Photo by Rennett Stowe
Windows administrators are often bearers of news. Sometimes good, sometimes bad.
When the news is good, you look like a hero. When it’s bad you offer suggestions on how to a) deal with repurcussions, and b) avoid the problem next time. While no one likes to give bad news there is something worse… not knowing.
When it comes to knowing what software is installed on the computers that you manage there are myriad ways to discover. Here are the 7 reasons a windows administrator might not know what is installed on their systems:
- Limiting inventory collection to entries in Add/Remove Programs
- Excluding important registry entries
- Giving them what they ‘ask for’
- Limiting inventory scans to .exe files
- No master baseline table to compare against
- Data is static
- Poor reporting ability
Number 1 is quite common. Software inventory is much more than what is listed in Add/Remove. While true that most of what you’ll need to report on will be gleaned from this section, sometimes the data you need isn’t a stand-alone program per se, but rather a file or group of files that together may cause a vulnerability.
The solution is to determine what you are looking for and then find the right solutions, be they over the counter or custom scanning ability. Keep reading to see some common mistakes made by admins on the quest for too much information.
Number 2 isn’t answered easily. The registry is a big place and it’s easy to get lost. You need to know what you’re looking for before you create a custom scanner to glean registry data. That said, sometimes the registry is the only place to get the data, especially when you are looking for the configuration of specific applications.
Number 3 is a fun one. We all know that what a customer asks for isn’t necesarily what they want. I’ll elaborate a bit more in the end of the artcile, but suffice it to say that gathering every piece of information on the computer won’t help much if you can’t put it into their perspective.
Number 4 is a common mistake made when an admin tries to venture beyond Add/Remove. Simply put, they scan for all .exe’s while forgetting that there are many files that are executable.
Keep an eye out for some of the following (certainly not an exhaustive list):
The next mistake is looking for too much, which takes us to number 5, which I will cover in next Friday’s blog post.