Scan PC's in a network

npoe1

Senior member
Jul 28, 2005
592
0
76
I know that this may be not the place for this post, but I?m not sure of where post it.

Ok, I?m working in a big company and we have like 1300 PCs in the facility that I work because some rules we do not allow users to have videos, music, even photos. But as you can guess there are always some of them that get around the measures that we take to prevent that, do you know of a program that scan a PC and report information about what kind of files do the user have?
 

npoe1

Senior member
Jul 28, 2005
592
0
76
every image, every video, every mp3 are not work related, once upon a time the user were allowed to have everything and even access the internet, but they did misuse of that and now we restrict even the right click, sad but true.
 

keeleysam

Diamond Member
Feb 8, 2005
8,131
0
0
What the hell do they need a computer for then?

It's like giving them a car with no keys.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
If they are Restricted Users, and the systems are XP, then a Software Restriction Policy would help you. Add the forbidden filetypes to the list of filetypes governed by the SRP. Even if they manage to copy some MP3s and a portable MP3 playback program to their profile directory, for example, they couldn't run them. Ditto for on a thumb drive. The only places from which execution would be allowed are the Program Files directory and the Windows directory, and a Restricted User can't put new files in those places.

As for scanning... if you happen to use VirusScan Enterprise 8.0i there, you could set up a rule to arbitrarily forbid execution of all the affected filetypes, and then watch your logs. If you want, you can set the rule to warning-only mode first, then enforcement mode later.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
most asset managment programs can find/report/remove files like that. SMS MAY be able to (if you are an SMS house).

You could also just go the ol'e fashioned way, mount the c$ share and parse files. Linux could ignore extensions and tell you if they have any of the improper files.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Originally posted by: keeleysam
What the hell do they need a computer for then?

It's like giving them a car with no keys.

eh....you don't need music, video's, pictures, or internet to make a computer usefull at work. What they can do then is their job, without "distractions. As was posted, they already tried the other way, and the systems were abused.
 

Brazen

Diamond Member
Jul 14, 2000
4,259
0
0
What are your current measures and how are they getting aroung them? If you have a Samba file server, for instance, you could tell the file server to block all files that end with ".mp3" which would stop a lot of people, but a resourceful user might figure out that you could rename the file to any extension, such as ".xyz" and tell their player to be the default app for .xyz files.

I think in linux it is also possible to do some sort of binary matching to see that a file is an mp3 regardless of what the extension is, but I really have no idea how to put that in a script.
 

npoe1

Senior member
Jul 28, 2005
592
0
76
We are using Windows XP Pro and also use policies in desktops computers and the Active Directory accounts, I don?t know how they get around that, but as far as I know I have been told so and my boss asked me to go further in restrictions, just to be sure.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
using the "file" command in linux should allow you to determine type, regardless of extension.
 

Brazen

Diamond Member
Jul 14, 2000
4,259
0
0
Originally posted by: nweaver
using the "file" command in linux should allow you to determine type, regardless of extension.

Thanks mweaver. Man you're like the human wikipedia of linux commands. This doesn't help npoe, apparently, but I'm going to keep this in mind. If we ever decide to crack down on storing mp3's, this would be usefull. (I tested 'file' on our Samba file server, and it did indeed return the file type for an mp3 as an mp3, and a pdf as a pdf)

To npoe: you might be able to use the linux 'file' command on Windows by installing Cygwin. You could then create a script that ran every day or so, that finds file of those types and delete them (or moved them to another location to be reviewed).

Edit: apparently, there is a port of 'file' to Windows.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
(I tested 'file' on our Samba file server, and it did indeed return the file type for an mp3 as an mp3, and a pdf as a pdf)

It works better on some files than others, it uses 'magic' bytes to determine what each file is and since some types share magic it can't be 100% accurate all of the time. Run it on a few Office docs and an .MSI file for instance.
 

JasonCoder

Golden Member
Feb 23, 2005
1,893
1
81
Originally posted by: npoe1
every image, every video, every mp3 are not work related, once upon a time the user were allowed to have everything and even access the internet, but they did misuse of that and now we restrict even the right click, sad but true.

Right, every one of them isn't work related. But how can you tell which ones are and aren't? Ergo how can you tell the user has unauthorized content? I could author a script to crawl any box in the AD tree but unless you hand inspect how do you know?

Let's say they have help documentation installed... that could conceivably leave .jpg, .gif, .bmp, .png, .wav, .wmv, .wma files on the drive. How the heck do you know unless you spend untold man hours personally sniffing each user's box? Methinks .mp3 would be a giveaway but I even then...