In order to do some inventory and network management of our Windows machines, we'd really like to be able to extract some bookkeeping info from them - mostly from the registry. Anybody know how this is possible from Linux?
(Most of) the information we seek is present in the registry of the remote windows machine, e.g. installed programs/hotfixes. But the Event Log, Info about running services, users, shares etc. is also on our wishlist.
I tried upgrading my samba to 3.0.2a, and editreg(1) says "...currently only NT4...", and editreg was also not created during my build. Regardless, from reading editreg(1) it doesn't seem that it would do what I need anyway, such as accessing a remote registry. rpcclient also seems very handy - just not quite the tool for my exact job.
I have no need to modify the registry, only extract keys from it.
I suspect that the binary version of the registry on XP is in:
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
And then there is a part for each user. Is that correct? I was thinking that maybe I could use smbclient to retrieve the actual remote binary version of the registry and then use some application to decode/dump that binary file. Has anybody succeeded in that approach? With what dumper? I seem to have no similar global file on my W2K installation... - what would that be on W2K? ??On W3K??
I've tried looking at the PDUs that regedit/LANGuard for windows send with a sniffer, but there are 994/11009 of them in my traces, and making sense of the decodes seems a daunting task. SMB, CIFS and MS/DCE RPC keeps re-appearing in those traces, so I thought I'd ask here.
As you can well imagine, I would really hate to have to have a separate Windows machine in the loop running some Visual Basic / TCP daemon nastiness just to do this...
Very likely, my ignorance stems from not having any fundamental knowledge of how Windows remote management works. What is possible and what are the protocols (RPC?/DCOM?/What else?) . googling reveals lots of Windows Howto pages, but GUI guides (run regedit.exe, click here&there) are of very little use here. Can the Windows RPC be used to run a visual basic script (uploaded with smbclient) on the remote side to do this? E.g.
Any links to *any* useful Linux information?
Peter -- Peter Valdemar Mørch http://www.morch.com
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
