Determine OS Remotely

[tonybradley]

Is there a built-in command line function in Windows that will determine or return the OS of a remote IP?

In other words, if a field tech inputs a remote IP the result would let him know if the IP in question is running Windows 95, Windows 98, Windows 2000, etc.??

[Nokia]

Depends what program he is inputing the IP address into I suppose.

A P/S such as Nmap can more often that not determine an O/S if you select the right option.

Are you talking in the terms of a windows remote connection or just machines on a network or over the internet etc?

I know its not a command line function but it will still get you the result you require.

[skiddieleet]

I don't think Nmap is a built in command line function.
I've done a couple of searches and have come up with nothing, but I'll keep at it till someone gives you a definite answer. I for one don't think there is a built in command.

[Nokia]

I know that, but if you need to find out an O/S of a machine, its a good program to use.

[tonybradley]

I don't think Nmap is a built in command line function.

Right.

I know there are tools- various scanners such as GFI LanGuard or NMap- that will work to determine information such as this.

Rather than trying to teach everyone how to use those tools though I want to be able to just tell someone to go to a command prompt and type blah, blah, blah.

Originally I was hoping that NBTStat had a switch that would also return OS level, but alas I do not see any such thing.

If anyone knows of a native Windows command line program that will get this info it would be much appreciated.

Thanks

[homenet]

nmap is defently the easist way to find out what OS a computers running. It should have defention for all versions of windows and even if it dosn`t normally you can tell by looking through the data it gives.
nmap is a command line program the gui`s you see just run the command nmap and put whatever options you choose at the end.
I prefer using it on linux, i find it a lot quicker, all you have to type is nmap xxx.xxx.xxx.xxx -O
Then it`ll come back with what ports are open and most of the time the OS.
Hope that helps.


edit: sorry tonybradley i was typing while you posted that last one.

[skiddieleet]

I know it's not built in but Tedob1 showed me these tools: http://www.systernals.com/ntw2k/freeware/pstools.shtml

the psinfo tool looks interesting.

Usage
By default PsInfo shows information for the local system. Specify a remote computer name to obtain information from the remote system. Since PsInfo relies on remote Registry access to obtain its data, the remote system must be running the Remote Registry service and the account from which you run PsInfo must have access to the HKLM\System portion of the remote Registry.

In order to aid in automated Service Pack updates, PsInfo returns as a value the Service Pack number of system (e.g. 0 for no service pack, 1 for SP 1, etc).

usage: psinfo [-h] [-s] [-d] [-c [-t delimiter]] [\\computer [-u username [-p password]]]
-h Show list of installed hotfixes.
-s Show list of installed applications.
-d Show disk volume information.
-c Print in CSV format.
-t The default delimiter for the -s option is a comma, but can be overriden with the specified character.
-u Specifies optional user name for login to remote computer.
-p Specifies password for user name.
\\computer Instead of showing process information for the local system, PsInfo will show information for the NT/Win2K/XP system specified.


Example Output
c:> psinfo \\development -h -d

PsInfo v1.33 - local and remote system information viewer
Copyright (C) 2001-2002 Mark Russinovich
Sysinternals - www.sysinternals.com

System information for \\DEVELOPMENT:
Uptime: 28 days, 0 hours, 15 minutes, 12 seconds
Kernel version: Microsoft Windows XP, Multiprocessor Free
Product type: Professional
Product version: 5.1
Service pack: 0
Kernel build number: 2600
Registered organization: Sysinternals
Registered owner: Mark Russinovich
Install date: 1/2/2002, 5:29:21 PM
Activation status: Activated
IE version: 6.0000
System root: C:\WINDOWS
Processors: 2
Processor speed: 1.0 GHz
Processor type: Intel Pentium III
Physical memory: 1024 MB
Volume Type Format Label Size Free Free
A: Removable 0%
C: Fixed NTFS WINXP 7.8 GB 1.3 GB 16%
D: Fixed NTFS DEV 10.7 GB 809.7 MB 7%
E: Fixed NTFS SRC 4.5 GB 1.8 GB 41%
F: Fixed NTFS MSDN 2.4 GB 587.5 MB 24%
G: Fixed NTFS GAMES 8.0 GB 1.0 GB 13%
H: CD-ROM CDFS JEDIOUTCAST 633.6 MB 0%
I: CD-ROM 0%
Q: Remote 0%
T: Fixed NTFS Test 502.0 MB 496.7 MB 99%OS Hot Fix Installed
Q147222 1/2/2002
Q309521 1/4/2002
Q311889 1/4/2002
Q313484 1/4/2002
Q314147 3/6/2002
Q314862 3/13/2002
Q315000 1/8/2002
Q315403 3/13/2002
Q317277 3/20/2002

I know it's not what you were looking for, but the tools are pretty neat and most are quite small like ~ 20 Kb. Why don't you just give them this link next time they ask?

[mohaughn]

It opens up a gui screen, but you can run winmsd \\IP at the command line and it will show the system information for the remote system. Assuming you have proper permissions.

If you check the switches with winmsd /? there are options to redirect the output to a file. If you are looking to batch this all together this might be the best option.

[Nokia]

Can you open up the sys info on another machine this way?

I have always found that no matter what ip you put after winmsd your own sys info is always displayed instead?

[j3r]

Not sure if it's on Windows by default, but

Code:

% nslookup
set type=hinfo 
<ipaddr>

will tell you about a machine's CPU/OS iff the domain admin has typed it in. This is info from the dns server, though, so it's not there 99.9% of the time, and even if it is there's no reason to expect that it's accurate.