Re: Using HFNETCHK from MS

Just sitting around, nuttin' to do, so I put this script together...NOT!! Spent the last 2 months tweaking this thing until it works.

Put HFNETCHK.EXE (get the newer one, free, from www.shavlik.com. The one at MS is old) and MSSECURE.XML in one location. Be sure you have appropriate rights to the folder you put them in (stating the obvious, sorry).

The script prompts for alternate credentials in case you're scanning remote machines.

The tool command line I use is:
wscript.exe "\\server\share\NT and 2K-XP Pro Tools, Upgrades & Patches\Hyena\Complete Scripts\Scan Machine for HotFixes.vbs" //I //NoLogo %E%

I hope to expand on this, so that the links on the page support remote installation of the required patch.

Comments are more than welcomed!

Hope this helps someone!

Joel


'================================================= =========================
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalSCRIPT(TM)
'
' NAME: Scan Machine for HotFixes.vbs
'
' AUTHOR: Joel Thoreson
' DATE : 12/05/2002
'
' COMMENT: Scans a remote machine (local if no machine name is given)
' for HotFixes using MSSECURE.XML and HFNETCHK.EXE from a specific
' location.
'
'Thanks be to Jeffery Hicks, for the original
'HFInfo.vbs
'v2.3 August 2001
'Jeffery Hicks
'[email protected] http://www.quilogy.com
'
'================================================= =========================
Option Explicit

Dim WshShell, WshNetwork, strTargetComp, blnAltCredentials, strUserName, strPassword, strAltCredentials
Dim strWorkPath, strLogFile, strHTMOut, strHFPath, strXMLFile, strHFProg
Dim fso, f, f2, aline, strInfo, msdata, msfaq, QLink, IE
Const ForReading=1
Const ForWriting=2

set WshShell=CreateObject("Wscript.Shell")
set WshNetwork=CreateObject("Wscript.Network")

'Use local computer if no computer is specified
if WScript.Arguments.Count <1 Then
strTargetComp = WshNetwork.ComputerName
Else
strTargetComp = UCASE(Trim(WScript.Arguments(0)))
end If

' check to see if alternate credentials are required
blnAltCredentials = MsgBox("Are alternate credentials required to obtain administrative rights on the target system?", vbYesNo + vbQuestion, "Do you have Admin Rights??")
strAltCredentials = "" ' set to blank, just in Case

' ask for credentials, quit if any are blank (for security reasons)
If blnAltCredentials = vbYes Then
strUserName = InputBox ("Enter the username to gain administrative rights to the target system." & vbCrLf & vbCrLf &_
"The format should be DOMAIN\USERNAME.", "Username", WshNetwork.ComputerName & "" & WshNetwork.UserName)
strPassword = InputBox ("Enter the password to gain administrative rights to the target system.", "Username", "PASSWORD")
If strUserName = "" Or strPassword = "" Then
WshShell.Popup "Either the username or password were blank. This is unacceptable security, and this script cannot continue.", 5, "Invalid credentials"
WScript.Quit
End If
strAltCredentials = " -u " & strUserName & " -p " & strPassword ' set the string
End If

' inform user that the scan is about to begin
WshShell.Popup "Ready to check for hot fixes and patches on " & strTargetComp & "." & vbCrLf & vbCrLf &_
"Remember, administrative rights are required to run this scan." & vbCrLf &_
"You will get another message letting you known when the task is finished.", 5, "Ready to scan machine"

set fso=CreateObject("Scripting.FileSystemObject")

'Create temporary logfile which will be converted to html
strWorkPath = "\\server\share\hfnetchk\Results"
strLogFile = strWorkPath & "\~" & strTargetComp & "$.txt"
strHTMOut = strWorkPath & "" & strTargetComp & "-hfsum.htm"

'Verify the xml file already exists in the path
'If it does, run hfnetchk without downloading a new version
'If not, run it, while getting the the XML file from Microsoft
' (the -ms switch can be taken out, and the XML file will be downloaded from Shavlik.com)

strHFPath = "\\server\share\hfnetchk" ' path to HFNETCHK.EXE & MSSECURE.XML
strXMLFile = strHFPath & "\mssecure.xml" ' (I use another script, ran daily, to download/extract/place the MSSECURE.XML file here)
strHFProg = strHFPath & "\hfnetchk.exe"

If Not fso.FileExists(strHFProg) Then ' if HFNETCHK.EXE ain't around, might as well quit
WshShell.Popup "HFNETCHK.EXE was not found.", 5, "ERROR: Exiting Script"
WScript.Quit
End If

If fso.FileExists(strXMLFile) Then ' if the XML file exists, use it
WshShell.Run "cmd /c " & strHFProg & " -h " & strTargetComp & " -f " & strLogFile & " -x " & strXMLFile & strAltCredentials,0,True
Else ' if not, download it from Microsoft
WshShell.Run "cmd /c " & strHFProg & " -h " & strTargetComp & " -f " & strLogFile & " -ms" & strAltCredentials,0,True
end If

set f=fso.OpenTextFile(strLogFile,ForReading) ' open the log file for reading
set f2=fso.CreateTextFile(strHTMOut,ForWriting) ' create the HTM file

f2.WriteLine "<HTML>"
f2.WriteLine "<Title>" & strTargetComp & " - HotFix Bulletin Summary</Title>"
f2.WriteLine "<Body><Font Size=+2>" & strTargetComp & " Important Security Bulletins</Font><HR>"

'skip hotfix header
f.SkipLine
f.SkipLine
f.SkipLine

do while f.AtEndOfStream<>True

aline=Trim(f.Readline)

if InStr(aline,"MS")=False Then
f2.Writeline "" & aline & ""
f2.WriteLine "<Table Border=0 CellPadding=5>"
else
strInfo=Left(aline,LEN(aline)-17) ' the is the WARNING or NOTE
msdata=Split(Right(aline,17),CHR(9)) ' this splits the MS bulletin and Q article
'QArticle is msdata(1)
'MS Bulletin is msdata(0)
QLink = Right(msdata(1),6) 'drop the Q for the hyperlink
f2.WriteLine "<TD>" & strInfo & "</TD><TD><a href=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/" & _
msdata(0) & ".asp>" & msdata(0) & "</TD><TD></a><a href=http://support.microsoft.com/default.aspx?scid=kb;[LN];" & QLink & ">" & msdata(1) & "</a></TD></TR>"
end if
Loop

f2.WriteLine "</TABLE>"
f2.WriteLine "<HR>"
f2.WriteLine"<Font Size=2>Please review each article and/or bulletin to ensure your system needs the update.
"
f2.WriteLine "There are cases where, after review, the system does NOT need any updates.

"
f2.WriteLine "Use this merely as a tool to assess and correct system vulnerability. However, updates should not be installed indiscriminately.
"
f2.WriteLine "Please contact your TASO if you have any questions or concerns.
"
f2.WriteLine "Page created " & NOW & "</Font>"
f2.WriteLine "</BODY></HTML>"

f.Close
f2.Close

'delete temporary output file
fso.DeleteFile(strLogFile)

' tell the user we're done
WshShell.Popup "HotFix Summary for " & strTargetComp & " has been written. Click OK to view the results." & vbCrLf & vbCrLf &_
"If you get unexpected results, or no results what-so-ever, contact your TASO, and" & vbCrLf &_
"ensure that all prompts were answered correctly to allow this program to run.", 10, "HFNETCHK Scan Complete"

'Attempt to open a web browser and launch the results
Set IE = CreateObject("InternetExplorer.Application")
IE.fullscreen = False
IE.navigate LCASE(strHTMOut)
IE.visible=1
WScript.Sleep 500 ' needed to give the browser window the focus.

'close
WScript.quit