Submitted by Claus Valca – Blog: Grand Stream Dreams
Recently I was confronted with a system administration problem that was just ripe for a solution. Despite having a certain well known, enterprise-grade workstation network management system available, I was forced to remotely audit the hardware parameters (CPU, installed RAM, system serial number, etc.) of workstations deployed at one of our large offices one device connection at at time.
While I was finding success at the results, I was really frustrated with the amount of time it was taking, as well as lack of any meaningful (to my project) reporting capabilities. Copy/paste on a per-device/per-field basis for over two-hundred devices was becoming really annoying. Nor did it lend itself in report generation to allow me to quickly monitor and compare findings across an ongoing period of audit checks at the site.
Adding to my displeasure was the fact that I could only see and access the systems whose workstation clients were registering in to my network administration containers; thus I was neither able to see, nor validate all the potential systems on the network at the location. Said another way, just because I couldn’t see it, didn’t mean it wasn’t there. Doubly not good for a site system audit sweep.
I really wanted an “outside-the box” auditing approach, and started looking for an open-source/freeware product I could use commercially and that would be able to plug directly into and extract system data from the Windows Management Instrumentation service on these Windows workstations.
After quite a lot of searching, I found three main categories of such a tool; first there were lots and lots of IP scanner utilities that would do an IP-range scan and report back live devices, there were also auditing tools that would scan a remote system and report the WMI data to various degrees, and there were full-bore network device auditing suites that would allow server/client based auditing of remote systems on the network. All had pluses and minuses…but none was able to deliver both the scanning and WMI reporting customization I required.
I did finally track down exactly what I was looking for: SoftPerfect Network Scanner: fast and free network scanner. Free multi-threaded IP, SNMP and NetBIOS scanner for Windows with a modern interface and several advanced features. I was blown away!
It is a single exe file, fully portable, 100% free (personal/commercial) and can scan an entire IP range (local auto-discovery or manually specificed) for devices. SoftPerfect continually updates it with feature enhancements.
On the surface it appears to be just another run-of-the-mill IP/port scanner. However it has many more features as listed below from the SoftPerfect Network Scanner page description:
- Pings computers.
- Does not require administrative privileges.
- Detects hardware (MAC) addresses even across routers.
- Detects hidden shared folders (normally invisible on the network) and write accessible shares.
- Detects your internal and external IP addresses.
- Scans for listening TCP ports and SNMP services.
- Retrieves currently logged-on users.
- You can mount and explore network resources.
- Can launch external third party applications.
- Exports results to HTML, XML, CSV and TXT
- Supports Wake-On-LAN, remote shutdown and sending network messages.
- Retrieves potentially any information via WMI.
- Retrieves information from remote registry.
- It is absolutely free, requires no installation, and does not contain any adware/spyware/malware.
However, what this product has that really sold the deal for me was the highly customized WMI reporting. I was able to create a very specific WMI-based system auditing report that drilled to the specific hardware info I needed for my auditing project. And, because it provides example-data as you select the WMI-query value items, I didn’t have to remember/look up all the WMI query arguments to do so.
Besides WMI access, it also can query the remote registry for key values and also file property values on the system.
Of course, all regular WMI requirements still apply (running WMI service on the remote systems, WMI Administration firewall/port opening rule in the gpedit policy settings, etc.). You will also have to know and provide an administrator-level account/password to access the WMI data from the remote systems discovered. You do not need administrative privileges for simple IP range/port scanning.
If all your systems have a common administrator name/password, you can sweep a site very quickly and generate as detailed a WMI-based report as you want and create.
Once collected, the all the scan results can be exported in one operation; not by a per-device copy/paste action. I prefer CVS format so I can import into Access/Excel and massage the data even more.
You can also save your report “current configuration” as an XML file so you can quickly re-load/run different custom reports for different needs without having to start all over again. Brilliant!
And because it was based not on network objects, but strictly on IP sweep responses, I had much more confidence I was getting a larger and more complete picture of the devices at the IP range location.
I was focusing on the system hardware for this auditing project, however it can also provide information on logged-on users, Windows version, list of disk drives, and enumerate user accounts, folders, and printers among some other advanced features.
It was amazingly perfect for my own ad-hoc remote Windows system auditing needs, and is very full-featured and user-friendly for rapid first-response network security/account/system auditing.
- 100% Free
- Single exe file; portable across Windows systems.
- No additional client service installations required.
- Supports Microsoft’s Windows Management Instrumentation infrastructure.
- Custom WMI, Registry, and File property queries can be quickly built and saved.
- Provision of WMI data “examples” allows for non-technical users to quickly build accurate and meaningful WMI-based report queries.
- Supports executing third-party applications against discovered remote systems; one example would be Microsoft Sysinternal’s PSExec.
- Requires the WMI service to already be running on the remote workstation(s) to retrieve data
- Firewall rules and policy on remote systems must be pre-set to allow inbound WMI Administration connections.
For more details please see the on-line SoftPerfect Network Scanner manual.
The SoftPerfect Network Scanner is an amazing must-have utility for remote Windows network/system administration and auditing.