Upload
daaban
View
225
Download
0
Embed Size (px)
Citation preview
7/27/2019 Using WMI Scripts With BitDefender Client Security
1/17
Copyright 2009 BitDefender;
Using WMI Scripts with BitDefenderClient Security
Whitepaper
7/27/2019 Using WMI Scripts With BitDefender Client Security
2/17
Table of Contents1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Available WMI Script Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95.1. Gathering Information about Client Workstations . . . . . . . . . . . . . . . . . . . 95.2. Application Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105.3. Increasing Your Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Appendix. Description of WMI Script Templates . . . . . . . . . . . . . . . . . . . . . . . 14
Using WMI Scripts with BitDefender Client Security 2
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
3/17
1. IntroductionBitDefender Client Security is a robust and easy-to-use business security andmanagement solution, which delivers superior proactive protection from viruses,spyware, rootkits, spam, phishing and other malware.
BitDefender Client Security comprises several features for automated networkmanagement to provide maximum value to its customers. One such feature is supportfor Windows Management Instrumentation (WMI) scripting.
WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM),an initiative to establish standards for accessing and sharing management informationin an enterprise network. WMI is WBEM-compliant and provides integrated support
for Common Information Model (CIM), the data model describing the objects that existin a management environment.
Basically, WMI allows managing Windows workstations using scripts. WMI scripts canbe run only on workstations with WMI services installed. WMI is preinstalled in WindowsVista, Windows Server 2008, Windows Server 2003, Windows XP, Windows Me, andWindows 2000.
More InformationFor more details on WMI, please refer to the Windows Management Instrumentationtopic on the Microsoft Developer Network (MSDN) website.
Usually, the implementation and deployment of any fully customized automated solutionis an extremely challenging and complex process. To avoid the time-consuming taskof researching and developing WMI scripts, BitDefender Client Security offers you 40predefined templates for scripting purposes.
BitDefender Client Security enables running WMI scripts on groups of networkworkstations and provides scheduling capabilities to reduce the administration effortand centralize results. Thus, IT administrators can perform network audit (gatheringof hardware and system information from workstations) and administrative actionsremotely.
Different from other business security solutions that may include third-party softwareto provide WMI scripting support, BitDefender Client Security directly integrates WMIscripts into its management component, BitDefender Management Server. This resultsin a lower Total Cost of Ownership and a comprehensive and easy-to-use managementsolution.
Using WMI Scripts with BitDefender Client Security 3
Using WMI Scripts with BitDefender Client Security
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_start_page.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_start_page.asp7/27/2019 Using WMI Scripts With BitDefender Client Security
4/17
2. Key BenefitsSeveral important benefits arise from using the WMI scripts implemented in BitDefenderManagement Server:
Reduced Network Administration Workload and Costs
Saves IT administrators the time they would spend to learn about and develop WMIscripts by providing 40 predefined WMI script templates
Reduces considerably the time spent on centralizing network audit information fromall network workstations
Enables network and security administration from a single interface through the useof the BitDefender Management Console
Provides full automation by allowing WMI scripts to be run on groups of workstations(the Management Server integrates with Active Directory for easy and flexible groupmanagement)
Enhances management capabilities and reduces the administration effort by allowingIT administrators to take action (remove software, restart, shutdown, log off) onnetwork workstations remotely
Helps reduce workstation downtime by assisting IT administrators in the
troubleshooting process with preliminary information about the affected networkworkstations
Helps maintain compliance with application use policies by enabling IT administratorsto remotely control the applications installed and the processes running on thenetwork workstations
Helps making the network more secure by enabling IT administrators to remotelycontrol the use of Windows autorun and USB storage devices in the network
Improved Network Visibility and Monitoring
Allows performing network audit by gathering:
hardware information
system and software information
Windows user accounts information
disk and file system information
Provides quick and easy access to information by centralizing the results of eachscript.
