GFI LanGuard concentrates many products into one – Network Audit, Patch Management and Vulnerability discovery. Network Audit is useful in order to get centralized information about hardware, software and configuration of scanned computers. Moreover you can control and remediate other things such as Application inventory.

GFI LanGuard is designed for admins to be able to control the entire network covering workgroup computers as well as domains from a central location. This is a big advantage and can be combined with the scripting capabilities of GFI LanGuard. Using scripts it is possible to get even more information about computers scanned. In the past we saw popular scripts for network and software audit (now included as standard features in application) or computer serial number retrieval.

If an admin wants to not only to scan but also make changes on the network it can be done by applying common admin commands to remote computers. This is, for example, what Patch Management can do – the missing patches can be deployed and installed; the deployment can be considered the “active” part of GFI LanGuard. There is also a Custom Software deployment module which can be used to install software, update files etc. A particularity of Custom Software deployment is that first you must scan a computer and then analyze the response and set a deployment.

Another possibility to make changes on scanned computers consists in the usage of the scripts attached to vulnerabilities. The scripts can include a detection section followed by the “active” part which will modify something on the remote computer. This will take a short time and will be done in one shot compared to Custom Software where the deployment cannot be triggered automatically by a scan. If you want to be notified which computers have been processed by vulnerability/script you can display echo messages in scanner activity windows.

In GFI LanGuard, scripting can be done in a VBS like language for Windows, using SSH for Linux or in Python for both. If you don’t want to run the script on all machines you can filter them by IP, OS or any other criteria using the vulnerability parameters or directly in script, or simply using a computer list

You can use these scripts/vulnerabilities in a dedicated profile having an IP range as target and eventually in a scheduled scan that will act as a guardian remediating automatically all problems found on the computers discovered.

Below you can find some examples that can give an idea of what and how this can be done.

The first example can be created by making an exception on the remote machine’s firewall that allows a specific application to run through. In my example the application will be update.exe within GFI LanGuard:

Function Main
Dim ip, compip, compname, user, passwd, path, strCommand As String
Dim Shel As Object
cr = Chr(13) + Chr(10)
compip = GetParameter("ComputerIP")
user = GetParameter("User")
passwd = GetParameter("Password")
path="D:\L.N.S.S\PsTools\"
strCommand = "cmd /c " + path + "psexec.exe " + "\\" + compip + " -u " + user + " -p " + passwd + " /accepteula netsh.exe  firewall set allowedprogram ""C:\Program Files\GFI\LANguard 9.0\update.exe"" LANguard_Update ENABLE"
Set Shel = CreateObject("WScript.Shell")
Shel.Run(strCommand)
Set Shel = Nothing
'main = true
End Function

Note:

  1. With the script above no vulnerability will be generated since we only need to do a specific action. This is because the main function does not return a value. If main=true line is uncommented and vulnerability Value condition is set to 1 it will be shown . You can find details about these in the GFI LANguard documentation.
  2. In this script was used psexec.exe tool which can be downloaded from here: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

In the next example you can find how registries can be modified using a Python script. This will check if Windows automatic logon is enabled and deactivate it:

import _winreg
def main():
 result = 0
 hivekey = _winreg.ConnectRegistry("\\\\" + ComputerIP, _winreg.HKEY_LOCAL_MACHINE)
 testkey = _winreg.OpenKey(hivekey, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", 0, _winreg.KEY_ALL_ACCESS)
 value, type = _winreg.QueryValueEx(testkey, "AutoAdminLogon")
 if value == "1":
 #  GlobalFunctions.echo ("AutoAdminLogon is on. Will be deactivated")
 _winreg.SetValueEx(testkey, "AutoAdminLogon", 0, _winreg.REG_SZ, "0")
 result = 1
 _winreg.CloseKey(hivekey)
 return(result)

Note: comparing with the above script, in this case vulnerability is also generated if you set the vulnerability result to 1.

The last example is a script that joins the scanned computers to a domain.  The script is based on the netdom tool that you can find in Windows Server 2003 Support Tools and in Windows 2008 it can be added by specific roles or tools.

You can find more information here: http://technet.microsoft.com/en-us/library/cc772217(WS.10).aspx. You should have this tool only on the machine where you run GFI LANguard and you have to specify its path within the script.

The script code:

Function main
Dim ip, hostname,path, strCommand As String
Dim domuser, dompasswd, compuser,compasswd,domain,OUname As String
Dim Shel As Object
 result = false
 cr = Chr(13) +  Chr(10)
 hostname = getparameter("ComputerName")
 compuser = GetParameter("User")  ' the admin username to access the computers specified in Alternative Credentials
 comppasswd = GetParameter("Password") ' the password specified in Alternative Credentials
 path =  "c:\temp\"     'or "\\computername\foldername\" is the path where netdom.exe utility can be found
 domuser ="domainusername"      ' ex: administrator  - a domain admin user name to access the DC
 dompasswd = "password"  ' the password for above user account
 domain = "x.y"  ' FQDN domain name where the computer will be joined
 OUname = "testOU" ' OU name
 DC1 = "hdom" ' "internal" domain name ex:  from domainname.com DC1 is domainname
 DC2 = "hpub" '"public" name from above example represent com.
 strCommand = "cmd /c " + path + "netdom.exe " + " JOIN " + hostname + " /Domain:" + domain +  " /userd:"  + domuser + " /passwordd:" + dompasswd + " /usero:" + compuser + " /passwordo:" + comppasswd
 Set Shel = CreateObject("WScript.Shell")
 echo("Join the computer to domain")
 Shel.Run(strCommand) 'run the cmd
 Set Shel = Nothing
'main = result
End Function

If you have to add the computers in a specific OU you can modify the command line in this way:

'   adding to OU :
 strCommand = "cmd /c " + path + "netdom.exe " + " JOIN " + hostname + " /Domain:" + domain + " /OU:OU=" + OUname + ",DC=" + DC1 + ",DC=" + DC2 + " /userd:" + 'domuser + " /passwordd:" + dompasswd + " /usero:" + compuser + " /passwordo:" + comppasswd

Note the following variables: path, domuser, dompasswd, compuser, comppasswd, domain, OUname should be initialized with user specific values.

As a final note, be careful using such “active” scripts – it is recommended to test them first before targeting the entire network.