Windows

6 minute read

Docusnap offers three modules for inventorying Windows systems. The focus of this documentation is on the Windows-Discovery.exe. This module is always up-to-date and should be used preferably.

Discovery-Windows.exe (for current Windows systems)
DocusnapScript.exe (same as Discovery-Windows.exe, no further development, remains for existing implementations)
Discovery-Windows-Legacy.exe (for Windows 7 and older)

To ensure that the Windows inventory contains all recordable data, it is necessary to execute the Discovery-Windows.exe module with local administration rights.

Parameters:

C: Sets the name of the workstation.
D: Sets the name of the domain where the system to be scanned is located.
H: Opens the help screen.
L: Sets the debug level to be used during the inventory scan. The following debug levels are available:
- 1: Errors and function calls will be logged.
- 2: The entire program flow will be logged.
O: Sets the path where to generate the XML file. If the process creates a log file, it will be stored in this path.

Docusnap Windows Script Command Line

Examples:

If you run the Discovery-Windows.exe module on the system you want to inventory, no additional parameters are required. You can specify the location of the XML file using the -O parameter.

C:\Discovery-Windows.exe -O C:\DocusnapWindowsModul

If you intend to use the Discovery-Windows.exe module for an inventory scan of a remote system, you can specify the system to be scanned using the -C and -D parameters.

C:\Discovery-Windows.exe -C WKNE0006 -D intern.local -L 2 -O C:\DocusnapWindowsModul

This command will scan the WKNE006 workstation in the intern.local domain using debug level 2. The XML file will be stored in the C:\DocusnapScripts directory.

Software and File Search

With the help of the Software and File Search search, Docusnap offers an additional feature to inventory specific files on the file system of Linux, Mac and Windows systems, which cannot be captured via the Windows inventory. The files found are made available for evaluation in Docusnap in different ways depending on the categorization (file search Linux, Mac and Windows or software search Windows). The software and file search can also be used when executing the Discovery-Windows.exe module. To use the software and file search, an XML list must be manually created.

The XML file must have the following structure:

<?xml version="1.0" encoding="UTF-8" ?>
<Search>
<SearchItem><!--File Search-->	
	<Name>log4j</Name>
	<FileName>*log4j*</FileName>
	<FileSize>0</FileSize>
	<Category>1</Category>
	<IncludeExcludeList>
	<SearchPath>
	<IncludePath>c:\windows</IncludePath>
	<ExcludePath></ExcludePath>
	</SearchPath>
	<SearchPath>
	<IncludePath>c:\temp</IncludePath>
	<ExcludePath></ExcludePath>
	</SearchPath>
	</IncludeExcludeList>
	<OnlyFirstMatch>true</OnlyFirstMatch>
	<UseSystemDrive>false</UseSystemDrive>
</SearchItem>
<SearchItem><!--Software Search-->	
	<Name>Notepad</Name>
	<Version></Version>
	<Publisher></Publisher>
	<FileName>notepad.exe</FileName>
	<FileSize>0</FileSize>
	<ModifyDate></ModifyDate>
	<SearchPath>c:\temp</SearchPath>
	<Category>0</Category>
</SearchItem>
</Search>

Make sure to specify the filename correctly or use a wildcard character (?,*).

Only either excluding or including paths are possible for the search

The tags for Category define with 1 the file search, with 0 the software search

The tags OnlyFirstMatch define whether only the first found result should be displayed (true), with false all found results are recorded

The tags UseSystemDrive determine whether only the system partition should be searched (true) or all partitions on the system (false)

If a wrong file size is specified, the requested file will not be found!

If one of the optional areas is not specified, the notation () can be specified.

The search is downward compatible so existing versions are not affected. The previously used XML files for the software search can still be used.

<SoftwareItem>
<SoftwareName>My New Software 1</SoftwareName>
<SoftwarePublisher>Microsoft</SoftwarePublisher> <!-- optional-->
<SoftwareVersion>1.0 Beta</SoftwareVersion> <!-- optional-->
<FileName>notepad.exe</FileName>
<SearchPath>C:\Windows</SearchPath>
<FileSize>193536</FileSize> <!-- optional byte-->
<ModifyDate>01.01.2016</ModifyDate> <!-- optional-->
</SoftwareItem>

Make sure to specify the filename correctly or use a wildcard character (?,*).

