How do I check file dates on remote machines in my domain?

[Editor’s Note: Some or all of the following FAQ text was submitted by a reader, Steven Yarnot.]

A. The following batch file uses the for command to pipe a remote file’s day, month, and year into variables that you can use to determine whether the file needs maintenance or other attention. After the VBS/LoveLetter.A virus outbreak in May 2000, organizations needed a technique to quickly verify that their virus scanner software had the latest virus definitions. The following batch file uses the for command against a list of all the nodes in a domain. This batch file tests the Norton AntiVirus file definfo.dat’s age. The file definfo.dat updates during every live update. If the file is older than 05/08/2000, which is the definition date for the Lovebug virus and its first five variants, you’d need to instruct the target machine to run the live update.

At the command prompt, enter

Netdom /domain:DomainName member > Nodelist.txt
For /f "skip=7 tokens=1,2,3,4,5,6 delims= " %i in (Nodelist.txt) do NAVLUCheck.CMD %l 

where NAVLUCheck.CMD contains the following.

::NAVLUCheck.CMD By Steven Yarnot
::script for checking Norton AntiVirus' Live Update on remote network machines
::and reporting the results to a comma-delimited text file
::05/10/2000
::
::arguments are as follows:
::
:: NAVLUCheck RemoteTargetNodeName
:: 
:: Assumes your account has administrative access on the remote machine,
:: NAV is installed under the Program Files directory on the C or D drive,
:: and that the following Microsoft Windows NT Resource Kit tools are in your path:
::
:: netsvc.exe, soon.exe 
:: 
:: If a live update hasn’t run since 05/08/2000, uses the Schedule Service
:: to schedule a live update to run 10 minutes from runtime
:: (to account for clock differences)

:: Initialize variables
SET NAVLUYR=NoNAV
SET NAVLUMO=NoNAV
SET NAVLUDAY=NoNAV
set scheduleit=no

:: Test the C drive
::
:: Theory of operation: The output from the nested dir command on the remote machine
:: passes to the for command, which then parses the output on spaces and the
:: frontslash character. If the argument passed to %n is equal to the target file (in this
:: case definfo.dat), the other arguments %i, %j, and %k are set on the month, day, and
:: year variables
::

for /f "skip=4 tokens=1,2,3,4,5,6,7,8 delims=/ "  %%i in ('dir "\%1C$PROGRAM FILESCOMMON FILESSYMANTEC SHAREDVIRUSDEFSdefinfo.dat" /t:w

/-c') do if "%%n"=="DEFINFO.DAT" set NAVLUMo=%%i && if "%%n"=="DEFINFO.DAT" Set NAVLUDay=%%j && if "%%n"=="DEFINFO.DAT" set navluyr=%%k

:: If not on the C drive, go test the D drive
IF "NoNAV"=="%NAVLUYR%" GOTO TESTD
::
:: If running this file from a Windows NT 4.0 rather than Windows 2000 machine, change the 2000 to 00
::
if not "2000"=="%navluyr%" goto runlu
if not "05 "=="%navlumo%" goto runlu
if "01 "=="%navluday%" goto runlu
if "02 "=="%navluday%" goto runlu
if "03 "=="%navluday%" goto runlu
if "04 "=="%navluday%" goto runlu
if "05 "=="%navluday%" goto runlu
if "06 "=="%navluday%" goto runlu
if "07 "=="%navluday%" goto runlu

:TESTD
for /f "skip=4 tokens=1,2,3,4,5,6,7,8 delims=/ "  %%i in ('dir "\%1d$PROGRAM FILESCOMMON FILESSYMANTEC SHAREDVIRUSDEFSdefinfo.dat" /t:w

/-c') do if "%%n"=="DEFINFO.DAT" set NAVLUMo=%%i && if "%%n"=="DEFINFO.DAT" Set NAVLUDay=%%j && if "%%n"=="DEFINFO.DAT" set navluyr=%%k
IF "NoNAV"=="%NAVLUYR%" GOTO Reportit
if not "2000"=="%navluyr%" goto runlud
if not "05 "=="%navlumo%" goto runlud
if "01 "=="%navluday%" goto runlud
if "02 "=="%navluday%" goto runlud
if "03 "=="%navluday%" goto runlud
if "04 "=="%navluday%" goto runlud
if "05 "=="%navluday%" goto runlud
if "06 "=="%navluday%" goto runlud
if "07 "=="%navluday%" goto runlud

goto reportit

:runLU

::
::
::

NETSVC schedule \%1 /start
soon \%1 600 cmd /c c:progra~1avntavlu32.exe /scheduled
set scheduleit=yes

goto reportit

:runLUD
NETSVC schedule \%1 /start
soon \%1 600 cmd /c d:progra~1avntavlu32.exe /scheduled
set scheduleit=yes


:reportit
:: Record results in a comma-delimited table
::
:: This process is simply triage. A PC that isn’t on the network when you run the file, a
:: non-NT PC, or a PC that your account doesn’t have access to will show up as NoNAV.
 ::
:: The Scheduleit variable will be Yes or No.  In this case, No is preferable and means that
:: you don’t need to update the target PC.

echo %1,%navluyr%,%navlumo%,%navluday%,%scheduleit% >> .BatchResultsNAVLUCHECK.TXT

After a sweep in this fashion, you might want to run a similar sweep that schedules a virus scan.