Finding USB thumb drives on remote (LAN) comupters

[Souka]

Hello,

I'm trying to figure out how to find USB thumbdrives on machines within my corporate network.

My comptuer: WinXP or Win7 x64 Enterprise
Remote computers: Win7 Embeded on network, but not joined to domain

I already have report tools in SCCM to handle the XP/Win7 systems that are on the domain. But the Win7 embeded systems are a problem for me as they do not have SCCM or are joined to the domain.

I have about 750 of these non-domain, networked systems to scan.
All these devices hostnames start with the same 2-letters so I can querry them fine.
All these devices use the same local admin userID/password, and I know it.

Any suggestions?

Thanks in advance!

--Souka

 

[compcons]

Why are you loking for thumb drives if you don't mind me asking?

 

[Souka]

Two reasons.

1. They're not allowed.

2. Because of the nature of these computers (Wyse ThinClients), we brought in a small crew of contractors to re-image these.... and in the process they lost quite a few thumb drives. We've occasionally come across one in the pack of one of these comptuers and I'm curios how many others are out there.

I have full authority to perform any query I wish, and since I'm not making any software/hardware changes across the board I don't have to go through change management.

I'd like help with somehow writing script that:
a. references a device list txt file.
b. runs a check for a USB Storage device, or a drive D: would also work.
c. exports a list of devices that are true

 

[velis]

wmic logicaldisk get description,name

That said, this is SO NOT highly technical.

 

[Souka]

wmic logicaldisk get description,name
That said, this is SO NOT highly technical.

Thank you for your response.

So taking your WMIC query, how would I gather that information from a list of about 750 devices?

And as I've said, each device is not a member of the domain, so unique userID will also be needed to query the wmi info. eg, COMPUTER1\administrator + password COMPUTER2\administrator + password

 

[Squeetard]

First, I hope you have blocked their use in the domain using group policy.
Then, all you have to do is block local resource drives and the clipboard in RDP using group policy.
Now they are useless.

 

[Souka]

First, I hope you have blocked their use in the domain using group policy.
Then, all you have to do is block local resource drives and the clipboard in RDP using group policy.
Now they are useless.

They are not on the domain. I am trying to find devices with USB drives, blocking them will not do that. Many of these computers are actually in locked cabinets/carts...but I've found that our techs have left USB thumbdrives in them when re-imaging via USB.

We do have a mangement server, and I can push images I've built moving forward, but I'm tyring to locate these USB drives.

 

[velis]

Thank you for your response.

So taking your WMIC query, how would I gather that information from a list of about 750 devices?

And as I've said, each device is not a member of the domain, so unique userID will also be needed to query the wmi info. eg, COMPUTER1\administrator + password COMPUTER2\administrator + password

This stackoverflow question seems to hold the answer to that: http://stackoverflow.com/questions/9332090/powershell-remotely-run-windows-commands

 

[debian0001]

Look into PowerShell and Foreach loops on texts files with hostnames listed.

 

[Souka]

Thank you Velis and debian0001, I'll take a look.

I'm pretty sad in my programing skills... hopefully I can make it work.

I have list of hostnames I need to scan, I know the local admin/password info (same for all), hopefully I can get this to work!

 

[sm625]

devcon status *USBSTOR*

When I run that from a command line on my machine I get:

USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\5B840A001CBB&0
    Name: Kingston DataTraveler 2.0 USB Device
    Driver is running.
1 matching device(s) found.

 

[alkemyst]

Look into PowerShell and Foreach loops on texts files with hostnames listed.

This would be my solution, exclude the drive letters assigned already and do a For Each with the range of hostnames.

For a this size network, shouldn't take long to get the report.

The easier method would be just to block them with a policy.

These USB drives are probably worth less than the time to hunt them down.

 

[Souka]

Thank you all.

I'll poke around with your suggests when I get some time.