<SoftwareItem>
<SoftwareName>My New Software 1</SoftwareName>
<SoftwarePublisher /> <!-- optional-->
<SoftwareVersion /> <!-- optional-->
<FileName>notepad.exe</FileName>
<SearchPath>C:\Windows</SearchPath>
<FileSize /> <!-- optional byte-->
<ModifyDate /> <!-- optional-->
</SoftwareItem>

If one of the optional parameters is not specified, use the notation shown in the example to the left (<SoftwarePublisher />).

If you specify a wrong file size, the desired software will not be scanned!

To use the software list in the Discovery-Windows.exe modul, use the following command:

DocusnapScript.exe -S <path><filename.xml>

C:\Discovery-Windows.exe -S C:\Docusnap\Softwarelist.xml

If a defined software product is found during the execution of the Discovery-Windows.exe modul, its data will be stored in the results DSI file. When you import the file into Docusnap, this data will be imported as well.

Additional Tools

Through the use of additional tools, further information about a Windows system can be captured during the inventory. The execution of the additional tool can also be started as part of the Discovery-Windows.exe modul. To execute the additional tool, an XML file with the required information must be created.

The XML file must have the following structure:

<ToolInfo>
 <Url>systeminfo.exe</Url>
 <Parameters> </Parameters>
 <ResultFile>systeminfo.txt</ResultFile>
 <OpenWith>notepad.exe</OpenWith>
 <Description>Systeminfo</Description>
 <ToolType>0</ToolType>
 <Timeout>10000</Timeout>
 <ExecuteRemote>false</ExecuteRemote>
</ToolInfo>

If PowerShell is defined as an additional tool, the special characters | and " must be escaped so that they can be used in the parameters. Quotation marks " must be escaped with \" and pipes | must be escaped with ^|. If the syntax -Command “&{}” is used, the special character | (pipe) does not have to be escaped.

- ipconfig ^| Select-String -Pattern \"IPv4 address\" (escape required)
- -Command "&{ipconfig | Select-String -Pattern \"IPv4 address\"}" (No escape of the pipe required)

To execute the additional tools in DocusnapScript, use the following command: Discovery-Windows.exe -Y <path><filename.xml>

C:\Discovery-Windows.exe -Y C:\Docusnap\ToolInfo.xml

Data collected during the execution of additional tools as part of the Discovery-Windows.exe modul, is stored in the result DSI file. By importing the file into Docusnap, this data will be imported as well.

Select Windows Components for Scan -Z

Since version 11 Docusnap provides the possibility to select the components to be inventoried in the Windows scan (software, updates, services etc.). This selection of components can also be done when using DocusnapScript.exe.

The call is made via the parameter -Z <number>\

C:\Discovery-Windows.exe -Z 65407

The necessary number can be determined in two ways:

1.Windows scan wizard

Switch to one of the Windows Scan Wizards (AD or IP). In step 3 you will find the Select Components button. Select the components to be inventoried and note the DS Script parameter.

Docusnap Script Windows Components

2.Manual enumeration

Start the Discovery-Windows.exe help specific to the scan components with: Discovery-Windows.exe -H scan.

Now you can specify the appropriate components by adding up the numbers behind them.

Docusnap Script Windows Command Line Parameter Z-Help

Anonymize filenames -ANO

The .XML files created by the Discovery-Windows.exe modul are named as follows.

Computer name
User or system that performed the execution of Discovery-Windows.exe.
Date and time of execution Example:

VPC-SDA_VPC-SDA_admin_20210323090358.xml

Running DocusnapScript.exe with the -ANO parameter will anonymize the filename.

Example:

383ee2d1-46ae-4cbc-b2f9-b4dc437bf911.xml

C:\Discovery-Windows.exe -ANO

By using the -ano parameter, Docusnap can no longer detect from the file name whether files from the same system already exist in the destination folder and move them to the archive folder. This means that there can be several files from one system in the folder, which will be imported afterwards. The order of the import is random. Thus, it is not guaranteed that the state of the most recent file is imported into Docusnap.