Jump to content
timmy2

Get Network Adapter info from another PC in workgroup

Recommended Posts

timmy2

I slightly modified code from this post by Guinness so I can display a computer's network configuration.

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6

#cs
    This program displays specific info about a PC's NIC configuration (see For/next loop below for details)
    If you click OK it will then display a matrix view of the same info in case you want to copy this info to the clipboard
    Clicking Cancel will skip the matrix view
#ce

#include <Array.au3>

Global $aArray = _IPDetails(), $sData

For $A = 1 To $aArray[0][0]
    $sData &= "Description: " & $aArray[$A][0] & @CRLF & _
            "Connection Name: " & _GetNetworkID($aArray[$A][0]) & @CRLF & _
            "IP Address: " & $aArray[$A][1] & @CRLF & _
            "MAC: " & $aArray[$A][2] & @CRLF & _
            "Default Gateway: " & $aArray[$A][3] & @CRLF & _
            "DNS Servers: " & $aArray[$A][4] & @CRLF & _
            "Obtain DNS Automatically: " & $aArray[$A][5] & @CRLF & _
            "Auto IP: " & $aArray[$A][6] & @CRLF & @CRLF
Next

$sData = StringTrimRight($sData, 4)

If MsgBox (1,"Results (Cancel to skip arrayview)",$sData) = $IDCANCEL then Exit

_ArrayDisplay($aArray,"Active Network Adapters","1:7",16,"","Description|IP Address|MAC|Gateway|DNS|ADNS|DHCP")

Exit

Func _IPDetails()
    Local $iCount = 0
    Local $oWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2")
    Local $oColItems = $oWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True", "WQL", 0x30), $aReturn[1][7] = [[0, 7]]
    If IsObj($oColItems) Then
        For $oObjectItem In $oColItems
            $aReturn[0][0] += 1
            $iCount += 1

            If $aReturn[0][0] <= $iCount + 1 Then
                ReDim $aReturn[$aReturn[0][0] * 2][$aReturn[0][1]]
            EndIf

            $aReturn[$iCount][0] = _IsString($oObjectItem.Description)
            $aReturn[$iCount][1] = _IsString($oObjectItem.IPAddress(0))
            $aReturn[$iCount][2] = _IsString($oObjectItem.MACAddress)
            $aReturn[$iCount][3] = _IsString($oObjectItem.DefaultIPGateway(0))
            $aReturn[$iCount][4] = _WMIArrayToString($oObjectItem.DNSServerSearchOrder(), " - ")
            $aReturn[$iCount][5] = _WMIRegRead($oObjectItem.SettingID)
            $aReturn[$iCount][6] = _IsString($oObjectItem.DHCPEnabled)
        Next
        ReDim $aReturn[$aReturn[0][0] + 1][$aReturn[0][1]]
        Return $aReturn
    EndIf
    Return SetError(1, 0, $aReturn)
EndFunc   ;==>_IPDetails

Func _WMIRegRead($iGUID)
    If RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\" & $iGUID & "\", "NameServer") = "" Then
        Return True
    EndIf
    Return False
EndFunc   ;==>_WMIRegRead

Func _GetNetworkID($sAdapter)
    Local $oWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2")
    Local $oColItems = $oWMIService.ExecQuery('Select * From Win32_NetworkAdapter Where Name = "' & $sAdapter & '"', "WQL", 0x30)
    If IsObj($oColItems) Then
        For $oObjectItem In $oColItems
            Return $oObjectItem.NetConnectionID
        Next
    EndIf
    Return SetError(1, 0, "Unknown")
EndFunc   ;==>_GetNetworkID


Func _IsString($sString)
    If IsString($sString) Or IsBool($sString) Then
        Return $sString
    EndIf
    Return "Not Available"
EndFunc   ;==>_IsString

Func _WMIArrayToString($aArray, $sDelimeter = "|")  ; Guinness' own version of ArrayToString()
    If IsArray($aArray) = 0 Then
        Return SetError(1, 0, "Not Available")
    EndIf
    Local $iUbound = UBound($aArray) - 1, $sString
    For $A = 0 To $iUbound
        $sString &= $aArray[$A] & $sDelimeter
    Next
    Return StringTrimRight($sString, StringLen($sDelimeter))
EndFunc   ;==>_WMIArrayToString

Now I'd like to get this same information about other computers in the workgroup. I thought it would be as simple as making the following change:

Local $oWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2")
to
Local $oWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "othercomputer" & "\root\cimv2")

But that throws the following error.

