Sign in to follow this  
Followers 0
spudw2k

Offline Windows Hostname

1 post in this topic

#1 ·  Posted (edited)

My co -worker asked me to make a script to pull the hostname off of a hard drive with Windows installed on it. More-or-less, a HD from another PC attached via USB or IDE/SATA. It reads the registry files for the info. Not particularly useful, but incase someone else has to audit a machine down the road like we do...here ya go.

#Include <Date.au3>

;Open Folder Dialog
$drive = FileSelectFolder("Locate Windows Directory","")
If $drive = "" Then Exit
$driveroot = StringLeft($drive,2)

;Check for to Make sure Location is Attached to Local Machine
$drivetype = DriveGetType($drive)
If $drivetype <> "Fixed" and $drivetype <> "Removable" Then 
    msgbox(0,"Must be local hard-drive.","Does not support CD-ROM or Network Drives")
    Exit
EndIf

;Check for reg file existence
$systemregfile = $drive & "\system32\config\system"
$softwareregfile = $drive & "\system32\config\software"
If Not FileExists($systemregfile) Or Not FileExists($softwareregfile) Then 
    MsgBox(0,"Not a valid Windows location.","Cannot find Registry files in location" & @CRLF & $systemregfile & @CRLF & $softwareregfile)
    Exit
EndIf

;Retreive hostname from system Reg File
RunWait(@WindowsDir & "\system32\reg load HKLM\TempHive" & " " & chr(34) & $systemregfile & chr(34),"",@SW_HIDE)
$hostname = RegRead("HKLM\TempHive\ControlSet001\Control\ComputerName\ComputerName","ComputerName")
RunWait(@WindowsDir & "\system32\reg unload HKLM\TempHive","",@SW_HIDE)

;Retreive profile list from software Reg FileChangeDir
RunWait(@WindowsDir & "\system32\reg load HKLM\TempHive" & " " & chr(34) & $softwareregfile & chr(34),"",@SW_HIDE)
$keyIdx = 0
$SIDs = ""
$regkeyPath = "HKLM\TempHive\Microsoft\Windows NT\CurrentVersion\ProfileList"
    
While 1 

    $keyIdx += 1
    $SID = RegEnumKey($regkeyPath, $keyIdx)
    $SIDs = $SIDs & $SID & "|" 
        
    If @error <> 0 Then ExitLoop

WEnd
    
$arrSIDs = StringSplit($SIDs,"|")

Dim $profiles

For $i = 1 to UBound($arrSIDs) - 3
    $profilepath = RegRead($regkeyPath & "\" & $arrSIDs[$i],"ProfileImagePath")
    $profilepath = StringReplace($profilepath,"%SystemDrive%",$driveroot)

    If StringInstr($profilepath,"Service") < 1 And StringInstr($profilepath,"Admin") < 1 And StringInstr($profilepath,"Whats_Up") < 1 And FileExists($profilepath) Then 
        $profiles = $profiles & @TAB & $profilepath & @CRLF
    EndIf
Next

RunWait(@WindowsDir & "\system32\reg unload HKLM\TempHive","",@SW_HIDE)

;Save Collected Data
Do 
    $filename = FileSaveDialog("Save Output To...",@WorkingDir,"Text File (*.txt)")
Until $filename <> ""
If StringInstr($filename,".") < 1 Then $filename = $filename & ".txt"

;Data Formatting
$output = _Now() & @CRLF
$output = $output & "Drive: " & DriveGetLabel($driveroot) & "(" & $driveroot & ")"  & " (Serial# " & DriveGetSerial($driveroot) & ")" & @CRLF
$output = $output & "Host: " & $hostname & @CRLF
$output = $output & "Profile(s): " & @CRLF
$output = $output & $profiles & @CRLF & @CRLF
$wrkfile = FileOpen($filename,1)
FileWrite($wrkfile,$output)
FileClose($wrkfile)

Exit
Edited by spudw2k

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0