 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Jerry: I currently do the same after running hfnetcheck remotely on the target system (using Psexec to run hfnetchk.bat on target system). It copies the results as Machine_HFNETCHK.log to central location as well as capturing some other Registery info (OS, SP, SUS ver). On machines where we have no admin rights Hfnetcheck reports an error 452 or 451 which is then filtered and noted on the report. After the scan has finished for all target systems/subnets I run a script (HFSCANRESULTS.VBS) that goes through the folder containing the logs and parses them out by checking the results against an INI file containing (a list of Corporate approved QArticle fixes)- the end results only show ANY MISSING CRITICAL UPDATES reported in HFnetcheck log instead of listing all QFEs found on each system. Is yours a VBs file also ? I then run a separate script that invokes srvinfo against a list of machines where we have NO admin rights (i.e NOADMIN.list) and parses the output in the same csv format. ( A huge pain in the neck ) HFSCANRESULTS uses the input files listed below. Machine_SUSREG.log Machine_HFNETCHK.log And it generates the csv file called scanresults.txt that you can either convert to EXCEL file (like I do with the EXCEL2.vbs or push it into a SQL,ACCESS or Mysql database (I am very interested in automating the latter part but I have not had the time to automate it yet. If you have something that can get a CSV formatted file and push it into a SQL, ACCESS OR MYSQL I would love to get it from you , please let me know) Sorry there are some other preliminary states but I was running short of time to try to explain it all in one e-mail I have zipped some of the relevant scripts and sample output files. Tony Zirnoon 408-592-0411 [EMAIL PROTECTED] -----Original Message----- From: Jerry Parlee [mailto:[EMAIL PROTECTED] Sent: Friday, April 30, 2004 2:43 PM To: Patch Management Mailing List Subject: Re: Getting patch information on Systems without ADMIN rights !? At 04:18 PM 4/30/2004, you wrote: >In my view the challenge that remains to be address by third party vendors >is how to identify and patch systems where (for various reasons) we don't >have remote admin rights.(Lab Systems, Engineering Systems , ...) Absolutely true. >At this point I am merely interested in being able to scan the systems and >report on them. Once we can identify them I am sure the is the challenge to >get them patched. ( Login scripts .., SUS, PUSH method apps ... or CDs Only tool I know of is the Cisco product that won't hand out an IP address to an unknown machine. What I've been doing is parsing the HfnetChk results for rogue computers and tracking them manually. Not the perfect solution. >In light of above mentioned shortcomings,not yet addressed by third party >vendors (i.e SUS, SMS, SHAVLIK...all others mentioned on this list), I have >developed a suite of VBS scripts that launches a remote process using >(PSEXEC)a and runs HFNETCHECK using a centralized & customized copy of >mssecure.XML. It copies the results to a central repository which is then >merged into a CSV file to be merged into a DATABASE or EXCEL workbook using >VBA. This also handles the issue of dealing with Mobile, VPN and dhcp USERS. Cool, will you share? Would you like a vbs script that runs and parses the Hfnetchk output into useful text files? >This suite has allowed us to capture all the info that we need without >having to maintain client side apps or pay expensive licensing fees. > >The remaining problem is still dealing with systems where Domain Admins DO >NOT have remote admin rights. I would be interested to see how others are >accounting for such systems in your environments! Its the big hole as far as we're concerned. Trying to get someone to spring for the Cisco product has been fruitless. >Sincerely, >Tony Zirnoon >[EMAIL PROTECTED] Jerry Parlee Psych Dept UT Austin --- To unsubscribe send a blank email to [EMAIL PROTECTED] Attachment:
HFSCANNER.zip --- To unsubscribe send a blank email to [EMAIL PROTECTED]
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.