this is a python program Python Program for Windows domain based machines to collect usefull information , this can be very customizable to the type of information you'd want to collect. you can force it to run on all machines using group policy, and each machine would create a file in a specific folder ( for simplicity here , no need to go to a database at this level) with the machine name , and containing such information for example , this program collects local administrators on the machine( can be very usefull in security assesments or securing the corporate ) , a list of all the software installed on the machine also other general information like machine name ,current logged on user , system time at script run time and domain that this machine belongs to
i've ran it in practice and i was really amazed by the result , that i couldn't find with any other tool once you get the idea ... you can go wild with your dreams and do anything you like i've also written a backend parser which parses the results and prints out a report with the required results this program needs python for win32 installed the program uses windows registery , win32 api if you will run this software by group policy , you don't have to install python and python for windows extenstions onto each clinet machine there is a tool called py2exe which magically , complies the code into and exe and DLL files , that you can run the exe by group policy as a startup script please excuse the qualtiy of the code , as i am not a programmer , i am sys admin
Download
Copy to clipboard1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | '''
Created on Jun 22, 2009
@author: mgarrana
'''
from _winreg import *
import shutil
from win32net import NetLocalGroupGetMembers
import win32api
mapping = { "HKLM":HKEY_LOCAL_MACHINE, "HKCU":HKEY_CURRENT_USER, "HKU":HKEY_USERS }
def readSubKeys(hkey, regPath):
if not pathExists(hkey, regPath):
return -1
reg = OpenKey(mapping[hkey], regPath)
subKeys = []
noOfSubkeys = QueryInfoKey(reg)[0]
for i in range(0, noOfSubkeys):
subKeys.append(EnumKey(reg, i))
CloseKey(reg)
return subKeys
def pathExists(hkey, regPath):
try:
reg = OpenKey(mapping[hkey], regPath)
except WindowsError:
return False
CloseKey(reg)
return True
def Dumpfile():
fv.write('##########')
fv.write('\n')
fv.write("local Administrators on machine ")
fv.write(host)
fv.write(" are : ....\n\n")
result,t,r= NetLocalGroupGetMembers(None,"Administrators",1)
for item in result:
fv.write(str(item))
fv.write('\n')
fv.write('\n\n')
fv.write ("##########\n")
fv.write('the following software is installed on ')
fv.write(host)
fv.write(': .... \n\n')
listofsoft=readSubKeys("HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall")
listofsoft.sort()
for software in listofsoft:
fv.write(str(software))
fv.write('\n')
fv.close()
shutil.copy(srcfile,r"\\10.1.1.12\gms")
win32api.DeleteFile(srcfile)
def GeneralInfo():
global host,fv,srcfile
host=win32api.GetComputerName()
srcfile="C:\\"+host
fv=open(srcfile,'w')
fv.write("Machine NAME : ")
fv.write(host)
fv.write('\n')
fv.write("the machine is joined to the domain : ")
fv.write(str(win32api.GetDomainName()))
fv.write('\n')
fv.write("these settings were logged for user : ")
fv.write(str(win32api.GetUserName()))
fv.write('\n')
fv.write("System Time is : ")
fv.write(str(win32api.GetSystemTime()))
fv.write('\n\n\n')
try:
GeneralInfo()
Dumpfile()
except:
pass
|
