No announcement yet.

Using HFNETCHK from MS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Using HFNETCHK from MS

    I got bored today an through these together real quick...

    This one will query the highlighted hostname and leave the command window open:

    cmd.exe /x /c c:\progra~1\hfnetchk\hfnetchk -h %E% -s 1 & pause

    This one will dump it to a file and then display the text file afterwards:

    cmd.exe /x /c c:\progra~1\hfnetchk\hfnetchk -h %E% -s 1 > c:\temp\hfout.txt & notepad c:\temp\hfout.txt

  • #2
    Re: Using HFNETCHK from MS

    Just sitting around, nuttin' to do, so I put this script together...NOT!! Spent the last 2 months tweaking this thing until it works.

    Put HFNETCHK.EXE (get the newer one, free, from The one at MS is old) and MSSECURE.XML in one location. Be sure you have appropriate rights to the folder you put them in (stating the obvious, sorry).

    The script prompts for alternate credentials in case you're scanning remote machines.

    The tool command line I use is:
    wscript.exe "\\server\share\NT and 2K-XP Pro Tools, Upgrades & Patches\Hyena\Complete Scripts\Scan Machine for HotFixes.vbs" //I //NoLogo %E%

    I hope to expand on this, so that the links on the page support remote installation of the required patch.

    Comments are more than welcomed!

    Hope this helps someone!


    '================================================= =========================
    ' VBScript Source File -- Created with SAPIEN Technologies PrimalSCRIPT(TM)
    ' NAME: Scan Machine for HotFixes.vbs
    ' AUTHOR: Joel Thoreson
    ' DATE : 12/05/2002
    ' COMMENT: Scans a remote machine (local if no machine name is given)
    ' for HotFixes using MSSECURE.XML and HFNETCHK.EXE from a specific
    ' location.
    'Thanks be to Jeffery Hicks, for the original
    'v2.3 August 2001
    'Jeffery Hicks
    '[email protected]
    '================================================= =========================
    Option Explicit

    Dim WshShell, WshNetwork, strTargetComp, blnAltCredentials, strUserName, strPassword, strAltCredentials
    Dim strWorkPath, strLogFile, strHTMOut, strHFPath, strXMLFile, strHFProg
    Dim fso, f, f2, aline, strInfo, msdata, msfaq, QLink, IE
    Const ForReading=1
    Const ForWriting=2

    set WshShell=CreateObject("Wscript.Shell")
    set WshNetwork=CreateObject("Wscript.Network")

    'Use local computer if no computer is specified
    if WScript.Arguments.Count <1 Then
    strTargetComp = WshNetwork.ComputerName
    strTargetComp = UCASE(Trim(WScript.Arguments(0)))
    end If

    ' check to see if alternate credentials are required
    blnAltCredentials = MsgBox("Are alternate credentials required to obtain administrative rights on the target system?", vbYesNo + vbQuestion, "Do you have Admin Rights??")
    strAltCredentials = "" ' set to blank, just in Case

    ' ask for credentials, quit if any are blank (for security reasons)
    If blnAltCredentials = vbYes Then
    strUserName = InputBox ("Enter the username to gain administrative rights to the target system." & vbCrLf & vbCrLf &_
    "The format should be DOMAIN\USERNAME.", "Username", WshNetwork.ComputerName & "" & WshNetwork.UserName)
    strPassword = InputBox ("Enter the password to gain administrative rights to the target system.", "Username", "PASSWORD")
    If strUserName = "" Or strPassword = "" Then
    WshShell.Popup "Either the username or password were blank. This is unacceptable security, and this script cannot continue.", 5, "Invalid credentials"
    End If
    strAltCredentials = " -u " & strUserName & " -p " & strPassword ' set the string
    End If

    ' inform user that the scan is about to begin
    WshShell.Popup "Ready to check for hot fixes and patches on " & strTargetComp & "." & vbCrLf & vbCrLf &_
    "Remember, administrative rights are required to run this scan." & vbCrLf &_
    "You will get another message letting you known when the task is finished.", 5, "Ready to scan machine"

    set fso=CreateObject("Scripting.FileSystemObject")