"Get active Network Adapter info.au3" (68) : ==> Variable must be of type "Object".:
Local $oColItems = $oWMIService.ExecQuery('Select * From Win32_NetworkAdapter Where Name = "' & $sAdapter & '"', "WQL", 0x30)
Local $oColItems = $oWMIService^ ERROR

  I've verified that I can perform remote ops like "PSexec \\othercomputer" and "shutdown /M \\othercomputer" on the remote PC so I don't think it's a problem external to my code. What am I doing wrong? 

Thank you.

Share this post


Link to post
Share on other sites
spudw2k

Sounds like your ObjGet command failed and that is why the subsequent .ExeQuery fails with "Object" error.  When you run psexec successfully, are you specifying the remote machine\username and password? 

If the creds are the same on both machines, perhaps you could try forcing the script to elevate by adding #RequireAdmin to the top of your script;

Share this post


Link to post
Share on other sites
timmy2

Sounds like your ObjGet command failed and that is why the subsequent .ExeQuery fails with "Object" error.  When you run psexec successfully, are you specifying the remote machine\username and password? 

If the creds are the same on both machines, perhaps you could try forcing the script to elevate by adding #RequireAdmin to the top of your script;

Thank you for replying, spudw2k! I very much appreciate your helpful response.

Not that I know what I'm doing but I inserted a "COM error handler" found in the forum here and it gave me two hints that might help someone point me to a solution.

We intercepted a COM Error!

err.windescription: Access is denied

err.number is: 80070005

and...

err.windescription: Variable must of type 'Object'.

err.number is: 000000A9

The PC I'm running it on has the same un/pw as the target. And no, i am not supplying un/pw with shutdown or any of the pstools. Plus, I can open both of the following paths in File Explorer.

\\TargetPCName\C$
\\TargetPCName\ADMIN$

Any suggestions?

Share this post


Link to post
Share on other sites
tweakster2010

Variable must of type 'Object' I imagine would be you are using Autoit Variable inside an Object which it doesnt like. If you use your Autoit Variable before the Object it would be fine.

 

I know I get access denied unless I am using an elevated access, so the #requireadmin sounds ideal or if its a network admin ID depending on your network would be the next step imo. :)

Share this post


Link to post
Share on other sites
timmy2

Variable must of type 'Object' I imagine would be you are using Autoit Variable inside an Object which it doesnt like. If you use your Autoit Variable before the Object it would be fine.

 

I know I get access denied unless I am using an elevated access, so the #requireadmin sounds ideal or if its a network admin ID depending on your network would be the next step imo. :)

Thank you, tweakster2010. Can you point out where in the OP code I'm using an Autoit Variable inside an Object?

Share this post


Link to post
Share on other sites
tweakster2010

Sadly I am not at the point where I could identify it like that. I can only go off of what happened with mine, which tied to arrays writing to an object but each array item was its own variable. So I had to delcare the array before hitting the object >.>

Share this post


Link to post
Share on other sites
UEZ

Probably you don't have the permission on remote system or WMI is not running properly.

You can try to provide login credentials (found in my WMI snippets folder):

Global Const $oErrorHandler = ObjEvent("AutoIt.Error", "ObjErrorHandler")

Global $aNetInfo = WMI_GetInfoFromActiveNetworkCard()
Global $fCDriveFreeSpace = WMI_GetCDriveFreeSpace()

MsgBox(0, "Test", "Adapter:" & @TAB & $aNetInfo[0] & @CRLF & _
                  "MAC:" & @TAB & $aNetInfo[1] & @CRLF & _
                  "IP:" & @TAB & $aNetInfo[2] & @CRLF & _
                  "Subnet:" & @TAB & $aNetInfo[3] & @CRLF & _
                  "Gateway:" & @TAB & $aNetInfo[4] & @CRLF & @CRLF & _
                  "Free space on C drive: " & $fCDriveFreeSpace & " GB")

Func WMI_GetInfoFromActiveNetworkCard($sHost = @ComputerName, $sUserID = "", $sPWD = "")
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    If @error Then Return SetError(1, 0, 0)
    Local $objWMIService = $objWMILocator.ConnectServer($sHost, "\root\cimv2", $sUserID, $sPWD, "", "", 0x80)
    If @error Then Return SetError(2, 0, 0)
    Local $iInterfaceIndex, $objItem, $colItems2, $objItem2
    Local $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_IP4RouteTable WHERE Destination='0.0.0.0'", "WQL", 0x30)
    If IsObj($colItems) Then
        Local $aActiveNetworkAdapter[5]
        For $objItem in $colItems
            $colItems2 = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE InterfaceIndex = " & $objItem.InterfaceIndex, "WQL", 0x30)
            For $objItem2 in $colItems2
                $aActiveNetworkAdapter[0] = $objItem2.Description
                $aActiveNetworkAdapter[1] = $objItem2.MACAddress
                $aActiveNetworkAdapter[2] = $objItem2.IPAddress[0]
                $aActiveNetworkAdapter[3] = $objItem2.IPSubnet[0]
                $aActiveNetworkAdapter[4] = $objItem2.DefaultIPGateway[0]
                Return $aActiveNetworkAdapter
            Next
        Next
    Else
        Return SetError(3, 0, 0)
    EndIf
EndFunc

