How do I check file dates on remote machines in my domain?
May 23, 2000
[Editor’s Note: Some or all of the following FAQ text was submitted by a reader, Steven Yarnot.]
A. The following batch file uses the for command to pipe a remote file’s day, month, and year into variables that you can use to determine whether the file needs maintenance or other attention. After the VBS/LoveLetter.A virus outbreak in May 2000, organizations needed a technique to quickly verify that their virus scanner software had the latest virus definitions. The following batch file uses the for command against a list of all the nodes in a domain. This batch file tests the Norton AntiVirus file definfo.dat’s age. The file definfo.dat updates during every live update. If the file is older than 05/08/2000, which is the definition date for the Lovebug virus and its first five variants, you’d need to instruct the target machine to run the live update.
At the command prompt, enter
Netdom /domain:DomainName member > Nodelist.txt
For /f "skip=7 tokens=1,2,3,4,5,6 delims= " %i in (Nodelist.txt) do NAVLUCheck.CMD %l
where NAVLUCheck.CMD contains the following.
::NAVLUCheck.CMD By Steven Yarnot ::script for checking Norton AntiVirus' Live Update on remote network machines ::and reporting the results to a comma-delimited text file ::05/10/2000 :: ::arguments are as follows: :: :: NAVLUCheck RemoteTargetNodeName :: :: Assumes your account has administrative access on the remote machine, :: NAV is installed under the Program Files directory on the C or D drive, :: and that the following Microsoft Windows NT Resource Kit tools are in your path: :: :: netsvc.exe, soon.exe :: :: If a live update hasn’t run since 05/08/2000, uses the Schedule Service :: to schedule a live update to run 10 minutes from runtime :: (to account for clock differences) :: Initialize variables SET NAVLUYR=NoNAV SET NAVLUMO=NoNAV SET NAVLUDAY=NoNAV set scheduleit=no :: Test the C drive :: :: Theory of operation: The output from the nested dir command on the remote machine :: passes to the for command, which then parses the output on spaces and the :: frontslash character. If the argument passed to %n is equal to the target file (in this :: case definfo.dat), the other arguments %i, %j, and %k are set on the month, day, and :: year variables :: for /f "skip=4 tokens=1,2,3,4,5,6,7,8 delims=/ " %%i in ('dir "\%1C$PROGRAM FILESCOMMON FILESSYMANTEC SHAREDVIRUSDEFSdefinfo.dat" /t:w /-c') do if "%%n"=="DEFINFO.DAT" set NAVLUMo=%%i && if "%%n"=="DEFINFO.DAT" Set NAVLUDay=%%j && if "%%n"=="DEFINFO.DAT" set navluyr=%%k :: If not on the C drive, go test the D drive IF "NoNAV"=="%NAVLUYR%" GOTO TESTD :: :: If running this file from a Windows NT 4.0 rather than Windows 2000 machine, change the 2000 to 00 :: if not "2000"=="%navluyr%" goto runlu if not "05 "=="%navlumo%" goto runlu if "01 "=="%navluday%" goto runlu if "02 "=="%navluday%" goto runlu if "03 "=="%navluday%" goto runlu if "04 "=="%navluday%" goto runlu if "05 "=="%navluday%" goto runlu if "06 "=="%navluday%" goto runlu if "07 "=="%navluday%" goto runlu :TESTD for /f "skip=4 tokens=1,2,3,4,5,6,7,8 delims=/ " %%i in ('dir "\%1d$PROGRAM FILESCOMMON FILESSYMANTEC SHAREDVIRUSDEFSdefinfo.dat" /t:w /-c') do if "%%n"=="DEFINFO.DAT" set NAVLUMo=%%i && if "%%n"=="DEFINFO.DAT" Set NAVLUDay=%%j && if "%%n"=="DEFINFO.DAT" set navluyr=%%k IF "NoNAV"=="%NAVLUYR%" GOTO Reportit if not "2000"=="%navluyr%" goto runlud if not "05 "=="%navlumo%" goto runlud if "01 "=="%navluday%" goto runlud if "02 "=="%navluday%" goto runlud if "03 "=="%navluday%" goto runlud if "04 "=="%navluday%" goto runlud if "05 "=="%navluday%" goto runlud if "06 "=="%navluday%" goto runlud if "07 "=="%navluday%" goto runlud goto reportit :runLU :: :: :: NETSVC schedule \%1 /start soon \%1 600 cmd /c c:progra~1avntavlu32.exe /scheduled set scheduleit=yes goto reportit :runLUD NETSVC schedule \%1 /start soon \%1 600 cmd /c d:progra~1avntavlu32.exe /scheduled set scheduleit=yes :reportit :: Record results in a comma-delimited table :: :: This process is simply triage. A PC that isn’t on the network when you run the file, a :: non-NT PC, or a PC that your account doesn’t have access to will show up as NoNAV. :: :: The Scheduleit variable will be Yes or No. In this case, No is preferable and means that :: you don’t need to update the target PC. echo %1,%navluyr%,%navlumo%,%navluday%,%scheduleit% >> .BatchResultsNAVLUCHECK.TXT
After a sweep in this fashion, you might want to run a similar sweep that schedules a virus scan.
About the Author
You May Also Like