Using WMI Scripts With BitDefender Client Security

7/27/2019 Using WMI Scripts With BitDefender Client Security

1/17

Copyright 2009 BitDefender;

Using WMI Scripts with BitDefenderClient Security

Whitepaper


2/17

Table of Contents1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2. Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3. Available WMI Script Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95.1. Gathering Information about Client Workstations . . . . . . . . . . . . . . . . . . . 95.2. Application Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105.3. Increasing Your Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Appendix. Description of WMI Script Templates . . . . . . . . . . . . . . . . . . . . . . . 14

Using WMI Scripts with BitDefender Client Security 2

Using WMI Scripts with BitDefender Client Security


3/17

1. IntroductionBitDefender Client Security is a robust and easy-to-use business security andmanagement solution, which delivers superior proactive protection from viruses,spyware, rootkits, spam, phishing and other malware.

BitDefender Client Security comprises several features for automated networkmanagement to provide maximum value to its customers. One such feature is supportfor Windows Management Instrumentation (WMI) scripting.

WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM),an initiative to establish standards for accessing and sharing management informationin an enterprise network. WMI is WBEM-compliant and provides integrated support

for Common Information Model (CIM), the data model describing the objects that existin a management environment.

Basically, WMI allows managing Windows workstations using scripts. WMI scripts canbe run only on workstations with WMI services installed. WMI is preinstalled in WindowsVista, Windows Server 2008, Windows Server 2003, Windows XP, Windows Me, andWindows 2000.

More InformationFor more details on WMI, please refer to the Windows Management Instrumentationtopic on the Microsoft Developer Network (MSDN) website.

Usually, the implementation and deployment of any fully customized automated solutionis an extremely challenging and complex process. To avoid the time-consuming taskof researching and developing WMI scripts, BitDefender Client Security offers you 40predefined templates for scripting purposes.

BitDefender Client Security enables running WMI scripts on groups of networkworkstations and provides scheduling capabilities to reduce the administration effortand centralize results. Thus, IT administrators can perform network audit (gatheringof hardware and system information from workstations) and administrative actionsremotely.

Different from other business security solutions that may include third-party softwareto provide WMI scripting support, BitDefender Client Security directly integrates WMIscripts into its management component, BitDefender Management Server. This resultsin a lower Total Cost of Ownership and a comprehensive and easy-to-use managementsolution.


http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_start_page.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_start_page.asp


4/17

2. Key BenefitsSeveral important benefits arise from using the WMI scripts implemented in BitDefenderManagement Server:

Reduced Network Administration Workload and Costs

Saves IT administrators the time they would spend to learn about and develop WMIscripts by providing 40 predefined WMI script templates

Reduces considerably the time spent on centralizing network audit information fromall network workstations

Enables network and security administration from a single interface through the useof the BitDefender Management Console

Provides full automation by allowing WMI scripts to be run on groups of workstations(the Management Server integrates with Active Directory for easy and flexible groupmanagement)

Enhances management capabilities and reduces the administration effort by allowingIT administrators to take action (remove software, restart, shutdown, log off) onnetwork workstations remotely

Helps reduce workstation downtime by assisting IT administrators in the

troubleshooting process with preliminary information about the affected networkworkstations

Helps maintain compliance with application use policies by enabling IT administratorsto remotely control the applications installed and the processes running on thenetwork workstations

Helps making the network more secure by enabling IT administrators to remotelycontrol the use of Windows autorun and USB storage devices in the network

Improved Network Visibility and Monitoring

Allows performing network audit by gathering:

hardware information

system and software information

Windows user accounts information

disk and file system information

Provides quick and easy access to information by centralizing the results of eachscript.




5/17

3. Available WMI Script TemplatesBitDefender Client Security allows creating WMI scripts based on predefined WMIscript templates. The following table displays all 40 WMI script templates currentlyavailable, grouped by their use:

Available Script TemplatesCategory

Computer restartAdministrative Actions

(12 script templates) Computer shutdown

Enable/Disable Autorun for All Drives

Enable/Disable USB Mass Storage

Install Windows Updates

Kill Process

Log off user

Remote Desktop Connection

Remove Software

Run program

Send messageWindows Automatic Updating

Operating SystemSystem and Software Information

(13 script templates) Get system info

Get Last SP Installed

Enumerate All Startup Programs

Enumerate Startup Programs (MSI)

List Installed Software (All)

List Installed Software (MSI)

List Hotfix

Current Processes

List Services

List WMI Settings

List startup info

List startup menu




6/17

Available Script TemplatesCategory

Current SharesDisk and File Systems Information

(5 script templates) Free Disk Space

List Logical Disk Info

Enumerate memory

Enumerate pagefile

List current usersWindows User Accounts Information

(4 script templates) List local users

List Domain and Workgroup infoList logon session info

List CPU InfoHardware Information

(6 script templates) List MB (motherboard) Settings

List Video Info

List monitor settings

List network adapter values

List power management info

You can find a detailed description of each WMI script template in the appendix.