Using WMI Scripts with BitDefender Client Security 4
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
5/17
3. Available WMI Script TemplatesBitDefender Client Security allows creating WMI scripts based on predefined WMIscript templates. The following table displays all 40 WMI script templates currentlyavailable, grouped by their use:
Available Script TemplatesCategory
Computer restartAdministrative Actions
(12 script templates) Computer shutdown
Enable/Disable Autorun for All Drives
Enable/Disable USB Mass Storage
Install Windows Updates
Kill Process
Log off user
Remote Desktop Connection
Remove Software
Run program
Send messageWindows Automatic Updating
Operating SystemSystem and Software Information
(13 script templates) Get system info
Get Last SP Installed
Enumerate All Startup Programs
Enumerate Startup Programs (MSI)
List Installed Software (All)
List Installed Software (MSI)
List Hotfix
Current Processes
List Services
List WMI Settings
List startup info
List startup menu
Using WMI Scripts with BitDefender Client Security 5
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
6/17
Available Script TemplatesCategory
Current SharesDisk and File Systems Information
(5 script templates) Free Disk Space
List Logical Disk Info
Enumerate memory
Enumerate pagefile
List current usersWindows User Accounts Information
(4 script templates) List local users
List Domain and Workgroup infoList logon session info
List CPU InfoHardware Information
(6 script templates) List MB (motherboard) Settings
List Video Info
List monitor settings
List network adapter values
List power management info
You can find a detailed description of each WMI script template in the appendix.
Operating System RestrictionsTo run the following WMI scripts on Windows Server 2003 or 64-bit Windows operatingsystems, you must first install the Windows Installer Provider (MSI provider), as itdoes not come preinstalled on default installations.
Enumerate startup programs (MSI) List installed software (MSI) Get system info
This provider is included on the Windows installation CD as an optional Windowscomponent and can be installed using the Control Panel.For more information, please refer to the following topics on the Microsoft DeveloperNetwork (MSDN) website:
Operating System Availability of WMI Components Windows Installer Provider
Using WMI Scripts with BitDefender Client Security 6
Using WMI Scripts with BitDefender Client Security
http://msdn.microsoft.com/en-us/library/aa392726(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa394523(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa394523(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa392726(VS.85).aspx7/27/2019 Using WMI Scripts With BitDefender Client Security
7/17
4. OperationIT administrators create WMI scripts using the dedicated snap-in from the BitDefenderManagement Console.
WMI Scripts Snap-In
The WMI scripts can be run on any WMI-enabled workstation managed by BitDefenderManagement Server.
These are the stages of the script creation and execution process:
1. In the management console, the IT administrator creates a WMI script using theWMI script template appropriate to the task to be performed. In most cases, thescript is created immediately, without having to configure any settings.
2. The IT administrator assigns the WMI script to run on specific client workstationsor groups of client workstations. The script can be scheduled to run one time onlyor on a regular basis.
3. During the agent-server communication session, BitDefender Management Serversends the script request to the BitDefender Management Agent installed on theassigned client workstations.
4. BitDefender Management Agent runs the script immediately or as scheduled.
Using WMI Scripts with BitDefender Client Security 7
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
8/17
5. After the script is executed, BitDefender Management Agent sends the results toBitDefender Management Server.
6. The IT administrator can check the results in the management console.
The diagram below illustrates how WMI scripts operate in BitDefender Client Security.
Operation Diagram
Using WMI Scripts with BitDefender Client Security 8
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
9/17
5. ExamplesHere are three examples of tasks that can be accomplished using the WMI scriptsprovided by BitDefender Client Security:
Gathering Information about Client Workstations Application Control Making Your Network More Secure
5.1. Gathering Information about Client Workstations
WMI scripts can be successfully used in the troubleshooting process. The IT
administrator can remotely run specific WMI scripts to obtain preliminary informationabout client workstations having issues. Based on this information, the IT administratorcan better assess the problem and find potential quick fixes.
The Get system info script, for example, provides useful information about clientworkstations, such as:
operating system information system name, model and manufacturer total RAM memory processor
BIOS version
Get System Info
Using WMI Scripts with BitDefender Client Security 9
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
10/17
5.2. Application Control
A number of WMI scripts help maintain compliance with the organization's policiesregarding the use of applications. Using only the BitDefender Management Console,the IT administrator can easily find out what software is installed on client workstationsand remove undesired applications (only MSI-installed applications can be removed).
Step 1 - Verifying Installed Applications
To verify what applications are installed on client workstations, the IT administratorcan use one of the following WMI scripts:
The List Installed Software (MSI) script can be used to obtain the list of applicationsinstalled on client workstations with the Windows installer.
The List Installed Software (All) script can be used to obtain the list of all theapplications installed on client workstations, including all MSI-installed applicationsand the Microsoft and Windows updates.
Once the script is executed, the IT administrator can check the results in the CurrentWMI Scripts pane of the management console by double-clicking the script. Theimage below provides an example of such results for a client workstation.
List Installed Software
Using WMI Scripts with BitDefender Client Security 10
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
11/17
Other Useful Scripts
Two other scripts can provide additional information about the software installed onclient workstations:
List startup menu retrieves the applications that have shortcuts in the Start menu. Current Processes provides information about the processes currently running on
client workstations.
Step 2 - Removing Installed Applications
If an application installed on a client workstation does not comply with the applicationuse policies, it can be easily removed from the results section of the List InstalledSoftware script. Here are a few examples of application types that can be removedremotely:
antivirus chat VoIP multimedia games
Note
Only MSI-installed applications can be removed.
In order to remove an application, the IT administrator must go to the Installedprograms tab.
Installed Programs
Using WMI Scripts with BitDefender Client Security 11
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
12/17
Two tables are displayed here:
The left-side table displays all applications installed on the client workstations thescript has run on.
The right-side table displays all client workstations on which a selected applicationis installed.
It takes a few easy steps to remove an undesired application:
1. Select the application from the list.
2. To remove the application from all the workstations it is installed on, select thecheck box in the Client name column header. To remove it from specificworkstations, only select the corresponding check boxes.
3. Select a restart option. A computer restart may be required to completely removethe selected application.
4. Click Uninstall and then OK to remove the application from the selected computers.A Run program WMI script is automatically created and assigned to the selectedcomputers so that the application is removed. Application removal will require nouser intervention.
Once the script is executed, the IT administrator can check the results in the Current
WMI Scripts pane by double-clicking the script.
Run Program
Using WMI Scripts with BitDefender Client Security 12
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
13/17
5.3. Increasing Your Network Security
Computer worms are increasingly using USB storage devices and the Windows autorunfeature to spread through networks. This was the case with the recent Downadupworm, also known as Conficker or Kido, which is estimated to have infected millionsof business network computers.
NoteAutorun enables automatic detection and reading of new media connected to thecomputer. Such media includes USB flash drives, network shares, CDs, DVDs andother. This Windows feature can be used to automatically execute malicious code assoon as an infected medium is connected to the computer.
To help IT administrators counter these network vulnerabilities, BitDefender ClientSecurity provides the following WMI scripts:
Enable/Disable Autorun for All Drives - to remotely control autorun for all driveson managed computers.
Enable/Disable USB Mass Storage - to remotely allow or block the use of USBstorage devices on managed computers.
IT administrators can run these WMI scripts on all managed computers to completelydisable autorun and USB storage devices in the network. Afterwards, these WMI
scripts can be run as needed to temporarily enable autorun and USB storage deviceson specific managed computers or groups.
Using WMI Scripts with BitDefender Client Security 13
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
14/17
Appendix. Description of WMI Script TemplatesThis appendix provides a detailed description of the available WMI script templates.
Computer restartRestarts client workstations.
Computer shutdownShuts down client workstations.
Current ProcessesProvides information on the processes currently running on client workstations.
Current SharesProvides information about the existing shares on client workstations.
Enable/Disable Autorun for All DrivesEnables or disables the Windows Autorun feature for all drives on clientworkstations. Autorun enables automatic detection and reading of new media.
Enable/Disable USB Mass StorageEnables or disables USB storage devices on client workstations. Such devicesinclude USB memory sticks (flash pens) and mp3 players.
Enumerate All Startup ProgramsProvides information about all the programs that run on client workstations atstartup.
Enumerate memoryProvides the size of the physical (RAM) memory installed in client workstations.
