5 Replies Latest reply on Jun 22, 2016 3:18 AM by phoffmann

    Quarry on NetBios Status

    Apprentice

      A short history:

       

      A recent security audit suggested that we disable NetBIOS on all of our PCs due to security risks it posed. We decided to follow the recommendation of the audit team and proceeded to engineer a solution.

       

      After some research we discovered the only way to do this was to edit a registry entry in HKLM. The reg key is specific to the adaptor and contains a GUID so it is unique on every machine. We ended up deploying a script with GPO so that when computers booted up on the network their registry was enumerated and the relevant key was changed.

       

      Now we want to use LANDESK to verify our success rate and clean up any PCs that spend most of their time off network. I'd like to know if there is any way to quarry a registry entry with a wildcard in it or if there is perhaps a better way.

       

      For reference, the key we are changing looks like this: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{%GUID%}\NetbiosOptions. Values can be 0,1, or 2.

       

      We are using LANDESK 2016

       

      Thanks in advance!

        • 1. Re: Quarry on NetBios Status
          phoffmann SupportEmployee

          So the answer here is "no and yes".

           

          No - by default, we can't pick up / deal with wildcards through registry.

           

          As an aside - there's going to be quite a few (potential) NIC entries (Windows doesn't "just" keep the active ones). The easiest way to deal with this is to have a little script (Powershell, VB, whatever you prefer) parse through the registry keys & pick up what data you actually want/need. You can/could then do a 2nd parse & see if you can identify the NIC(-s) you actually care about, so you "just" have information you care about.

           

          You can even schedule this script to run regularly (at logon / via local scheduler or whatnot).

           

          You can then have your script spit out a single value into another (fixed) registry location that you want, saying something like "NetBIOS - Fine" or "Fix Me" or whatever. I suggest thinking on what values to use up-front & being consistent - so that you don't have to remember 6 months down the line "what was value 1234 about again ...".

           

          Basic article is here - How to scan Windows Registry for custom information using Ivanti Endpoint Manager ( EPM ) - and be aware of - Issue: Custom Data is not Entered - Using the Unknown Items Inventory Tool - as well!

           

          Hope that helps?

          • 2. Re: Quarry on NetBios Status
            JoeDrwiega SupportEmployee

            Does the Inventory reflect this as the correct info or status? Network - NetBIOS - Exist

            • 3. Re: Quarry on NetBios Status
              Apprentice

              Sadly the "NetBios Status" in the inventory shows true for all machines. So I cannot query on that.

              • 4. Re: Quarry on NetBios Status
                Apprentice

                This is a bit above my head as I am not that good with scripting myself. The script we used to turn NetBIOS off in the first place was actually found on the net after a bit of googling.

                 

                If I can't find a better solution we may still have to go this route. Thanks for the idea.

                • 5. Re: Quarry on NetBios Status
                  phoffmann SupportEmployee

                  Well - you don't necessarily have to write the script yourself.

                   

                  If you know of scripting folks ("someone" in your company must be able to do it - basic domain logon scripts are sort of a thing), then you could just try bribing them (usually "a cup of coffee" or "some food" go a long way) into doing this as a favour for you.

                   

                  Pulling a few registry keys (granted, you'd need to enumerate the "sub" directories of the registry hives because of "\Tcpip_{%GUID%}\") is pretty simple in PowerShell. You can do it in pretty much any scripting language I'm sure - I just don't regard VB as overly civilised or intuitive, whereas PowerShell at least makes sense most of the time.

                   

                  Heck, if you've got Linux People, they could write it in Python (might require you to install the python environment on Windows) ... it's all doable .

                   

                  It's a good reason to get your boss to send you on training / give you time / resources / support for it. Scripting is a pretty integral part of our kinds of jobs (since there'll always be "oddball things" we need to do that are non standard), so feel free to get his eyes on my response here. It's a key skill that is a life-saver & builds a foundation of being able to more & more "unusual" things / requests.