IIS installed - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » IIS installed

Page 1 of 1

1

Topic Options

#110026 - 2003-12-10 08:20 PM IIS installed
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	Does anyone know a straightforward way to check if IIS is installed with a script? The script collecting information will be run at each local server in the administrator context. It must work for NT4 Server, 2000 Server/Advanced Server, and 2003 Standard/Web/Enterprise. Thanks, NMM
Top

#110027 - 2003-12-10 08:27 PM Re: IIS installed
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Searching for the existence of the inetpub or wwwroot folder would do the trick. Code: $IIS1 = Exist ("c:\inetpub") $IIS2 = Exist ("d:\inetpub") Select Case $IIS1 = "1" OR $IIS2 = "1" ?"ISS found" Case $IIS1 = "0" AND $IIS2 = "0" ?"IIS not found" EndSelect Just expand with $iIIS3, etc... for more local drives. _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#110028 - 2003-12-10 08:43 PM Re: IIS installed
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	That might help. Of course, it would be incorrect if IIS had been uninstalled without deleting the inetpub directory. But this might be close enough for government work. I'm also thinking about looking for the World Wide Web Publishing service. That way I could also check to see if it was running. Thanks, NMM
Top

#110029 - 2003-12-10 08:47 PM Re: IIS installed
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	You should rather check whether the IIS services are installed, at a minimum 'IIS Admin Service' and 'World Wide Web Publishing Service'. IIS does not necesarily use the 'inetpub' directories as website repositories. You can also check the registry for the presence of HKLM\SOFTWARE\Microsoft\InetStp. _________________________ There are two types of vessels, submarines and targets.
Top

#110030 - 2003-12-10 08:49 PM Re: IIS installed
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	If IIS has been uninstalled and inetpub is still there then it is probably full of [censored] that is never used anymore. So you'll also find servers with dir’s and files taking up precious space on the HDD. Checking for the w3svc would do but you'll not find the orphaned inetpub's. Maybe you could combine the two? _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#110031 - 2003-12-10 08:55 PM Re: IIS installed
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	The directories storing websites can be named anything, thus you'll have to build a more robust search paradigm. _________________________ There are two types of vessels, submarines and targets.
Top

#110032 - 2003-12-10 09:24 PM Re: IIS installed
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	I think just checking for the existence of the w3svc will get me where I want to go. I'm going to divide this into two fields, "installed" and "autostart". This way I can see if WWW is installed and/or normally running. Thanks everyone. I'm always amazed at how fast people post suggestions in this forum. I move that your salaries be doubled forthwith. NMM
Top

#110033 - 2003-12-10 10:34 PM Re: IIS installed
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Please let us know how you get on with it. Quote: move that your salaries be doubled forthwith. LOL Please call my CEO. If you get this done you the man But I think when you call and say: "Hi, this is New Mexico Mark. I'm calling about R2D2's salary" he will call some kind of psychiatric thing for you. _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#110034 - 2003-12-10 11:01 PM Re: IIS installed
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	NMM Take a look here for a Web Scanner Nikto http://www.cirt.net/code/nikto.shtml
Top

#110035 - 2003-12-11 01:50 AM Re: IIS installed
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Services you will be looking for are: IISADMIN W3SVC MSFTPSVC SMTPSVC If memory serves, the last three require IISADMIN to be running.. Take for example a batch script I use to maintain a web server (yes, I know it is not KiXtart). Code: ::net stop openwebscope net stop msftpsvc net stop w3svc ::net stop smtpsvc net stop iisadmin /y cd %temp% del . /s/q for /f "Tokens=" %%i in ('Dir /B %temp%') do rd /s /q "%%i" cd %windir% del .tmp /s/q net start iisadmin net start w3svc net start msftpsvc ::net start smtpsvc ::net start openwebscope pause HTH, Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#110036 - 2003-12-11 01:46 PM Re: IIS installed
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	Thanks. What I'll probably end up doing is similar to what I do now with patches. I collect all OS and IE patches into one field, then do queries against that field to see which servers need a particular patch applied. Similarly, if I collect all services that are installed and either currently running or set to autostart into one field, I'll get a pretty good snapshot of the services on any given system, and I can do queries as needed for specific questions like, "Which systems are running IIS?" Since we have hundreds of servers in multiple DMZ's, doing queries across the network is out of the question, so we have to get a little creative in our approach. Thanks again, NMM
Top

#110037 - 2003-12-11 02:41 PM Re: IIS installed
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Well.. This should pretty simple then.. From your Firewall, you should be able to block port 443 or 80 (81 for ePolicy Orchestrator) and only allow from specific machines.. Have you seen this app? I saw this over at http://pricelessware.org It is very cool when trying to diagnose packets across the Internet.. http://www.ethereal.com/ Otherwise, you may have to get into your hub/switch and watch packets.. So let's see if we can wrap this up in a nutshell.. You want to only allow one or two systems to be webservers and log any others and then turn off the ones you don't want. This is probably being driven by a security audit. Why not log the services started from each machine? Then the rest becomes pretty simple.. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#110038 - 2003-12-11 03:02 PM Re: IIS installed
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	LOL... easier said than done to open up our DMZ's at all, even to specific systems. Of course, the good news is that we weren't really worried during all the recent outbreaks of viruses and worms. Our critical systems are pretty well sealed off, even from loyal administrators' workstations. Actually, some of this is being drivin by the need to quickly identify the current configuration of all our servers to help evaluate how/when we want to deploy patches or other security fixes. For instance, MS03-001 is critical for domain controllers, but minor for other servers UNLESS they are running the locator service for whatever reason. It would have been great to do a quick query and be able to identify all servers running the locator service. Even if it was only domain controllers (as it should be), upper managment really likes to get positive confirmation. We are also starting into a major upgrade project to W2K3. "At a glance" reports showing which servers are good candidates now and which need hardware upgrades or replacement make projects like this much easier. Of course, unlike workstations, we can't rely on logon scripts (over half of our servers are not domain members anyway -- the DMZ and multiple independent business units thing again) If I ever get my code cleaned up enough to where I wouldn't be embarrassed (much of the development was done under extremely tight timelines), I'll post the scripts. The process isn't perfect, but it is leaps and bounds ahead of the manual ways we collected and managed server information before. Thanks, NMM
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

0 registered and 874 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.071 seconds in which 0.029 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking