new window

0
 

Author Comment

by:siber1
ID: 40306712
thanks very much Subsun. I will have time this weekend to obtain a sample XML file and test this script against it.
much appreciated as always!
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:siber1
ID: 40309096
Hi Subsun, initial testing looks excellent. we are going to run in production tomorrow, i'll let you know.

thanks so much. brilliant script.

S.
0
 

Author Comment

by:siber1
ID: 40310349
hi subsun, I've run the script however I'm only seeing "yes" or "error" for each system, we are not see any "no" be generated on a mismatch.

here is one of the XML files

<?xml version='1.0' encoding='UTF-16' ?>
<?xml-stylesheet type='text/xsl' href='transform.xslt' ?>
<RMS_status_report>
<string msg='explanation' />
<sections>
<section name='DNS'>
	<string msg='OK' />
</section>

<!-- And another -->
<section name='Certification'>
	<string msg='OK' />
</section>

<!-- And another -->
<section name='Incoming'>
	<string msg='OK' />
</section>

<!-- And another -->
<section name='Outgoing'>
	<string msg='OK' />
</section>

<!-- And another -->
</sections>
<computer_data>
<language>
en_US
</language>
<local_time>
Monday, September 08, 2014 9:20:55 AM
</local_time>
<GMT>
Monday, September 08, 2014 1:20:55 PM
</GMT>
<computer_name>
JSMITH
</computer_name>
<domain>
MYDOMAIN
</domain>
<router_name>
Router$JSMITH:72034
</router_name>
<IOR_port>8192</IOR_port>
<SSLIOP_port>8194</SSLIOP_port>
<parent_addresses>
10.1.1.1,fe80::dd25:df98:ecfd:26c,SYSTEM.MYDOMAIN.COM,SOPHOSSERVER
</parent_addresses>
<actual_parent>
10.1.1.1
</actual_parent>
<router_type>
endpoint
</router_type>
</computer_data>
</RMS_status_report>

Open in new window

0
 

Author Comment

by:siber1
ID: 40310396
hi subsun, I just re-verified and the script is generating a "Yes" even for systems that have a mis-match.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 40310533
The xml structure is different.. Can you confirm the xml format is same as you posted in all computers?
If yes test with following code..
GC C:\server.txt | %{
$server = $_
Write-Host "Working with $server"
 Try{
 #Read xml
 $xml = [xml](GC "\\$server\c$\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml" -EA Stop)
 
 $router_name = $Xml.RMS_status_report.Computer_data.Router_name -replace "\s"
 $computer_name = $Xml.RMS_status_report.Computer_data.Computer_name -replace "\s"

	If ($router_name -match $computer_name){
		New-Object PSObject -Property @{
		Computer = $server
		Match = "Yes"
		router_name = $router_name
		computer_name = $computer_name
		}
	}Else{
		New-Object PSObject -Property @{
		Computer = $server
		Match = "No"
		router_name = $router_name
		computer_name = $computer_name
		}
	 }
	}Catch{
		New-Object PSObject -Property @{
		Computer = $server;Match = "Error"
		router_name = "";computer_name = ""
		}
	}
} | Export-Csv C:\report.csv -nti

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40310680
If you are unsure about the xml structure then try replacing line 8 & 9 with following..
$router_name = ($xml.SelectSingleNode("//router_name")).InnerText -replace "\s"
$computer_name = ($xml.SelectSingleNode("//computer_name")).InnerText -replace "\s"

Open in new window

0
 

Author Closing Comment

by:siber1
ID: 40312966
brilliant Subsun. thanks much!
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40312994
You are welcome!..
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Synchronize a new Active Directory domain with an existing Office 365 tenant
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now