Enumerate pagefileProvides information about the virtual memory (the page file) available on clientworkstations. This includes: the location and size of the page file the initial and the maximum size
Enumerate Startup Programs (MSI)
Provides information about the programs installed using the Windows installerthat run on client workstations at startup.
Free Disk SpaceProvides the list of the logical disks on client workstations and the available diskspace on each of them.
Get Last SP InstalledProvides the version of the Windows Service Pack installed on client workstations.
Using WMI Scripts with BitDefender Client Security 14
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
15/17
Get system infoProvides useful information about client workstations. This includes: operating system information system name, model and manufacturer total RAM memory processor BIOS version
Install Windows UpdatesHelps you identify the Windows updates available for client workstations andinstall all or specific Windows updates on client workstations.
Kill Process
Ends a specific process running on client workstations. The Current Processesscript can be used to obtain the list of running processes.
List CPU InfoProvides various information about the processor of client workstations. Thisincludes: processor name and ID description manufacturer clock speed
List current users
Lists the users currently logged on to client workstations.
List Domain and Workgroup infoProvides information on the domain or workgroup client workstations are part of.
List HotfixProvides information about the Microsoft and Windows hotfixes installed on clientworkstations.
List Installed Software (All)Provides the list of all software and Microsoft and Windows updates installed onclient workstations. An uninstall command line is provided for each application or
update installed with the Windows installer. You can remove an application usingthis command line with a Run Program script.
List Installed Software (MSI)Provides the list of software installed on client workstations with the Windowsinstaller. An uninstall command line is provided for each application. You canremove an application using this command line with a Run Program script.
List local usersProvides information about the local Windows user accounts configured on clientworkstations.
Using WMI Scripts with BitDefender Client Security 15
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
16/17
List Logical Disk InfoProvides information about the logical disks (floppy drive, hard-disk drives,CD-ROM drive etc) on client workstations. This includes: name (label) description free disk space size
List logon session infoProvides information regarding the logon session on client workstations.
List MB SettingsProvides information about the motherboard of client workstations. This includes:
name manufacturer serial number
List monitor settingsProvides information about the monitor of client workstations. This includes: monitor type manufacturer physical dimensions
List network adapter valuesProvides detailed information about the network adapters installed in client
workstations. This includes: adapter type manufacturer MAC and network address
List power management infoProvides power management information about client workstations.
List ServicesProvides various information regarding the services running on client workstations.This includes: service name and display name state (stopped / running) start mode (automatic / manual / disabled) description
List startup infoProvides information on the startup of client workstations.
List startup menuLists the program shortcuts from the Start menu of client workstations. The entriesare grouped by user.
Using WMI Scripts with BitDefender Client Security 16
Using WMI Scripts with BitDefender Client Security
7/27/2019 Using WMI Scripts With BitDefender Client Security
17/17
List Video InfoProvides various information regarding the video display of client workstations.This includes: video adapter name and type graphics memory resolution driver name and version minimum and maximum refresh rates
List WMI SettingsProvides information about the WMI settings of client workstations.
Log off user
Logs off the current user logged on to client workstations.Operating System
Provides useful information about the operating system running on clientworkstations. This includes: operating system and version registered user serial number installation time
Remote Desktop ConnectionChanges the Windows settings on client workstations in order to allow or block
incoming remote connections through Remote Desktop Connection.
Remove SoftwareRemoves a specific application installed on client workstations. The script can beused to remove any application that appears in the Add or Remove Programsapplet in the Control Panel.
Run programRuns a specific application on client workstations. The application can be locatedon the target workstation or on the local machine (where the BitDefenderManagement Console is installed).
Send messageSends a message to the user logged on client workstations.
For Windows 2000 workstations, the script uses the net send command andrequires the Messengerservice to be started (default setting). For other Windowsworkstations, the script uses the msg command and requires the TerminalServices service to be started (default setting).
Windows Automatic UpdatingConfigures Windows Automatic Updates on client workstations. WindowsAutomatic Updates helps users keep their operating system up-to-date.
Using WMI Scripts with BitDefender Client Security 17
Using WMI Scripts with BitDefender Client Security