0

I am attempting to develop an Auditing application.

This audit application will be employed on windows networks.

The Audit will need to discover Hardware and software details of all machines attached to the network (including Printers)

I do not want to have to install this application on each workstation.

The audit app. needs to discover all the ip addresses of all the networked workstations.

I have been prototyping this app for the last couple of months and have decided to try a new tack

Is this possible?

a). You have a windows network, min Windows XP sp3 and upwards

b). Maximum of 100 Networked machines (if that matters)

c). I need to remotely reboot each WINDOWS machine in turn on the entire network and get it to startup using UNIX, say knoppix for example!

d). however the knoppix live cd is only available from one of the networked machines

Questions... Morphology? Longevity? Incept dates?

Cheers

DD

to add more detals: (if you are interested) 1). I have over 500 client sites to visit all over uk 2). i have to be "in and out" quickly 3). i may not have a list of known ip addresses for each site. 4). i may not have an admin account set up on all networked pcs at each site. 5). i need all hardware and software details possible. 6). when auditing a site for the first time i am looking to make a good impression, get accurate info, not disurpt their day to day work.

Hector
  • 109
  • 3
  • what will you gain by booting into knoppix? – tony roth Dec 22 '10 at 19:39
  • knoppix was just an example. unix has lshw and the like. so i can get lots of hardware details. what do i gain from booting into knoppix? i am not in WINDOWS, :-) I just dont like it but have to deal with it! – Hector Dec 23 '10 at 18:43
  • With so many ways to audit systems and networks already developed, none of which needs such a bizarre process, why are you even considering this approach? – John Gardeniers Dec 23 '10 at 21:19
  • Why? because its an interesting challenge, whats wrong with that? I think i can do a better job and i dont want to rule out any approach at this stage, i was trying to be imaginative not Bizarre. i am not sure how rebooting a machine in windows to restart in an alternaitive OS qualifies as Bizarre. I suppose if you ran the world we wouldnt have helicopters or hovercrafts or jet engines or colour TV or mobile phones or lifts or escalators ... – Hector Dec 24 '10 at 09:07
  • well items 5 and 6 are a direct contradiction of each other if you need to reboot a device just to get an inventory of the hardware. – tony roth Dec 27 '10 at 17:19

4 Answers4

3

I think if you want to audit the hardware and software configuration of a Windows machine that you probably want to do it from within Windows. I'm not sure what you hope to accomplish by booting into Knoppix -- it's not clear from your question -- but in this environment it would be virtually impossible to get a list of (a) the software installed under Windows or (b) the network configuration.

There are already a number of commercial and open source solutions that will probably do what you want. There have previously been questions here on serverfault about software for asset tracking and so forth that may provide some useful pointers.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • well the one thing the knoppix solution would give you is the ability to detect deeply hidden root kits! – tony roth Dec 22 '10 at 19:45
  • I'm...not sure that's really true. That is, I don't believe there are good tools for Linux that will aid you in rootkit discovery and other forensic work on a Windows filesystem...but I could be wrong, since Windows security is not something I have a lot of experience with. – larsks Dec 23 '10 at 03:55
  • basically you can't scan for rootkits within windows and expect the results to be anything other then one the rootkit wants you to see! Yes things like rootkit reaveler kinda work but I would never trust the results! – tony roth Dec 23 '10 at 15:40
  • i want to create my own version of existing apps. I believe i can do a better job than those, and why shouldnt i think that ? i like the idea of a technical challenge and i am trying to be creative with my solution. i dont just want to try something just for the sake of trying! on the other hand why discount something early on? I also like the idea of creating an app for use by "Technical Users". i like to thank everyone that has replied for their time and experience. – Hector Dec 23 '10 at 18:49
0

If you had a partition on each computer with Linux installed into that partition, there are ways to make NTLDR boot Linux. Then you could have a program edit boot.ini to set Linux as the default then force a reboot, but boot.ini doesn't appear to have a "boot once" option, so it would boot into Linux forever after that unless someone uses the boot menu to change it back to windows. You might be able to rewrite the boot.ini file from Linux but if you break it, you're going to have trouble.

OR

(This is going to seriously depend on your BIOS and network card and network layout and DHCP server and...) You enable all the computers' BIOS/network cards to PXE boot over the network, and hope that it will eventually give up and boot windows normally if it fails to boot over the network. When it's time to audit you enable the PXE netboot configuration on your DHCP server, have the audit server running, and reboot all the computers.

Drawbacks: some BIOSes/cards will simply retry PXE booting forever or stop with an error if it fails. Others require that someone press a key to PXE boot. If you get it to work automatically, then if someone reboots when it's not time to audit, it will extra time to boot while you wait for PXE booting to fail. Finally, anyone who reboots while the audit is going on will end up in Linux, whether they've already audited or not.

DerfK
  • 19,493
  • 2
  • 38
  • 54
0

For auditing, have you considered OCS Inventory? It's open source, running from a LAMP stack, and needs a (remotely installable) client on each auditee.

I understand this does not directly answer your question, but I believe it addresses the impulse behind the question.

bocarp
  • 3
  • 1
-2

If you have Samba installed on the Linux machine, and have the appropriate credentials to the Windows machine, 

net rpc shutdown -r  -I IPADDRESS -U USERNAME%PASSWORD

is the command to remotely reboot the windows box.

mfinni
  • 36,144
  • 4
  • 53
  • 86