Peter Valdemar Mørch
2004-Feb-25 15:51 UTC
[Samba] Remote Windows registry read access from Linux?
Hi, In order to do some inventory and network management of our Windows machines, we'd really like to be able to extract some bookkeeping info from them - mostly from the registry. Anybody know how this is possible from Linux? (Most of) the information we seek is present in the registry of the remote windows machine, e.g. installed programs/hotfixes. But the Event Log, Info about running services, users, shares etc. is also on our wishlist. I tried upgrading my samba to 3.0.2a, and editreg(1) says "...currently only NT4...", and editreg was also not created during my build. Regardless, from reading editreg(1) it doesn't seem that it would do what I need anyway, such as accessing a remote registry. rpcclient also seems very handy - just not quite the tool for my exact job. I have no need to modify the registry, only extract keys from it. I suspect that the binary version of the registry on XP is in: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT And then there is a part for each user. Is that correct? I was thinking that maybe I could use smbclient to retrieve the actual remote binary version of the registry and then use some application to decode/dump that binary file. Has anybody succeeded in that approach? With what dumper? I seem to have no similar global file on my W2K installation... - what would that be on W2K? ??On W3K?? I've tried looking at the PDUs that regedit/LANGuard for windows send with a sniffer, but there are 994/11009 of them in my traces, and making sense of the decodes seems a daunting task. SMB, CIFS and MS/DCE RPC keeps re-appearing in those traces, so I thought I'd ask here. As you can well imagine, I would really hate to have to have a separate Windows machine in the loop running some Visual Basic / TCP daemon nastiness just to do this... Very likely, my ignorance stems from not having any fundamental knowledge of how Windows remote management works. What is possible and what are the protocols (RPC?/DCOM?/What else?) . googling reveals lots of Windows Howto pages, but GUI guides (run regedit.exe, click here&there) are of very little use here. Can the Windows RPC be used to run a visual basic script (uploaded with smbclient) on the remote side to do this? E.g. Any links to *any* useful Linux information? Peter -- Peter Valdemar M?rch http://www.morch.com
Peter Valdemar Mørch
2004-Feb-26 09:10 UTC
[Samba] Remote Windows registry read access from Linux?
J?rn Nettingsmeier (address removed) wrote: > a somewhat heavyweight solution is to run the openssh server from > cygwin, which will provide you remote shell access. > > if you find your way > around with just the command line, you should be fine. if you need gui > tools, combine it with the free winvnc server on localhost - you can > then tunnel into the machine, and the vnc stuff won't > ever be visible on > the net in the clear. presto: a zero-budget remote > administration tool. > > the only drawback of the vnc server is that it will not ask the user > who's logged on before granting access. only the change of color of a > tiny icon in the taskbar tells the user someone is following their > session, and i don't want my users feel like they are being spied on. Hi there, Thank you for your reply. The beauty of smb/rpc would be that it wouldn't require any software installed on the remote machines. With a domain administrator password, we could successfully query all windows hosts in the network without any problems. We're developing a network managment application, and have committed ourselves to not requiring any installation on a pr. client basis, so this is ideal. I already use VNC (TightVNC - also free!) for many other purposes, and have used the openssh daemon under cygwin in the past - but by their nature, they require client software installed. If that is the case, I'm more inclined to create a daemon/service running on Windows that will access remote repositories via MS Visual Basic or MS C++... Also we need to be able to query 100s of machines, so VNC is not really viable. Thank you for your time in answering me! But I'm still in the market for a remote repository access solution... Peter -- Peter Valdemar M?rch http://www.morch.com
Peter Valdemar Mørch
2004-Mar-10 06:56 UTC
[Samba] Remote Windows registry read access from Linux?
Peter Valdemar M?rch swp5jhu02-at-sneakemail.com |Lists| wrote:> Any links to *any* useful Linux information?After ending my investigation, it looks like it indeed is possible. It seems samba-tng has remote repository access, though I didn't try it. Check out e.g. "REGEDIT Commands" under http://www.samba-tng.org/docs/tng/htmldocs/rpcclient.8.html Seems to do what I wanted, right? I decided I really needed WMI access for it to be really useful. And WMI access isn't possible from Linux. At least nobody seems to know how to do it. Just wanted to make my investigation results available for anybody else on the same quest. Also, it seems repository access was once possible with samba itself! Look in: source/rpcclient/cmd_reg.c and see the commented-out code... I posted a thread (also) about this called "Windows WMI (over DCE/RPC) with Samba?" on the samba-technical mailing list. Peter -- Peter Valdemar M?rch http://www.morch.com