    'Create temporary logfile which will be converted to html
    strWorkPath = "\\server\share\hfnetchk\Results"
    strLogFile = strWorkPath & "\~" & strTargetComp & "$.txt"
    strHTMOut = strWorkPath & "" & strTargetComp & "-hfsum.htm"

    'Verify the xml file already exists in the path
    'If it does, run hfnetchk without downloading a new version
    'If not, run it, while getting the the XML file from Microsoft
    ' (the -ms switch can be taken out, and the XML file will be downloaded from

    strHFPath = "\\server\share\hfnetchk" ' path to HFNETCHK.EXE & MSSECURE.XML
    strXMLFile = strHFPath & "\mssecure.xml" ' (I use another script, ran daily, to download/extract/place the MSSECURE.XML file here)
    strHFProg = strHFPath & "\hfnetchk.exe"

    If Not fso.FileExists(strHFProg) Then ' if HFNETCHK.EXE ain't around, might as well quit
    WshShell.Popup "HFNETCHK.EXE was not found.", 5, "ERROR: Exiting Script"
    End If

    If fso.FileExists(strXMLFile) Then ' if the XML file exists, use it
    WshShell.Run "cmd /c " & strHFProg & " -h " & strTargetComp & " -f " & strLogFile & " -x " & strXMLFile & strAltCredentials,0,True
    Else ' if not, download it from Microsoft
    WshShell.Run "cmd /c " & strHFProg & " -h " & strTargetComp & " -f " & strLogFile & " -ms" & strAltCredentials,0,True
    end If

    set f=fso.OpenTextFile(strLogFile,ForReading) ' open the log file for reading
    set f2=fso.CreateTextFile(strHTMOut,ForWriting) ' create the HTM file

    f2.WriteLine "<HTML>"
    f2.WriteLine "<Title>" & strTargetComp & " - HotFix Bulletin Summary</Title>"
    f2.WriteLine "<Body><Font Size=+2>" & strTargetComp & " Important Security Bulletins</Font><HR>"

    'skip hotfix header

    do while f.AtEndOfStream<>True


    if InStr(aline,"MS")=False Then
    f2.Writeline "" & aline & ""
    f2.WriteLine "<Table Border=0 CellPadding=5>"
    strInfo=Left(aline,LEN(aline)-17) ' the is the WARNING or NOTE
    msdata=Split(Right(aline,17),CHR(9)) ' this splits the MS bulletin and Q article
    'QArticle is msdata(1)
    'MS Bulletin is msdata(0)
    QLink = Right(msdata(1),6) 'drop the Q for the hyperlink
    f2.WriteLine "<TD>" & strInfo & "</TD><TD><a href=" & _
    msdata(0) & ".asp>" & msdata(0) & "</TD><TD></a><a href=;[LN];" & QLink & ">" & msdata(1) & "</a></TD></TR>"
    end if

    f2.WriteLine "</TABLE>"
    f2.WriteLine "<HR>"
    f2.WriteLine"<Font Size=2>Please review each article and/or bulletin to ensure your system needs the update.
    f2.WriteLine "There are cases where, after review, the system does NOT need any updates.

    f2.WriteLine "Use this merely as a tool to assess and correct system vulnerability. However, updates should not be installed indiscriminately.
    f2.WriteLine "Please contact your TASO if you have any questions or concerns.
    f2.WriteLine "Page created " & NOW & "
    f2.WriteLine "</BODY></HTML>"


    'delete temporary output file

    ' tell the user we're done
    WshShell.Popup "HotFix Summary for " & strTargetComp & " has been written. Click OK to view the results." & vbCrLf & vbCrLf &_
    "If you get unexpected results, or no results what-so-ever, contact your TASO, and" & vbCrLf &_
    "ensure that all prompts were answered correctly to allow this program to run.", 10, "HFNETCHK Scan Complete"

    'Attempt to open a web browser and launch the results
    Set IE = CreateObject("InternetExplorer.Application")
    IE.fullscreen = False
    IE.navigate LCASE(strHTMOut)
    WScript.Sleep 500 ' needed to give the browser window the focus.