Func WMI_GetInfoFromActiveNetworkCard2($sHost = @ComputerName)
    Local $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $sHost & "\root\cimv2")
    If @error Then Return SetError(1, 0, 0)
    Local $iInterfaceIndex, $objItem, $colItems2, $objItem2
    Local $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_IP4RouteTable WHERE Destination='0.0.0.0'", "WQL", 0x30)
    If IsObj($colItems) Then
        Local $aActiveNetworkAdapter[5]
        For $objItem in $colItems
            $colItems2 = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE InterfaceIndex = " & $objItem.InterfaceIndex, "WQL", 0x30)
            For $objItem2 in $colItems2
                $aActiveNetworkAdapter[0] = $objItem2.Description
                $aActiveNetworkAdapter[1] = $objItem2.MACAddress
                $aActiveNetworkAdapter[2] = $objItem2.IPAddress[0]
                $aActiveNetworkAdapter[3] = $objItem2.IPSubnet[0]
                $aActiveNetworkAdapter[4] = $objItem2.DefaultIPGateway[0]
                Return $aActiveNetworkAdapter
            Next
        Next
    Else
        Return SetError(2, 0, 0)
    EndIf
EndFunc

Func WMI_GetCDriveFreeSpace($sHost = @ComputerName, $sUserID = "", $sPWD = "")
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    If @error Then Return SetError(1, 0, 0)
    Local $objWMIService = $objWMILocator.ConnectServer($sHost, "\root\cimv2", $sUserID, $sPWD, "", "", 0x80)
    If @error Then Return SetError(2, 0, 0)
    Local $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_PerfFormattedData_PerfDisk_LogicalDisk WHERE Name = 'C:'", "WQL", 0x30), $objItem
    If IsObj($colItems) Then
        For $objItem in $colItems
            Return Round($objItem.FreeMegabytes / 1024, 2)
        Next
    Else
        Return SetError(2, 0, 0)
    EndIf
EndFunc

Func WMI_GetCDriveFreeSpace2($sHost = @ComputerName)
    Local $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $sHost & "\root\cimv2")
    If @error Then Return SetError(1, 0, 0)
    Local $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_PerfFormattedData_PerfDisk_LogicalDisk WHERE Name = 'C:'", "WQL", 0x30), $objItem
    If IsObj($colItems) Then
        For $objItem in $colItems
            Return Round($objItem.FreeMegabytes / 1024, 2)
        Next
    Else
        Return SetError(2, 0, 0)
    EndIf
EndFunc

Func ObjErrorHandler()
    ConsoleWrite(   "A COM Error has occured!" & @CRLF  & @CRLF & _
                                "err.description is: "    & @TAB & $oErrorHandler.description    & @CRLF & _
                                "err.windescription:"     & @TAB & $oErrorHandler & @CRLF & _
                                "err.number is: "         & @TAB & Hex($oErrorHandler.number, 8)  & @CRLF & _
                                "err.lastdllerror is: "   & @TAB & $oErrorHandler.lastdllerror   & @CRLF & _
                                "err.scriptline is: "     & @TAB & $oErrorHandler.scriptline     & @CRLF & _
                                "err.source is: "         & @TAB & $oErrorHandler.source         & @CRLF & _
                                "err.helpfile is: "       & @TAB & $oErrorHandler.helpfile       & @CRLF & _
                                "err.helpcontext is: "    & @TAB & $oErrorHandler.helpcontext & @CRLF _
                            )
EndFunc

 

  • Like 1

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
timmy2

Probably you don't have the permission on remote system or WMI is not running properly.

You can try to provide login credentials (found in my WMI snippets folder):

Thank you for replying, UEZ.  Your code, while different from the Guinness's code, yields the same result on my computer, except that it provides variables for supplying a UserID and Password. However, it still refers to @

Computername (my local PC). I added the remote computer's credentials to your code and changed the two instances of $sHost = @ComputerName to $sHost = remote computer's name, but it failed with the following error message in the Console.

err.description is:  Access is denied.
err.windescription: 
err.number is:  80020009
err.lastdllerror is:  0
err.scriptline is:  19
err.source is:  SWbemLocator
err.helpfile is:  
err.helpcontext is:  0

Did you intend to suggest that this code could be used to fetch the desired info from other workgroup PCs, and if so where should the changes go? (I could not find your "WMI snippets folder", but it looks like this code already has the ability to supply login credentials.)