Operating System RestrictionsTo run the following WMI scripts on Windows Server 2003 or 64-bit Windows operatingsystems, you must first install the Windows Installer Provider (MSI provider), as itdoes not come preinstalled on default installations.

Enumerate startup programs (MSI) List installed software (MSI) Get system info

This provider is included on the Windows installation CD as an optional Windowscomponent and can be installed using the Control Panel.For more information, please refer to the following topics on the Microsoft DeveloperNetwork (MSDN) website:

Operating System Availability of WMI Components Windows Installer Provider


http://msdn.microsoft.com/en-us/library/aa392726(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa394523(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa394523(VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa392726(VS.85).aspx


7/17

4. OperationIT administrators create WMI scripts using the dedicated snap-in from the BitDefenderManagement Console.

WMI Scripts Snap-In

The WMI scripts can be run on any WMI-enabled workstation managed by BitDefenderManagement Server.

These are the stages of the script creation and execution process:

1. In the management console, the IT administrator creates a WMI script using theWMI script template appropriate to the task to be performed. In most cases, thescript is created immediately, without having to configure any settings.

2. The IT administrator assigns the WMI script to run on specific client workstationsor groups of client workstations. The script can be scheduled to run one time onlyor on a regular basis.

3. During the agent-server communication session, BitDefender Management Serversends the script request to the BitDefender Management Agent installed on theassigned client workstations.

4. BitDefender Management Agent runs the script immediately or as scheduled.




8/17

5. After the script is executed, BitDefender Management Agent sends the results toBitDefender Management Server.

6. The IT administrator can check the results in the management console.

The diagram below illustrates how WMI scripts operate in BitDefender Client Security.

Operation Diagram




9/17

5. ExamplesHere are three examples of tasks that can be accomplished using the WMI scriptsprovided by BitDefender Client Security:

Gathering Information about Client Workstations Application Control Making Your Network More Secure

5.1. Gathering Information about Client Workstations

WMI scripts can be successfully used in the troubleshooting process. The IT

administrator can remotely run specific WMI scripts to obtain preliminary informationabout client workstations having issues. Based on this information, the IT administratorcan better assess the problem and find potential quick fixes.

The Get system info script, for example, provides useful information about clientworkstations, such as:

operating system information system name, model and manufacturer total RAM memory processor

BIOS version

Get System Info




10/17

5.2. Application Control

A number of WMI scripts help maintain compliance with the organization's policiesregarding the use of applications. Using only the BitDefender Management Console,the IT administrator can easily find out what software is installed on client workstationsand remove undesired applications (only MSI-installed applications can be removed).

Step 1 - Verifying Installed Applications

To verify what applications are installed on client workstations, the IT administratorcan use one of the following WMI scripts:

The List Installed Software (MSI) script can be used to obtain the list of applicationsinstalled on client workstations with the Windows installer.

The List Installed Software (All) script can be used to obtain the list of all theapplications installed on client workstations, including all MSI-installed applicationsand the Microsoft and Windows updates.

Once the script is executed, the IT administrator can check the results in the CurrentWMI Scripts pane of the management console by double-clicking the script. Theimage below provides an example of such results for a client workstation.

List Installed Software




11/17

Other Useful Scripts

Two other scripts can provide additional information about the software installed onclient workstations:

List startup menu retrieves the applications that have shortcuts in the Start menu. Current Processes provides information about the processes currently running on

client workstations.

Step 2 - Removing Installed Applications

If an application installed on a client workstation does not comply with the applicationuse policies, it can be easily removed from the results section of the List InstalledSoftware script. Here are a few examples of application types that can be removedremotely:

antivirus chat VoIP multimedia games

Note

Only MSI-installed applications can be removed.

In order to remove an application, the IT administrator must go to the Installedprograms tab.

Installed Programs




12/17

Two tables are displayed here:

The left-side table displays all applications installed on the client workstations thescript has run on.

The right-side table displays all client workstations on which a selected applicationis installed.

It takes a few easy steps to remove an undesired application:

1. Select the application from the list.

2. To remove the application from all the workstations it is installed on, select thecheck box in the Client name column header. To remove it from specificworkstations, only select the corresponding check boxes.

3. Select a restart option. A computer restart may be required to completely removethe selected application.

4. Click Uninstall and then OK to remove the application from the selected computers.A Run program WMI script is automatically created and assigned to the selectedcomputers so that the application is removed. Application removal will require nouser intervention.

Once the script is executed, the IT administrator can check the results in the Current

WMI Scripts pane by double-clicking the script.

Run Program




13/17

5.3. Increasing Your Network Security

Computer worms are increasingly using USB storage devices and the Windows autorunfeature to spread through networks. This was the case with the recent Downadupworm, also known as Conficker or Kido, which is estimated to have infected millionsof business network computers.

NoteAutorun enables automatic detection and reading of new media connected to thecomputer. Such media includes USB flash drives, network shares, CDs, DVDs andother. This Windows feature can be used to automatically execute malicious code assoon as an infected medium is connected to the computer.

To help IT administrators counter these network vulnerabilities, BitDefender ClientSecurity provides the following WMI scripts:

Enable/Disable Autorun for All Drives - to remotely control autorun for all driveson managed computers.

Enable/Disable USB Mass Storage - to remotely allow or block the use of USBstorage devices on managed computers.

IT administrators can run these WMI scripts on all managed computers to completelydisable autorun and USB storage devices in the network. Afterwards, these WMI

scripts can be run as needed to temporarily enable autorun and USB storage deviceson specific managed computers or groups.




14/17

Appendix. Description of WMI Script TemplatesThis appendix provides a detailed description of the available WMI script templates.

Computer restartRestarts client workstations.

Computer shutdownShuts down client workstations.

Current ProcessesProvides information on the processes currently running on client workstations.

Current SharesProvides information about the existing shares on client workstations.

Enable/Disable Autorun for All DrivesEnables or disables the Windows Autorun feature for all drives on clientworkstations. Autorun enables automatic detection and reading of new media.

Enable/Disable USB Mass StorageEnables or disables USB storage devices on client workstations. Such devicesinclude USB memory sticks (flash pens) and mp3 players.

Enumerate All Startup ProgramsProvides information about all the programs that run on client workstations atstartup.

Enumerate memoryProvides the size of the physical (RAM) memory installed in client workstations.

Enumerate pagefileProvides information about the virtual memory (the page file) available on clientworkstations. This includes: the location and size of the page file the initial and the maximum size

Enumerate Startup Programs (MSI)

Provides information about the programs installed using the Windows installerthat run on client workstations at startup.

Free Disk SpaceProvides the list of the logical disks on client workstations and the available diskspace on each of them.

Get Last SP InstalledProvides the version of the Windows Service Pack installed on client workstations.




15/17

Get system infoProvides useful information about client workstations. This includes: operating system information system name, model and manufacturer total RAM memory processor BIOS version

Install Windows UpdatesHelps you identify the Windows updates available for client workstations andinstall all or specific Windows updates on client workstations.

Kill Process

Ends a specific process running on client workstations. The Current Processesscript can be used to obtain the list of running processes.

List CPU InfoProvides various information about the processor of client workstations. Thisincludes: processor name and ID description manufacturer clock speed

List current users

Lists the users currently logged on to client workstations.

List Domain and Workgroup infoProvides information on the domain or workgroup client workstations are part of.

List HotfixProvides information about the Microsoft and Windows hotfixes installed on clientworkstations.

List Installed Software (All)Provides the list of all software and Microsoft and Windows updates installed onclient workstations. An uninstall command line is provided for each application or

update installed with the Windows installer. You can remove an application usingthis command line with a Run Program script.

List Installed Software (MSI)Provides the list of software installed on client workstations with the Windowsinstaller. An uninstall command line is provided for each application. You canremove an application using this command line with a Run Program script.

List local usersProvides information about the local Windows user accounts configured on clientworkstations.




16/17

List Logical Disk InfoProvides information about the logical disks (floppy drive, hard-disk drives,CD-ROM drive etc) on client workstations. This includes: name (label) description free disk space size

List logon session infoProvides information regarding the logon session on client workstations.

List MB SettingsProvides information about the motherboard of client workstations. This includes:

name manufacturer serial number

List monitor settingsProvides information about the monitor of client workstations. This includes: monitor type manufacturer physical dimensions

List network adapter valuesProvides detailed information about the network adapters installed in client

workstations. This includes: adapter type manufacturer MAC and network address

List power management infoProvides power management information about client workstations.

List ServicesProvides various information regarding the services running on client workstations.This includes: service name and display name state (stopped / running) start mode (automatic / manual / disabled) description

List startup infoProvides information on the startup of client workstations.

List startup menuLists the program shortcuts from the Start menu of client workstations. The entriesare grouped by user.




17/17

List Video InfoProvides various information regarding the video display of client workstations.This includes: video adapter name and type graphics memory resolution driver name and version minimum and maximum refresh rates

List WMI SettingsProvides information about the WMI settings of client workstations.

Log off user

Logs off the current user logged on to client workstations.Operating System

Provides useful information about the operating system running on clientworkstations. This includes: operating system and version registered user serial number installation time

Remote Desktop ConnectionChanges the Windows settings on client workstations in order to allow or block

incoming remote connections through Remote Desktop Connection.

Remove SoftwareRemoves a specific application installed on client workstations. The script can beused to remove any application that appears in the Add or Remove Programsapplet in the Control Panel.

Run programRuns a specific application on client workstations. The application can be locatedon the target workstation or on the local machine (where the BitDefenderManagement Console is installed).

Send messageSends a message to the user logged on client workstations.

For Windows 2000 workstations, the script uses the net send command andrequires the Messengerservice to be started (default setting). For other Windowsworkstations, the script uses the msg command and requires the TerminalServices service to be started (default setting).

Windows Automatic UpdatingConfigures Windows Automatic Updates on client workstations. WindowsAutomatic Updates helps users keep their operating system up-to-date.



Documents

Using WMI Scripts With BitDefender Client Security