Anyone using BGINFO?

[Xander]

I'm thinking about incorporating BGINFO from Systernals into my remote repairs so that the first thing I see is a snapshot of useful info.

Snapshot Time:    <Snapshot Time>

IP Address:    <IP Address>
Subnet Mask:    <Subnet Mask>
Proxy:    [COLOR=Red]<Proxy>[/COLOR]
Default Gateway:    <Default Gateway>
DHCP Server:    <DHCP Server>
DNS Server:    <DNS Server>
IE Version:    <IE Version>

Shell:    <Shell>
EXE:    <EXE>

Memory:    <Memory>
OS Version:    <OS Version>, SP <Service Pack>
Service Pack:    <Service Pack>
User Name:    <User Name>
Volumes:    <Volumes>


[B]Proxy[/B] {custom}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
[B]Shell[/B] {custom}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
[B]Exe [/B]{custom}
HKEY_CLASSES_ROOT\exefile\shell\open\command\

I'm thinking mostly for when I'm doing malware removal but the second half could be useful for quick-spotting when you're on a non-updated system.

What else could be useful here?


Edit: I'm also thinking about using a wrapper for it so that it backs up the existing Wallpaper settings for the user, runs the script and then, later, can restore the wallpaper.

 

[NeutronTech]

Why do you need to backup the wallpaper? Does the program remove it or something?

 

[Xander]

Yup. It replaces the existing wallpaper outright (just tested it on my VM to confirm). By default, it just writes on top of it but I'd rather save that setting, get a plain white-on-black output, and put things back later.

But wouldn't you like to start disinfecting a system with this (and more...?) info?

The only question is: What at-a-glance info can be added?

 

[Martyn]

We used to use it on all our showroom pcs specifically to gives the sales men the name and ip address when they were reporting a problem. Nice little program.

 

[Methical]

Would it be possible to incorporate this here :

http://www.robvanderwoude.com/files/secstat_xp.txt

It shows what A/V product is being used, and when Windows Update was last run.

 

[lyonrt]

BG Info Output

I cant remember the switches off the top of my head but you can have bginfo output to a png or a txt file as well. Just have it spit out either to the C:\ and you should be able to open it and take a glance. This way you dont have to have it muck up the users background

 

[Xander]

Would it be possible to incorporate this here :

http://www.robvanderwoude.com/files/secstat_xp.txt

It shows what A/V product is being used, and when Windows Update was last run.

Nice potential. You'd have to have it pipe its output into a text first and then pull that into bginfo. (BGinfo can use environmental vars, reg entries, WMI queries, file version info, file timestamps, file contents, and VBS scripts). I've got no experience with WMI or VBS.

You can easily adjust what the Bat gets for its reg entries: e.g.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime

I would like to incorporate something with the HOSTS file. I could include the whole thing but the default is too big. I'd rather get the number of lines in Hosts. Its timestamp isn't bad. My VM shows a 2002 date on its copy so that could be useful in spotting tampering.

I cant remember the switches off the top of my head but you can have bginfo output to a png or a txt file as well. Just have it spit out either to the C:\ and you should be able to open it and take a glance. This way you dont have to have it muck up the users background

Easier to have it output to a /popup window. I just like the idea of the wallpaper; really wouldn't be hard to add that into a wrapper program.