Share this post


Link to post
Share on other sites
UEZ

My WMI snippets folder is on my local disk. ;)

Just to be sure - can you try these steps to find out whether WMI works properly?: http://blogs.technet.com/b/askperf/archive/2007/06/22/basic-wmi-testing.aspx

 

Anyhow, the error description is clear: access is denied. What kind of user is starting the script? You need probably admin rights!


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
timmy2
I will visit the page you suggest after an errand, but to answer your question: I have admin rights on my computer and have the same username and pwd and rights on the remote PC. I've always thought the simple act of trying to open \\RemotePC\C$ or \\RemotePC\Admin$ was a valid test. Well, that is AFTER making the following registry edit. Without it, trying shutdown or PStools on other PCs in the workgroup never works.
 
1.Open RegEdit on the target computer
2.Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3.Add a new DWORD value called LocalAccountTokenFilterPolicy
4.Set its value to 1
5.Reboot or logoff/login on the target computer.

Share this post


Link to post
Share on other sites
timmy2

Are you refusing to try #RequireAdmin or just refusing to reveal the results of using it?

Just because you have admin rights does not mean every program is executed with them.

I apologize for not replying previously after adding #RequireAdmin and seeing no change in the results.

Share this post


Link to post
Share on other sites
timmy2

   Just to be sure - can you try these steps to find out whether WMI works properly?: 

http://blogs.technet.com/b/askperf/archive/2007/06/22/basic-wmi-testing.aspx

 

I downloaded and put WMIDiag.vbs on both my PC and the target W7 box.  I ran it on the target PC first. After WMIDiag ran it said, "WARNING: WMIDiag determined that WMI works CORRECTLY. However, some issues were detected", and it pointed to the actual log file from which the excerpt below came. I'm hoping what's listed below are these issues.

............................................................... ENABLED.
29504 20:35:12 (0) ** => This will prevent any WMI remote connectivity to this computer except
29505 20:35:12 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
29506 20:35:12 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
29507 20:35:12 (0) **    - 'Windows Management Instrumentation (WMI-In)'
29508 20:35:12 (0) **    - 'Windows Management Instrumentation (ASync-In)'
29509 20:35:12 (0) **    Verify the reported status for each of these three inbound rules below.
29510 20:35:12 (0) **
29511 20:35:12 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
29512 20:35:12 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
29513 20:35:12 (0) **    - You can adjust the configuration by executing the following command:
29514 20:35:12 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
29515 20:35:12 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
29516 20:35:12 (0) **       You can also enable each individual rule instead of activating the group rule.
29517 20:35:12 (0) **
29518 20:35:12 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
29519 20:35:12 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
29520 20:35:12 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
29521 20:35:12 (0) **    - You can adjust the configuration of this rule by executing the following command:
29522 20:35:12 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
29523 20:35:12 (0) **
29524 20:35:12 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
29525 20:35:12 (0) ** => This will prevent any WMI inbound connectivity to this machine.
29526 20:35:12 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
29527 20:35:12 (0) **    - You can adjust the configuration of this rule by executing the following command:
29528 20:35:12 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
29529 20:35:12 (0) **
29530 20:35:12 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
29531 20:35:12 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
29532 20:35:12 (0) **    - You can adjust the configuration of this rule by executing the following command:
29533 20:35:12 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
29534 20:35:12 (0) **
29535 20:35:12 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
29536 20:35:12 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
29537 20:35:12 (0) **    - You can adjust the configuration of this rule by executing the following command:
29538 20:35:12 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
29539 20:35:12 (0) **
29540 20:35:12 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

The log lists three rules that need to be enabled and non-blocking. I opened Windows Firewall and don't know how to reconcile the recommendations in the log to what I see. For example, the log says to enable WMI (DCOM-In) but the Firewall lists two versions Domain category and Private/Public category. Which one is applicable in this situation?   Maybe that's a moot point because the log then proceeds to list 5 commands that use NETSH.EXE, the first of which includes a warning "With this command all inbound and outbound WMI rules are activated at once!"  

So, should I use the NETSH commands, including the group one? If I should instead limit the changes to just the 3 listed at first, and enable them in Windows Firewall, should I enable the private/public or domain rule?  BTW, this is a basic workgroup; there is no domain server.

This is all foreign territory to me and I don't want to degrade the network's security.

Edited by timmy2

Share this post


Link to post
Share on other sites
UEZ

These aren't issues - rather information what would cause a WMI problem.

 

Can you try this?:  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\ForceGuest = 0


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
timmy2

These aren't issues - rather information what would cause a WMI problem.

 

Can you try this?:  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\ForceGuest = 0

Are you saying the section of the report I thought was specific to the tested system is really just general purpose documentation?  Nonetheless, the 3 items cited are disabled in Windows Firewall so I think my questions are still valid, if indeed they could be causing the WMI access denied problem.

Regarding your registry suggestion: the key is already present, with the value of 0.

Share this post


Link to post
Share on other sites
jvds

what do you need to enable on the remote computer for this script to work? I tried it on my laptop from my PC but get an rpc error

A COM Error has occured!

err.description is:     The RPC server is unavailable.
err.windescription:    
err.number is:     80020009
err.lastdllerror is:     0
err.scriptline is:     16
err.source is:     SWbemLocator
err.helpfile is:     
err.helpcontext is:     0
A COM Error has occured!

 

Share this post


Link to post
Share on other sites
UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
UEZ

Sorry timmy2 but I have no idea what your problem is. :(

 


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
ravaged1

Did you enable remote management on the other computers?

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • leomoon
      By leomoon
      Hello,
      I'm having trouble getting information from Win32_Processor:
      https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-processor
      How does this WMI Query work? Let's say I need to query VMMonitorModeExtensions, Level, ProcessorId, and ProcessorType.
      How would this work?
      Thanks.
    • colombeen
      By colombeen
      Hi everyone, I created a function to gather bitlocker information. It can tell you whether or not a drive is protected, which encryption method is being used, ...
      I tried to cover all the details in the function description
       
      The function (and 3 "internal" functions) :
      ; #FUNCTION# ==================================================================================================================== ; Name...........: _BitlockerDriveInfo ; Description ...: Get Bitlocker information for one or multiple drives ; Syntax.........: _BitlockerDriveInfo([$sDrive[, $sComputer = @ComputerName[, $bDebug = False]]]) ; Parameters ....: $sDrive - Optional: The drive. Allowed values are: ; |"" - Get the info for all available drives ; |Letter: - Get the info for the specific drive ; $sComputer - Optional: The computer from which the info should be requested ; $bDebug - Optional: Shows the hex ReturnValue from the WMI methods if set to True ; Return values .: Success - Returns a 2D array with the following information ; |[string] Drive Letter ; |[string] Drive Label ; |[string] Volume Type ; |[bool] Initialized For Protection ; |[string] Protection Status ; |[string] Lock Status ; |[bool] Auto Unlock Enabled ; |[bool] Auto Unlock Key Stored ; |[string] Conversion Status ; |[string] Encryption Method ; |[int] Encryption Percentage ; |[string] Wiping Status ; |[int] Wiping Percentage ; |[array] Key Protectors (Or [string] "None" if the drive isn't protected) ; Failure - 0, sets @error to: ; |1 - There was an issue retrieving the COM object. @extended returns error code from ObjGet ; |2 - The specified drive in $Drive doesn't exist ; |3 - There was an issue running the WMI query ; Author ........: colombeen ; Modified.......: ; Remarks .......: Requires to be run with admin elevation. Windows Vista or newer! ; A BIG THANKS to everyone from the community who contributed! ; Related .......: ; Link ..........: ; Example .......: #include <Array.au3> ; $Header = "Drive Letter|Drive Label|Volume Type|Initialized For Protection|Protection Status|" & _ ; "Lock Status|Auto Unlock Enabled|Auto Unlock Key Stored|Conversion Status|Encryption " & _ ; "Method|Encryption Percentage|Wiping Status|Wiping Percentage|Key Protectors" ; _ArrayDisplay(_BitlockerDriveInfo(), "Bitlocker Drive Info", "", 64, Default, $Header) ; =============================================================================================================================== Func _BitlockerDriveInfo($sDrive = "", $sComputer = @ComputerName, $bDebug = False) Local $aConversionStatusMsg[7] = ["Unknown", "Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused"] Local $aEncryptionMethodMsg[9] = ["Unknown", "None", "AES_128_WITH_DIFFUSER", "AES_256_WITH_DIFFUSER", "AES_128", "AES_256", "HARDWARE_ENCRYPTION", "XTS_AES_128", "XTS_AES_256"] Local $aKeyProtectorTypeMsg[11] = ["Unknown or other protector type", "Trusted Platform Module (TPM)", "External key", "Numerical password", "TPM And PIN", "TPM And Startup Key", "TPM And PIN And Startup Key", "Public Key", "Passphrase", "TPM Certificate", "CryptoAPI Next Generation (CNG) Protector"] Local $aLockStatusMsg[3] = ["Unknown", "Unlocked", "Locked"] Local $aProtectionStatusMsg[3] = ["Unprotected", "Protected", "Unknown"] Local $aVolumeTypeMsg[3] = ["Operating System Volume", "Fixed Data Volume", "Portable Data Volume"] Local $aWipingStatusMsg[5] = ["Unknown", "Free Space Not Wiped", "Free Space Wiped", "Free Space Wiping In Progress", "Free Space Wiping Paused"] Local $iRow = 0 Local $sRunMethod, $objWMIService, $objWMIQuery, $sDriveFilter, $iProtectionStatus, $iLockStatus, $bIsAutoUnlockEnabled, $bIsAutoUnlockKeyStored, $iConversionStatus, $iEncryptionPercentage, $iEncryptionFlags, $iWipingStatus, $iWipingPercentage, $iEncryptionMethod, $aVolumeKeyProtectorID, $aVolumeKeyProtectors, $iKeyProtectorType $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & $sComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") If @error Then Return SetError(1, @error, 0) If $sDrive <> "" Then Local $iDriveType = _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $sDrive & "'", Default, $sComputer) If @error Or ($iDriveType <> 2 And $iDriveType <> 3) Then Return SetError(2, 0, 0) $sDriveFilter = " WHERE DriveLetter='" & $sDrive & "'" EndIf $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume" & $sDriveFilter, "WQL", 0) If Not IsObj($objWMIQuery) Then Return SetError(3, 0, 0) Local $aResult[$objWMIQuery.count][14] For $objDrive In $objWMIQuery If $bDebug Then ConsoleWrite(@CRLF & "+> " & $objDrive.DriveLetter & @CRLF) If _WMIMethodExists($objDrive, "GetConversionStatus") Then $sRunMethod = $objDrive.GetConversionStatus($iConversionStatus, $iEncryptionPercentage, $iEncryptionFlags, $iWipingStatus, $iWipingPercentage) If $bDebug Then ConsoleWrite("!> GetConversionStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iConversionStatus = -1 $iWipingStatus = -1 $iEncryptionPercentage = 0 $iWipingPercentage = 0 EndIf If _WMIMethodExists($objDrive, "GetEncryptionMethod") Then $sRunMethod = $objDrive.GetEncryptionMethod($iEncryptionMethod) If $bDebug Then ConsoleWrite("!> GetEncryptionMethod 0x" & Hex($sRunMethod) & @CRLF) Else $iEncryptionMethod = 0 EndIf If _WMIMethodExists($objDrive, "GetKeyProtectors") Then $sRunMethod = $objDrive.GetKeyProtectors("0", $aVolumeKeyProtectorID) If $bDebug Then ConsoleWrite("!> GetKeyProtectors 0x" & Hex($sRunMethod) & @CRLF) Else $aVolumeKeyProtectorID = 0 EndIf If _WMIMethodExists($objDrive, "GetLockStatus") Then $sRunMethod = $objDrive.GetLockStatus($iLockStatus) If $bDebug Then ConsoleWrite("!> GetLockStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iLockStatus = -1 EndIf If _WMIMethodExists($objDrive, "GetProtectionStatus") Then $sRunMethod = $objDrive.GetProtectionStatus($iProtectionStatus) If $bDebug Then ConsoleWrite("!> GetProtectionStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iProtectionStatus = 2 EndIf If _WMIMethodExists($objDrive, "IsAutoUnlockEnabled") Then $sRunMethod = $objDrive.IsAutoUnlockEnabled($bIsAutoUnlockEnabled) If $bDebug Then ConsoleWrite("!> IsAutoUnlockEnabled 0x" & Hex($sRunMethod) & @CRLF) Else $bIsAutoUnlockEnabled = "Unknown" EndIf If _WMIMethodExists($objDrive, "IsAutoUnlockKeyStored") Then $sRunMethod = $objDrive.IsAutoUnlockKeyStored($bIsAutoUnlockKeyStored) If $bDebug Then ConsoleWrite("!> IsAutoUnlockKeyStored 0x" & Hex($sRunMethod) & @CRLF) Else $bIsAutoUnlockKeyStored = "Unknown" EndIf If IsArray($aVolumeKeyProtectorID) And UBound($aVolumeKeyProtectorID) > 0 Then Dim $aVolumeKeyProtectors[UBound($aVolumeKeyProtectorID)][2] For $i = 0 To UBound($aVolumeKeyProtectorID) - 1 $aVolumeKeyProtectors[$i][0] = $aVolumeKeyProtectorID[$i] If _WMIMethodExists($objDrive, "GetKeyProtectorType") Then If $objDrive.GetKeyProtectorType($aVolumeKeyProtectorID[$i], $iKeyProtectorType) = 0 Then $aVolumeKeyProtectors[$i][1]= $aKeyProtectorTypeMsg[$iKeyProtectorType] Else $aVolumeKeyProtectors[$i][1]= "Unknown" EndIf Else $aVolumeKeyProtectors[$i][1] = "Unknown" EndIf Next Else $aVolumeKeyProtectors = "None" EndIf ; DriveLetter $aResult[$iRow][0] = $objDrive.DriveLetter ; DriveLabel $aResult[$iRow][1] = _WMIPropertyValue("VolumeName", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) ; VolumeType If _WMIPropertyExists($objDrive, "VolumeType") Then $aResult[$iRow][2] = $aVolumeTypeMsg[$objDrive.VolumeType] Else If $objDrive.DriveLetter = _WMIPropertyValue("SystemDrive", "Win32_OperatingSystem", "", Default, $sComputer) Then $aResult[$iRow][2]= $aVolumeTypeMsg[0] ElseIf _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) = 3 Then $aResult[$iRow][2]= $aVolumeTypeMsg[1] ElseIf _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) = 2 Then $aResult[$iRow][2]= $aVolumeTypeMsg[2] Else $aResult[$iRow][2]= "Unknown" EndIf EndIf ; IsVolumeInitializedForProtection If _WMIPropertyExists($objDrive, "IsVolumeInitializedForProtection") Then $aResult[$iRow][3] = $objDrive.IsVolumeInitializedForProtection Else $aResult[$iRow][3] = "Unkown" EndIf ; ProtectionStatus $aResult[$iRow][4] = $aProtectionStatusMsg[$iProtectionStatus] ; LockStatus $aResult[$iRow][5] = $aLockStatusMsg[$iLockStatus + 1] ; IsAutoUnlockEnabled $aResult[$iRow][6] = $bIsAutoUnlockEnabled ; IsAutoUnlockEnabled $aResult[$iRow][7] = $bIsAutoUnlockKeyStored ; ConversionStatus $aResult[$iRow][8] = $aConversionStatusMsg[$iConversionStatus + 1] ; EncryptionMethod $aResult[$iRow][9] = $aEncryptionMethodMsg[$iEncryptionMethod + 1] ; EncryptionPercentage $aResult[$iRow][10] = $iEncryptionPercentage ; WipingStatus $aResult[$iRow][11] = $aWipingStatusMsg[$iWipingStatus + 1] ; WipingPercentage $aResult[$iRow][12] = $iWipingPercentage ; KeyProtectors $aResult[$iRow][13] = $aVolumeKeyProtectors $iRow += 1 Next _ArraySort($aResult) Return $aResult EndFunc ;==>_BitlockerDriveInfo Func _WMIPropertyExists($Object, $Property) If Not IsObj($Object) Then Return False For $sProperty In $Object.Properties_ If $sProperty.Name = $Property Then Return True Next Return False EndFunc ;==>_WMIPropertyExists Func _WMIMethodExists($Object, $Method) If Not IsObj($Object) Then Return False For $sMethod In $Object.Methods_ If $sMethod.Name = $Method Then Return True Next Return False EndFunc ;==>_WMIMethodExists Func _WMIPropertyValue($sProperty = "", $sClass = "", $sFilter = "", $sNamespace = Default, $sComputer = @ComputerName) Local $objWMIService, $objWMIQuery If $sClass = "" Or $sProperty = "" Then Return SetError(1, 0, 0) If $sFilter <> "" Then $sFilter = " " & $sFilter If $sNamespace = Default Then $sNamespace = "\root\CIMV2" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & $sComputer & $sNamespace) If @error Then Return SetError(2, @error, 0) $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM " & $sClass & $sFilter, "WQL", 0x30) If Not IsObj($objWMIQuery) Then Return SetError(3, 0, 0) For $objItem In $objWMIQuery For $Property In $objItem.Properties_ If $Property.Name = $sProperty Then Return $Property.Value EndIf Next Next Return SetError(4, 0, 0) EndFunc ;==>_WMIPropertyValue  
      Example 1:
      #RequireAdmin #include <array.au3> ; Get information on all available drives Global $test = _BitlockerDriveInfo() If @error Then ConsoleWrite("!> _BitlockerDriveInfo() error: " & @error & ". extended: " & @extended & @CRLF) ElseIf IsArray($test) Then _ArrayDisplay($test, "Bitlocker Drive Info", "", 64, Default, "Drive Letter|Drive Label|Volume Type|Initialized For Protection|Protection Status|Lock Status|Auto Unlock Enabled|Auto Unlock Key Stored|Conversion Status|Encryption Method|Encryption Percentage|Wiping Status|Wiping Percentage|Key Protectors") ; Display the Key Protectors for the first record If IsArray($test[0][13]) Then _ArrayDisplay($test[0][13]) EndIf Example 2:
      #RequireAdmin #include <array.au3> ; Get information on the C-drive of the current computer + show extra information in the console Global $test = _BitlockerDriveInfo("C:", @ComputerName, True) If @error Then ConsoleWrite("!> _BitlockerDriveInfo() error: " & @error & ". extended: " & @extended & @CRLF) ElseIf IsArray($test) Then ConsoleWrite("Bitlocker information on the " & $test[0][0] & " drive" & @CRLF) ConsoleWrite("Protection Status: " & $test[0][4] & @CRLF) EndIf  
      Screenshot for the first example:

       
      Suggestions? Bugs?
      Just let me know
       
      TODO:
      ???  
      Version 1.0:
      Initial release Version 1.1:
      Fixed: Drive Label will not work when you request the information from a remote system (currently using DriveGetLabel) Fixed: The current fix for the missing VolumeType property in some Windows versions will only work locally Added: New internal function (_WMIPropertyValue()) Version 1.2:
      Fixed: The drive exists & drive type check only worked locally when a drive was specified in $sDrive
    • colombeen
      By colombeen
      Hi guys,
      I'm trying to get some information using WMI, from the Win32_EncryptableVolume class.
      I exec my query, filter out the C-drive, but when I need more info using the objects methods, I only get 1 value back and I can't seem to retrieve the other out params that should be there.
      A very minimal version of what I'm trying to do (no error checking etc, very basic). You need to start SciTE as admin or you won't see any results in the console!
      #RequireAdmin $strComputer = @ComputerName $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'", "WQL", 0) For $objDrive In $objWMIQuery ConsoleWrite("> " & $objDrive.GetConversionStatus() & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().ConversionStatus & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().EncryptionPercentage & @CRLF) Next The result from the console is : 
      > 0 > > What I'm expecting to get back is : 
      > 0 > 0 > 0 When using powershell I get this (run as admin is required!!!) : 
      PS C:\WINDOWS\system32> (Get-WmiObject -namespace "Root\cimv2\security\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" -Filter "DriveLetter='C:'").GetConversionStatus() ... ConversionStatus : 0 EncryptionFlags : 0 EncryptionPercentage : 0 ReturnValue : 0 ... All I seem to be getting is the ReturnValue when I use the method.
      I've tried this on multiple methods, always ending up with the same result
      Anyone here who has experience with this type of thing?
       
      Greetz
      colombeen
    • FrancescoDiMuro
      By FrancescoDiMuro
      Good evening everyone
      I'm working on a little project of mines, and I was trying to use WMI Object.
      The question which I don't find an answer is: 
      Once I do the query with WMI Object, something like "SELECT * FROM Win32_LogonSession", instead of specify the field of the collection returned, ( i.e. $colItems.Caption ), can I loop though each property and each value of the property, writing so one row of code only?
      Hope my question was clear enough.
      Thanks in advance.

      Best Regards.
    • ahmet
      By ahmet
      Hello,
      I am trying to make a program that will uninstall some software, provided by some form of a list. I have this
      ; Generated by AutoIt Scriptomatic June 08, 2010 ;#RequireAdmin $sPartialName="java" $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" ;$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") ;$objWMIService=ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & @ComputerName & "\root\cimv2") $objWMIService=ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & @ComputerName & "\root\cimv2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Product", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems If StringInStr($objItem.Name,$sPartialName)=1 Then ConsoleWrite("Full name:" & $objItem.Name & @CRLF) RunAs("USERNAME",@ComputerName,"PASSWORD",0,@ComSpec & " /c" & ' wmic product where name="Java 9.0.4 (64-bit)" call uninstall /nointeractive',"C:\WINDOWS\system32\wbem",@SW_MAXIMIZE) ;Run('wmic product where name="Java 9.0.4 (64-bit)" call uninstall /nointeractive',"",@SW_MAXIMIZE) ExitLoop EndIf Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_Product" ) Endif The script above fails uninstalling software despite providing username and password for admin account. If I run script with admin rights then the software gets uninstalled.
      At the following link there is a script by JLogan3o13 but it does not either uninstall software, unless run as admin..
      Is there some way to uninstall software using wim or wimc by providing user name and password?
       
×