Friday, February 26, 2010

How To Get The Installed Software List Of All The Computers In Your Network

How To Get The Installed Software List Of All The Computers In Your Network

by cawan – cawan[at]ieee.org

It is important to monitor the installed software list of all the computers in a network to detect unauthorized the installation of pirated software. However, there is no simple tool to do this job. So, we will discuss a simple method to implement this feature by using batch files. The batch files will be put in the DC and run there because DC has authorized access to all the computers in the network. Here, we assume all the computers are Windows box that logged in to the DC. Hence, the DC can perform file copy from/to all the clients, as well as starting a scheduled task in all the clients.

All right, the first question is about how to get the list of installed software in a computer. Somebody advocates parsing dedicated inf file in certain folder from %windir%. However, this is not a good solution because the folder name is varied to the service pack and update versions of the windows. The ideal solution would be to export the registry entries from [hklm\software\microsoft\windows\currentversion\uninstall]. So, by executing the command like “reg export hklm\software\microsoft\windows\currentversion\uninstall list.reg”, we can get a file named “list.reg” which contains all the installed software names inside. Well, now we know how to get the list of installed software already, then the second question is about how to let all the computers in the network to run this command and generate individual “list.reg” respectively. I propose to use task scheduler service of windows for the purpose. So, from the DC, we can use the command like “at \\CLIENT_IP TIME /i COMMAND” to do our job. Now, let start to write our simple batch files. First, we create a “run.bat” with the content as “reg export hklm\software\microsoft\windows\currentversion\uninstall list.reg”. After that, we create a “put.bat” with the following contents,

//////////////////////////put.bat/////////////////////////
copy run.bat \\%1\c$\windows\system32
at \\%1 %2 /i run.bat
/////////////////////////////////////////////////////////

Then, to run the “put.bat”, we create a “startput.bat” with the following contents,

//////////////////////////startput.bat////////////////////
for /f %%a in ('type IP.txt') do call put.bat %%a %1
////////////////////////////////////////////////////////

So, the “startput.bat” will read the IP entries in “IP.txt” line-by-line and call “put.bat” to copy “run.bat” into those computers with its IP included in “IP.txt”, and finally creates a scheduled task in all of them respectively to run the “run.bat” at some time. For example, at 08:30, we execute “startput.bat 8:40” in DC to distribute “run.bat” to all the computers and each of them will run the “run.bat” after 10 minutes later (at 8:40) and generate a “list.reg” which contains the list of installed software. There is a little issue regarding how to generate the “IP.txt” with all the valid IPs as windows box. For this case, we can use fscan to grab the IPs with port 139 or 445 is opened.

Now, we have all the computers with individual “list.reg”, the question now is about how to get all those distributed “list.reg” and put into the DC with a filename which can represent the clients such as “192.168.1.100.txt”, “192.168.1.101.txt” and so on. Let us create two batch files, with the names of “get.bat” and “startget.bat” to do the job. Their contents are shown below,

//////////////////////////get.bat/////////////////////////
copy \\%1\c$\windows\system32\list.reg .\%1.txt
/////////////////////////////////////////////////////////

//////////////////////////startget.bat////////////////////
for /f %%a in ('type IP.txt') do call get.bat %%a
////////////////////////////////////////////////////////

So, by executing “startget.bat” at the DC, we can get a list of files named with individual IP addresses in “IP.txt” which contains the installed software list respectively in our local folder. The contents of the installed software list are majority repeated because those entries in [hklm\software\microsoft\windows\currentversion\uninstall] contain subkeys. Thus, we need to use tools such as grep tool for windows which is mentioned in last post to extract and generate a unique list of installed software for individual computer. For any further queries, please feel free to contact me.

1 comment: