Академический Документы
Профессиональный Документы
Культура Документы
For example:
• Printer Friendly
• tell a friend
Note: An alert reader sent in this little heads up for those of you who wish to use
Andrew's Cool Solution. Feedback: Andrew White's solution is nice, but PSInfo is not
licensed for free use when run from a file server. I nearly got burned bad by that one
once. See http://www.sysinternals.com/licensing.shtml
I've seen a few requests on forums recently for people asking the best way to do some
basic workstation or user auditing so I thought I'd share my solution here. I'm also on a
quest to get all 8 colours of t-shirts ;-)
Being at a college, I'm often asked by lecturers to tell them who was the last user on a
certain PC or what the usage stats for a particular lab has been. I started thinking that not
only would it be good for our helpdesk to hold such information, but if we could do a
workstation audit at the same time then the information would have some real use.
So I started looking round for free tools (hey, I'm a college, even free is too expensive)
that would help and I wrote a batch file that each user calls from their container login
script. (I must point out that all PC's here are Windows 2000 so this won't work for W9x
users.)
1. Firstly, it uses HFNetChk from Shavlik, which is a command line tool that scans a
Windows workstation or server and reports on any outstanding OS patches.
2. Secondly, I use PSInfo from SysInternals which is also a command line utility
that scans a windows workstation or server and performs an audit of hardware,
OS versions and installed software.
Finally, I use a few system variables and pipe the results into three log files which gives
me the following reports:
Extracting information is as easy as using Search in Explorer and using the containing
text option. So, for example, searching on 172.19.250.8 would produce one result, which
would be the name of the workstation.
The batch file I wrote is shown below with comments and notes.
HFNetChk by default tries to download a new copy of the patch database each time it
loads. To stop our workstations permanently downloading the cab file, I regularly
download the latest version from http://xml.shavlik.com/mssecure.xml and copy the latest
xml file to all the student file servers. The -x switch is used to stop the workstation trying
to download the latest file and instead specify the local location of the xml file, in my
case z:\mssecure.xml The -f switch is used to redirect the output to a text file.
The output is piped into the snapshot log file by using the dos >> command that appends
the information into an existing file (as opposed to > which creates a new file).
All the files needed I personally store in z:\ but as long as the workstation can see then,
you can put them anywhere. The files needed are:
Hopefully all that makes some sense and someone out there may find it of use.
Andrew White
Network Manager
Salisbury College
Reader Comments
• Looks pretty good! From a purely user auditing perspective, Condrey Consulting,
makers of File System Factory (That Novell sells), has an auditing NLM called
Auditlogin, that logs login/logout events, to a CSV text file. (It is used in Novell
Account Managerment as well). The guys at University of New Brunswick have
used it to generate this amazing web system, of tracking which computers are in
use, and which are free. They are considering releasing it commercially, because
it is pretty darn useful for a university! http://labdisplay.csd.unb.ca/
• How bad, that HFNetChk from Shavlik is MS network client dependent. In my
enviroment I have only Novell clients on workstations. David Krotil
david_dot_krotil_at_systemnet_dot_cz
• Excellent Tool for those of us that aren't using dedicated Patch Management
Software. Mark D Harrison md.harrison@is.sefton.gov.uk