spudw2k Posted March 12, 2008 Share Posted March 12, 2008 (edited) My co -worker asked me to make a script to pull the hostname off of a hard drive with Windows installed on it. More-or-less, a HD from another PC attached via USB or IDE/SATA. It reads the registry files for the info. Not particularly useful, but incase someone else has to audit a machine down the road like we do...here ya go. expandcollapse popup#Include <Date.au3> ;Open Folder Dialog $drive = FileSelectFolder("Locate Windows Directory","") If $drive = "" Then Exit $driveroot = StringLeft($drive,2) ;Check for to Make sure Location is Attached to Local Machine $drivetype = DriveGetType($drive) If $drivetype <> "Fixed" and $drivetype <> "Removable" Then msgbox(0,"Must be local hard-drive.","Does not support CD-ROM or Network Drives") Exit EndIf ;Check for reg file existence $systemregfile = $drive & "\system32\config\system" $softwareregfile = $drive & "\system32\config\software" If Not FileExists($systemregfile) Or Not FileExists($softwareregfile) Then MsgBox(0,"Not a valid Windows location.","Cannot find Registry files in location" & @CRLF & $systemregfile & @CRLF & $softwareregfile) Exit EndIf ;Retreive hostname from system Reg File RunWait(@WindowsDir & "\system32\reg load HKLM\TempHive" & " " & chr(34) & $systemregfile & chr(34),"",@SW_HIDE) $hostname = RegRead("HKLM\TempHive\ControlSet001\Control\ComputerName\ComputerName","ComputerName") RunWait(@WindowsDir & "\system32\reg unload HKLM\TempHive","",@SW_HIDE) ;Retreive profile list from software Reg FileChangeDir RunWait(@WindowsDir & "\system32\reg load HKLM\TempHive" & " " & chr(34) & $softwareregfile & chr(34),"",@SW_HIDE) $keyIdx = 0 $SIDs = "" $regkeyPath = "HKLM\TempHive\Microsoft\Windows NT\CurrentVersion\ProfileList" While 1 $keyIdx += 1 $SID = RegEnumKey($regkeyPath, $keyIdx) $SIDs = $SIDs & $SID & "|" If @error <> 0 Then ExitLoop WEnd $arrSIDs = StringSplit($SIDs,"|") Dim $profiles For $i = 1 to UBound($arrSIDs) - 3 $profilepath = RegRead($regkeyPath & "\" & $arrSIDs[$i],"ProfileImagePath") $profilepath = StringReplace($profilepath,"%SystemDrive%",$driveroot) If StringInstr($profilepath,"Service") < 1 And StringInstr($profilepath,"Admin") < 1 And StringInstr($profilepath,"Whats_Up") < 1 And FileExists($profilepath) Then $profiles = $profiles & @TAB & $profilepath & @CRLF EndIf Next RunWait(@WindowsDir & "\system32\reg unload HKLM\TempHive","",@SW_HIDE) ;Save Collected Data Do $filename = FileSaveDialog("Save Output To...",@WorkingDir,"Text File (*.txt)") Until $filename <> "" If StringInstr($filename,".") < 1 Then $filename = $filename & ".txt" ;Data Formatting $output = _Now() & @CRLF $output = $output & "Drive: " & DriveGetLabel($driveroot) & "(" & $driveroot & ")" & " (Serial# " & DriveGetSerial($driveroot) & ")" & @CRLF $output = $output & "Host: " & $hostname & @CRLF $output = $output & "Profile(s): " & @CRLF $output = $output & $profiles & @CRLF & @CRLF $wrkfile = FileOpen($filename,1) FileWrite($wrkfile,$output) FileClose($wrkfile) Exit Edited March 13, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now