Click here to Skip to main content
13,095,218 members (74,405 online)
Click here to Skip to main content
Add your own
alternative version


7 bookmarked
Posted 11 Aug 2009

Fast WMI Network Probing

, 13 Aug 2009
Rate this:
Please Sign up or sign in to vote.
Scans network PCs and remotely start notepad.exe, plus an interactive command shell via PSEXEC.


This article will explain how to scan your network for open shares and start remote processes using WMI - Windows Management Instrumentation. The script will attempt to create remote processes: notepad.exe and an interactive command shell on ComputerName using PSEXEC.


I've been looking for code to scan a network for open shares such as C$\Admin$ etc.,... and didn't have much luck. So, I decided to write this simple VBScript code to probe a PC to see if execute/write permissions are available.

Using the code

Create a file called wmi.vbs:

Wscript.Echo strComputer
Set filesys = CreateObject("Scripting.FileSystemObject")
Set objSWbemServices = GetObject ("WinMgmts:Root\Cimv2")
Set colProcess = objSWbemServices.ExecQuery ("Select * From Win32_Process")
For Each objProcess In colProcess
  If InStr (objProcess.CommandLine, WScript.ScriptName) <> 0 Then
  End If
On Error Resume Next
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd /c ping -n " & sleep & ">nul & _
             taskkill /PID " & pid & " /F" ,0,false
Set objWMIService = GetObject("winmgmts:" & _
                    "{impersonationLevel=impersonate}!\\" & _
                    strComputer & "\root\cimv2")
if  Err.Number <> 0  then
    Wscript.Echo Err.Description
    Wscript.Echo "ok"
    Set objWMIService = GetObject("winmgmts:\\" & _
                        strComputer & "\root\cimv2:Win32_Process")
    objWMIService.Create "notepad.exe", null, null, intProcessID
    WshShell.Run "psexec \\" & strComputer &" cmd"
End If
WshShell.Run "taskkill /IM ping.exe /T",0,true

Then, launch it by passing your computer name:

cscript.exe wmi.vbs ComputerName

Points of interest

One problem with using WMI is that it "hangs" from seconds to minutes on a GetObject - which is detrimentally slow if there are 1000s of PCs to scan.

To overcome the WMI hang, the script will sneakily terminate itself via a TASKKILL after a number of specified seconds (sleep=3) have elapsed. The end result is that scans are fast, and doesn't create threads or involve writing complex code. But most importantly, the "hangs" have been greatly reduced!

To test the script, open a command prompt and type:

net view /domain

This will return a list of domains on the network. To get a list of PCs for a specific domain, type:

net view /domain:yourdomain

At this point, save the output results and create a batch file called wmi.bat:

cscript.exe C:\wmi.vbs COMPUTER1
cscript.exe C:\wmi.vbs COMPUTER2
cscript.exe C:\wmi.vbs COMPUTER3
cscript.exe C:\wmi.vbs COMPUTERN


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

United States United States
No Biography provided

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170813.1 | Last Updated 13 Aug 2009
Article Copyright 2009 by cyber_flash
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid