public static List <RemoteApplication> GetInstalledApplications()
{
var apps = new List <RemoteApplication>();
var taskResult = new TaskResult();
Result = taskResult;
const string uninstallKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall";
const string uninstallKey32on64 = @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall";
var managementScope = new ManagementScope($@"\\{ComputerName}\root\CIMV2");
ManagementBaseObject inParams = null;
ManagementBaseObject outParams = null;
try
{
using (var wmiRegistry = new ManagementClass(managementScope, new ManagementPath("StdRegProv"), null))
{
List <string> subKeys = null;
List <string> subKeys32on64 = null;
var uninstallKeys = new List <string>();
// Get uninstall subkeys.
inParams = wmiRegistry.GetMethodParameters("EnumKey");
inParams["sSubKeyName"] = uninstallKey;
outParams = wmiRegistry.InvokeMethod("EnumKey", inParams, null);
if (outParams["sNames"] != null)
{
subKeys = new List <string>((string[])outParams["sNames"]).Select(x => $@"{uninstallKey}\{x}").ToList();
}
// Get 32-bit on 64-bit uninstall subkeys.
inParams["sSubKeyName"] = uninstallKey32on64;
outParams = wmiRegistry.InvokeMethod("EnumKey", inParams, null);
if (outParams["sNames"] != null)
{
subKeys32on64 = new List <string>((string[])outParams["sNames"]).Select(x => $@"{uninstallKey32on64}\{x}").ToList();
}
// Combine lists of keys.
if (subKeys != null)
{
uninstallKeys.AddRange(subKeys);
}
if (subKeys32on64 != null)
{
uninstallKeys.AddRange(subKeys32on64);
}
// Enumerate keys.
foreach (string subKey in uninstallKeys)
{
// Get SystemComponent (DWORD) value. Skip key if this value exists and is set to '1'.
inParams = wmiRegistry.GetMethodParameters("GetDWORDValue");
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "SystemComponent";
outParams = wmiRegistry.InvokeMethod("GetDWORDValue", inParams, null);
if (outParams["uValue"] != null && (UInt32)outParams["uValue"] == 1)
{
continue;
}
// Get ParentKeyName (String) value. Skip key if this value exists.
inParams = wmiRegistry.GetMethodParameters("GetStringValue");
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "ParentKeyName";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null && ((string)outParams["sValue"]).Length > 0)
{
continue;
}
// Get ReleaseType (String) value. Skip key if this value contains 'Update' or 'Hotfix'.
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "ReleaseType";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null && (((string)outParams["sValue"]).Contains("Update") || ((string)outParams["sValue"]).Equals("Hotfix")))
{
continue;
}
var app = new RemoteApplication();
// Get DisplayName (String) value.
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "DisplayName";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null)
{
app.DisplayName = (string)outParams["sValue"];
}
else
{
continue;
}
// Get Publisher (String) value.
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "Publisher";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null)
{
app.Publisher = (string)outParams["sValue"];
}
// Get DisplayVersion (String) value.
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "DisplayVersion";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null)
{
app.Version = (string)outParams["sValue"];
}
// Get UninstallString (String) value.
inParams["sSubKeyName"] = subKey;
inParams["sValueName"] = "UninstallString";
outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null);
if (outParams["sValue"] != null)
{
app.UninstallPath = (string)outParams["sValue"];
}
apps.Add(app);
}
}
taskResult.DidTaskSucceed = true;
}
catch (ManagementException ex) when(ex.ErrorCode == ManagementStatus.NotFound)
{
// Target OS might not support WMI StdRegProv. Attempt to gather data using remote registry.
apps = new List <RemoteApplication>();
const string serviceName = "RemoteRegistry";
bool isLocal = ComputerName.ToUpper() == Environment.MachineName.ToUpper() ? true : false;
bool isServiceRunning = true;
// If the target computer is remote, then start the Remote Registry service.
using (
GlobalVar.UseAlternateCredentials
? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword)
: null)
using (var sc = new ServiceController(serviceName, ComputerName))
{
try
{
if (!isLocal && sc.Status != ServiceControllerStatus.Running)
{
isServiceRunning = false;
sc.Start();
}
}
catch (Exception)
{
}
try
{
using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, ComputerName))
{
using (RegistryKey mainKey64 = key.OpenSubKey(uninstallKey))
apps.AddRange(EnumerateUninstallKeys(mainKey64));
using (RegistryKey mainKey32 = key.OpenSubKey(uninstallKey32on64))
apps.AddRange(EnumerateUninstallKeys(mainKey32));
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
// Cleanup.
if (!isLocal && !isServiceRunning)
{
try
{
if (sc != null)
{
sc.Stop();
}
}
catch (Exception)
{
}
}
}
}
catch
{
// Do nothing.
}
finally
{
if (inParams != null)
{
inParams.Dispose();
}
if (outParams != null)
{
outParams.Dispose();
}
}
// Get Internet Explorer version.
if (taskResult.DidTaskSucceed && apps.Count > 0)
{
try
{
var internetExplorerVersion = FileVersionInfo.GetVersionInfo($@"\\{ComputerName}\C$\Program Files\Internet Explorer\iexplore.exe");
if (internetExplorerVersion != null && internetExplorerVersion.ProductVersion.Length > 0)
{
apps.Add(new RemoteApplication
{
DisplayName = "Internet Explorer",
Publisher = "Microsoft Corporation",
Version = internetExplorerVersion.ProductVersion
});
}
}
catch { }
}
return(apps);
}
public static RemoteSystemInfo GetSystemInfo()
{
var systemInfo = new RemoteSystemInfo();
var taskResult = new TaskResult();
systemInfo.Result = taskResult;
ConnectionOptions op = new ConnectionOptions();
if (GlobalVar.UseAlternateCredentials)
{
op.Username = GlobalVar.AlternateUsername;
op.Password = GlobalVar.AlternatePassword;
op.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}";
}
ManagementScope sc = new ManagementScope($@"\\{TargetComputer}\root\CIMV2", op);
ObjectQuery query = new ObjectQuery("SELECT Caption,Description,LastBootUpTime,Version,ProductType FROM Win32_OperatingSystem");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(sc, query);
try
{
foreach (ManagementObject obj in searcher.Get())
{
systemInfo.ComputerType = (obj["ProductType"] != null) ? obj["ProductType"].ToString() : string.Empty;
systemInfo.WindowsVersionNumber = (obj["Version"] != null) ? obj["Version"].ToString().Trim() : string.Empty;
systemInfo.WindowsVersion = (obj["Caption"] != null) ? obj["Caption"].ToString().Trim() : string.Empty;
systemInfo.ComputerDescription = (obj["Description"] != null) ? obj["Description"].ToString().Trim() : string.Empty;
int index = systemInfo.WindowsVersion.IndexOf(@"(R)", StringComparison.OrdinalIgnoreCase);
while (index >= 0)
{
systemInfo.WindowsVersion = systemInfo.WindowsVersion.Remove(index, @"(R)".Length);
index = systemInfo.WindowsVersion.IndexOf(@"(R)", StringComparison.OrdinalIgnoreCase);
}
index = systemInfo.WindowsVersion.IndexOf(@"®", StringComparison.OrdinalIgnoreCase);
while (index >= 0)
{
systemInfo.WindowsVersion = systemInfo.WindowsVersion.Remove(index, @"®".Length);
index = systemInfo.WindowsVersion.IndexOf(@"®", StringComparison.OrdinalIgnoreCase);
}
if (obj["LastBootUpTime"] != null)
{
DateTime lastBoot = ManagementDateTimeConverter.ToDateTime(obj["LastBootUpTime"].ToString());
TimeSpan ts = DateTime.Now - lastBoot;
string uptime;
if (ts.Days > 0)
{
uptime = string.Format("{0} day{1}, {2} hour{3}, {4} minute{5}",
ts.Days, ts.Days == 1 ? "" : "s",
ts.Hours, ts.Hours == 1 ? "" : "s",
ts.Minutes, ts.Minutes == 1 ? "" : "s");
}
else if (ts.Hours > 0)
{
uptime = string.Format("{0} hour{1}, {2} minute{3}",
ts.Hours, ts.Hours == 1 ? "" : "s",
ts.Minutes, ts.Minutes == 1 ? "" : "s");
}
else if (ts.Minutes > 0)
{
uptime = string.Format("{0} minute{1}",
ts.Minutes, ts.Minutes == 1 ? "" : "s");
}
else
{
uptime = string.Format("{0} second{1}",
ts.Seconds, ts.Seconds == 1 ? "" : "s");
}
systemInfo.Uptime = uptime;
}
//foreach (var prop in obj.Properties)
//{
// if (prop.Name == "OSArchitecture" && obj["OSArchitecture"] != null)
// systemInfo.WindowsArchitecture = obj["OSArchitecture"].ToString();
//}
}
//if (systemInfo.WindowsArchitecture == null)
//{
WindowsArchitecture = "32-bit";
query = new ObjectQuery("SELECT Name,VariableValue FROM Win32_Environment");
searcher = new ManagementObjectSearcher(sc, query);
foreach (ManagementObject obj in searcher.Get())
{
if (obj["Name"] != null && obj["Name"].ToString() == "PROCESSOR_ARCHITECTURE" && obj["VariableValue"] != null && obj["VariableValue"].ToString().ToUpper() == "AMD64")
{
WindowsArchitecture = "64-bit";
break;
}
else if (obj["Name"] != null && obj["Name"].ToString() == "PROCESSOR_ARCHITEW6432 " && obj["VariableValue"] != null && obj["VariableValue"].ToString().ToUpper() == "AMD64")
{
WindowsArchitecture = "64-bit";
break;
}
}
//}
if (systemInfo.WindowsVersionNumber.StartsWith("5.0") || systemInfo.WindowsVersionNumber.StartsWith("5.2"))
{
query = new ObjectQuery("SELECT CurrentClockSpeed FROM Win32_Processor");
}
else
{
query = new ObjectQuery("SELECT CurrentClockSpeed,NumberOfLogicalProcessors FROM Win32_Processor");
}
searcher = new ManagementObjectSearcher(sc, query);
UInt32 clockSpeed = 0;
UInt32 numberOfProcessors = 1;
bool isLogicalCpuSupported = false;
foreach (ManagementObject obj in searcher.Get())
{
if (obj["CurrentClockSpeed"] != null)
{
clockSpeed = (UInt32)obj["CurrentClockSpeed"];
}
if (systemInfo.WindowsVersionNumber.StartsWith("5.0") || systemInfo.WindowsVersionNumber.StartsWith("5.2"))
{
break;
}
else if (obj["NumberOfLogicalProcessors"] != null)
{
isLogicalCpuSupported = true;
}
//foreach (var prop in obj.Properties)
//{
// if (prop.Name == "NumberOfLogicalProcessors" && obj["NumberOfLogicalProcessors"] != null)
// {
// isLogicalCpuSupported = true;
// break;
// }
//}
break;
}
if (isLogicalCpuSupported == true)
{
query = new ObjectQuery("SELECT Manufacturer,Model,Name,NumberOfLogicalProcessors,NumberOfProcessors FROM Win32_ComputerSystem");
}
else
{
query = new ObjectQuery("SELECT Manufacturer,Model,Name,NumberOfProcessors FROM Win32_ComputerSystem");
}
searcher = new ManagementObjectSearcher(sc, query);
foreach (ManagementObject obj in searcher.Get())
{
if (obj["Manufacturer"] != null)
{
systemInfo.ComputerManufacturer = obj["Manufacturer"].ToString();
}
if (obj["Model"] != null)
{
systemInfo.ComputerModel = obj["Model"].ToString();
}
if (obj["Name"] != null)
{
systemInfo.ComputerName = obj["Name"].ToString();
}
if (isLogicalCpuSupported == true && obj["NumberOfLogicalProcessors"] != null)
{
numberOfProcessors = (UInt32)obj["NumberOfLogicalProcessors"];
}
else if (isLogicalCpuSupported == false && obj["NumberOfProcessors"] != null)
{
numberOfProcessors = (UInt32)obj["NumberOfProcessors"];
}
else
{
numberOfProcessors = 1;
}
}
systemInfo.Processor = string.Format("{0} Core{1} @ {2:0.#} {3}",
numberOfProcessors, numberOfProcessors == 1 ? "" : "s",
clockSpeed > 1000 ? (double)clockSpeed / 1000.0 : clockSpeed,
clockSpeed > 1000 ? "GHz" : "MHz");
query = new ObjectQuery("SELECT SerialNumber FROM Win32_SystemEnclosure");
searcher = new ManagementObjectSearcher(sc, query);
foreach (ManagementObject obj in searcher.Get())
{
systemInfo.ComputerSerialNumber = (obj["SerialNumber"] != null) ? obj["SerialNumber"].ToString() : string.Empty;
break;
}
query = new ObjectQuery("SELECT Capacity FROM Win32_PhysicalMemory");
searcher = new ManagementObjectSearcher(sc, query);
UInt64 totalMemory = 0;
foreach (ManagementObject m in searcher.Get())
{
if (m["Capacity"] != null)
{
totalMemory += (UInt64)m["Capacity"];
}
}
systemInfo.Memory = RemoteAdmin.ConvertBytesToString(totalMemory);
// Determine computer type:
if (!string.IsNullOrEmpty(systemInfo.ComputerType) && systemInfo.ComputerType == "3")
{
systemInfo.ComputerType = "Server";
}
else
{
systemInfo.ComputerType = "Desktop";
}
if (systemInfo.ComputerManufacturer == "VMware, Inc." || (systemInfo.ComputerManufacturer == "Xen" && systemInfo.ComputerModel == "HVM domU"))
{
if (systemInfo.ComputerType == "Server")
{
systemInfo.ComputerType = "Server (Virtual Machine)";
}
else
{
systemInfo.ComputerType = "Virtual Machine";
}
}
query = new ObjectQuery("SELECT BatteryStatus FROM Win32_Battery");
searcher = new ManagementObjectSearcher(sc, query);
foreach (ManagementObject m in searcher.Get())
{
systemInfo.ComputerType = "Laptop / Portable";
break;
}
taskResult.DidTaskSucceed = true;
query = new ObjectQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True");
searcher = new ManagementObjectSearcher(sc, query);
foreach (ManagementObject obj in searcher.Get())
{
string[] ipAddresses = (string[])(obj["IPAddress"]);
systemInfo.IpAddresses = ipAddresses.FirstOrDefault(s => s.Contains('.'));
}
}
catch
{
taskResult.DidTaskSucceed = false;
}
systemInfo.IsRebootRequired = GetSysRebootState();
return(systemInfo);
}
public static List <RemoteProcess> GetProcesses()
{
// GetProcesses() uses WMI to retrieve a list of running processes.
// It returns a List of RemoteProcess which will be bound to a DataGrid on this UserControl.
var processes = new List <RemoteProcess>();
var taskResult = new TaskResult();
Result = taskResult;
// Setup WMI Query.
var options = new ConnectionOptions();
if (GlobalVar.UseAlternateCredentials)
{
options.Username = GlobalVar.AlternateUsername;
options.Password = GlobalVar.AlternatePassword;
options.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}";
}
var scope = new ManagementScope($@"\\{ComputerName}\root\CIMV2", options);
var query = new ObjectQuery("SELECT * FROM Win32_Process");
var searcher = new ManagementObjectSearcher(scope, query);
try
{
// Retrieve a list of running processes.
foreach (ManagementObject m in searcher.Get())
{
var process = new RemoteProcess();
process.Name = (m["Name"] != null) ? m["Name"].ToString() : string.Empty;
process.ExecutablePath = (m["ExecutablePath"] != null) ? m["ExecutablePath"].ToString() : string.Empty;
if (m["ProcessId"] != null)
{
process.ProcessId = (UInt32)m["ProcessId"];
}
if (m["SessionId"] != null)
{
process.SessionId = (UInt32)m["SessionId"];
}
string[] argList = new string[] { string.Empty, string.Empty };
int returnVal = Convert.ToInt32(m.InvokeMethod("GetOwner", argList));
process.Owner = (returnVal == 0) ? argList[0] : string.Empty;
if (process.ProcessId == 0 || process.ProcessId == 4)
{
process.Owner = "SYSTEM";
}
switch (process.Owner.ToUpper())
{
case ("SYSTEM"):
process.Owner = "System";
break;
case ("LOCAL SERVICE"):
process.Owner = "Local Service";
break;
case ("NETWORK SERVICE"):
process.Owner = "Network Service";
break;
}
processes.Add(process);
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
return(processes);
}
public static List <RemoteLogonSession> GetLogonSessions()
{
// GetProcesses() first uses WMI to determine if the target computer is running a desktop or server OS.
// If running a server OS, it uses the Remote Desktop Service API to retrieve logon sessions.
// If running a desktop OS, it uses WMI to retrieve logon sessions.
// It returns a List of RemoteLogonSession which will be bound to a DataGrid on this UserControl.
var logonSessions = new List <RemoteLogonSession>();
var taskResult = new TaskResult();
Result = taskResult;
UInt32 productType = 1;
// Determine whether operating system is server or desktop edition.
var options = new ConnectionOptions();
if (GlobalVar.UseAlternateCredentials)
{
options.Username = GlobalVar.AlternateUsername;
options.Password = GlobalVar.AlternatePassword;
options.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}";
}
var scope = new ManagementScope($@"\\{ComputerName}\root\CIMV2", options);
var query = new ObjectQuery("SELECT ProductType FROM Win32_OperatingSystem");
var searcher = new ManagementObjectSearcher(scope, query);
try
{
foreach (ManagementObject m in searcher.Get())
{
productType = (m["ProductType"] != null) ? (UInt32)m["ProductType"] : 1;
break;
}
}
catch
{
taskResult.DidTaskSucceed = false;
return(logonSessions);
}
IsServerEdition = productType > 1 ? true : false;
// If operating system is server edition, use Remote Desktop Services API to retrieve logon sessions.
if (IsServerEdition)
{
try
{
using (
GlobalVar.UseAlternateCredentials
? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword)
: null)
{
IntPtr server = WtsApi.WTSOpenServer(ComputerName);
logonSessions.AddRange(WtsApi.GetWindowsUsers(server));
foreach (RemoteLogonSession logonSession in logonSessions)
{
query = new ObjectQuery($"SELECT CreationDate FROM Win32_Process WHERE SessionId = {logonSession.SessionId}");
searcher = new ManagementObjectSearcher(scope, query);
DateTime logonTime = DateTime.Now;
foreach (ManagementObject m in searcher.Get())
{
DateTime procCreationDate = ManagementDateTimeConverter.ToDateTime(m["CreationDate"].ToString());
if (procCreationDate < logonTime)
{
logonSession.LogonTime = procCreationDate;
}
}
}
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
}
// If operating system is desktop edition, query Win32_Process for explorer.exe to determine logged on users.
else
{
query = new ObjectQuery("SELECT * FROM Win32_Process WHERE Name = 'explorer.exe'");
searcher = new ManagementObjectSearcher(scope, query);
try
{
foreach (ManagementObject m in searcher.Get())
{
var logonSession = new RemoteLogonSession();
logonSession.SessionId = (UInt32)m["SessionId"];
var dmtfDateTime = m["CreationDate"].ToString();
logonSession.LogonTime = ManagementDateTimeConverter.ToDateTime(dmtfDateTime);
string[] argList = new string[] { string.Empty, string.Empty };
int returnVal = Convert.ToInt32(m.InvokeMethod("GetOwner", argList));
if (returnVal == 0)
{
logonSession.Username = argList[0];
logonSession.Domain = argList[1];
}
else
{
logonSession.Username = string.Empty;
}
int index = logonSessions.FindIndex(item => item.SessionId == logonSession.SessionId);
if (index >= 0)
{
continue;
}
else
{
logonSessions.Add(logonSession);
}
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
}
return(logonSessions);
}
public static List <RemoteService> GetServices()
{
// GetServices() uses WMI to retrieve a list of running services.
// It returns a List of RemoteService which will be bound to a DataGrid on this UserControl.
var services = new List <RemoteService>();
var taskResult = new TaskResult();
Result = taskResult;
// Setup WMI query.
var options = new ConnectionOptions();
if (GlobalVar.UseAlternateCredentials)
{
options.Username = GlobalVar.AlternateUsername;
options.Password = GlobalVar.AlternatePassword;
options.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}";
}
var scope = new ManagementScope($@"\\{ComputerName}\root\CIMV2", options);
var query = new ObjectQuery("SELECT * FROM Win32_Service");
var searcher = new ManagementObjectSearcher(scope, query);
try
{
// Retrieve a list of running services.
foreach (ManagementObject m in searcher.Get())
{
var service = new RemoteService();
service.DisplayName = (m["DisplayName"] != null) ? m["DisplayName"].ToString() : string.Empty;
service.AcceptPause = (m["AcceptPause"] != null) ? (bool)m["AcceptPause"] : false;
service.AcceptStop = (m["AcceptStop"] != null) ? (bool)m["AcceptStop"] : false;
service.Description = (m["Description"] != null) ? m["Description"].ToString() : string.Empty;
service.Name = (m["Name"] != null) ? m["Name"].ToString() : string.Empty;
service.PathName = (m["PathName"] != null) ? m["PathName"].ToString() : string.Empty;
service.StartupType = (m["StartMode"] != null) ? m["StartMode"].ToString() : string.Empty;
service.LogOnAs = (m["StartName"] != null) ? m["StartName"].ToString() : string.Empty;
service.State = (m["State"] != null) ? m["State"].ToString() : string.Empty;
int index = service.LogOnAs.IndexOf(@"NT AUTHORITY\", StringComparison.OrdinalIgnoreCase);
if (index >= 0)
{
service.LogOnAs = service.LogOnAs.Remove(index, @"NT AUTHORITY\".Length);
}
switch (service.LogOnAs.ToUpper())
{
case ("LOCALSERVICE"):
service.LogOnAs = "Local Service";
break;
case ("LOCALSYSTEM"):
service.LogOnAs = "Local System";
break;
case ("NETWORKSERVICE"):
service.LogOnAs = "Network Service";
break;
}
services.Add(service);
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
return(services);
}
public static List <RemoteStorage> GetStorageDevices()
{
// Use WMI to retrieve a list of storage devices.
var drives = new List <RemoteStorage>();
var taskResult = new TaskResult();
Result = taskResult;
// Setup WMI query.
var options = new ConnectionOptions();
if (GlobalVar.UseAlternateCredentials)
{
options.Username = GlobalVar.AlternateUsername;
options.Password = GlobalVar.AlternatePassword;
options.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}";
}
var scope = new ManagementScope($@"\\{ComputerName}\root\CIMV2", options);
var query = new ObjectQuery("SELECT * FROM Win32_LogicalDisk WHERE DriveType = 2 OR DriveType = 3 OR DriveType = 5");
var searcher = new ManagementObjectSearcher(scope, query);
try
{
// Retrieve a list of storage devices.
foreach (ManagementObject m in searcher.Get())
{
var drive = new RemoteStorage();
drive.DriveLetter = (m["Name"] != null) ? m["Name"].ToString() : string.Empty;
drive.VolumeName = (m["VolumeName"] != null) ? m["VolumeName"].ToString() : string.Empty;
drive.Capacity = (m["Size"] != null) ? (UInt64)m["Size"] : 0;
drive.FreeSpace = (m["FreeSpace"] != null) ? (UInt64)m["FreeSpace"] : 0;
drive.UsedSpace = drive.Capacity - drive.FreeSpace;
drive.DriveType = (UInt32)m["DriveType"];
double bytes = (double)drive.Capacity;
switch (drive.DriveType)
{
case (2):
drive.CapacityString = "Removable";
break;
case (5):
drive.CapacityString = "CD-ROM";
break;
default:
drive.CapacityString = ConvertBytesToString(bytes);
break;
}
bytes = (double)drive.FreeSpace;
drive.FreeSpaceString = (drive.DriveType == 2 || drive.DriveType == 5) ? string.Empty : ConvertBytesToString(bytes);
bytes = (double)drive.UsedSpace;
drive.UsedSpaceString = (drive.DriveType == 2 || drive.DriveType == 5) ? string.Empty : ConvertBytesToString(bytes);
drives.Add(drive);
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
return(drives);
}
public static List <RemoteLogonHistory> GetLogonHistory()
{
var logonHistory = new List <RemoteLogonHistory>();
Result = new TaskResult();
const int logonEventId = 4624;
const int logoffEventIdA = 4634;
const int logoffEventIdB = 4647;
const int landeskRemoteControlEventId = 2;
string queryString =
"<QueryList><Query Id='1'>" +
"<Select Path='Security'>" +
"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " +
"(EventID=" + logonEventId + ")]] and " +
"*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] and " +
"*[EventData[Data[@Name='LogonGuid'] != '{00000000-0000-0000-0000-000000000000}']] and " +
"*[EventData[Data[@Name='LogonProcessName'] != 'seclogo']]" +
"</Select>" +
"<Select Path='Security'>" +
"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " +
"(EventID=" + logonEventId + ")]] and " +
"*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] and " +
"*[EventData[Data[@Name='TargetDomainName'] = '" + RemoteLogonSession.ComputerName.ToUpper().Trim() + "']]" +
"</Select>" +
"<Select Path='Security'>" +
//"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " +
//"(EventID=" + logoffEventIdA + ")]] and " +
//"*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] or " +
"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " +
"(EventID=" + logoffEventIdB + ")]]" +
"</Select>" +
"<Select Path='Application'>" +
"*[System[Provider[@Name='LANDESK Remote Control Service'] and (EventID=" + landeskRemoteControlEventId + ")]]" +
"</Select>" +
"</Query></QueryList>";
try
{
var eventLogSession = new EventLogSession(RemoteLogonSession.ComputerName);
var eventLogQuery = new EventLogQuery("Security", PathType.LogName, queryString);
eventLogQuery.ReverseDirection = true;
eventLogQuery.Session = eventLogSession;
using (
GlobalVar.UseAlternateCredentials
? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword)
: null)
using (var eventLogReader = new EventLogReader(eventLogQuery))
{
for (EventRecord eventLogRecord = eventLogReader.ReadEvent(); null != eventLogRecord; eventLogRecord = eventLogReader.ReadEvent())
{
string regexString;
switch (eventLogRecord.Id)
{
case (logonEventId):
regexString = @"An account was successfully logged on.*Logon Type:\s+(?<logonType>.*?)\r" +
@".*\tAccount Name:\s+(?<accountName>.*?)\r" +
@".*\tAccount Domain:\s+(?<accountDomain>.*?)\r" +
@".*Network Information:.*Source Network Address:\s+(?<sourceIpAddress>.*?)\r";
break;
case (landeskRemoteControlEventId):
regexString = @"^Remote control action: (?<controlAction>\w+?) Remote Control Initiated from (?<sourceHostname>.*?) by user " +
@"(?<accountName>.*?), Security Type";
break;
case (logoffEventIdA):
regexString = @"An account was logged off" +
@".*Subject:.*Account Name:\s+(?<accountName>.*?)\r" +
@".*Account Domain:\s+(?<accountDomain>.*?)\r" +
@".*Logon Type:\s+(?<logonType>.*?)\r";
break;
case (logoffEventIdB):
regexString = @"User initiated logoff" +
@".*Subject:.*Account Name:\s+(?<accountName>.*?)\r" +
@".*Account Domain:\s+(?<accountDomain>.*?)\r";
break;
default:
regexString = string.Empty;
break;
}
var match = Regex.Match(eventLogRecord.FormatDescription(), regexString, RegexOptions.Singleline);
if (match.Success)
{
switch (eventLogRecord.Id)
{
case (logonEventId):
logonHistory.Add(new RemoteLogonHistory
{
LogonTime = eventLogRecord.TimeCreated.Value,
LogonDomain = match.Groups["accountDomain"].Value,
LogonName = match.Groups["accountName"].Value,
LogonType = match.Groups["logonType"].Value,
IpAddress = match.Groups["sourceIpAddress"].Value
});
break;
case (landeskRemoteControlEventId):
logonHistory.Add(new RemoteLogonHistory
{
LogonTime = eventLogRecord.TimeCreated.Value,
LogonName = match.Groups["accountName"].Value,
LogonDomain = string.Empty,
LogonType = "LANDesk",
LogonAction = match.Groups["controlAction"].Value,
IpAddress = match.Groups["sourceHostname"].Value
});
break;
case (logoffEventIdA):
logonHistory.Add(new RemoteLogonHistory
{
LogonTime = eventLogRecord.TimeCreated.Value,
LogonDomain = match.Groups["accountDomain"].Value,
LogonName = match.Groups["accountName"].Value,
LogonType = "Logoff"
});
break;
case (logoffEventIdB):
logonHistory.Add(new RemoteLogonHistory
{
LogonTime = eventLogRecord.TimeCreated.Value,
LogonDomain = match.Groups["accountDomain"].Value,
LogonName = match.Groups["accountName"].Value,
LogonType = "Logoff"
});
break;
}
}
}
Result.DidTaskSucceed = true;
}
}
catch (UnauthorizedAccessException)
{
Result.DidTaskSucceed = false;
Result.MessageBody = "This feature is currently only supported on Windows Vista and Server 2008 or higher.";
}
catch
{
Result.DidTaskSucceed = false;
}
return(logonHistory);
}
public static List <RemoteApplication> GetInstalledApplications()
{
var apps = new List <RemoteApplication>();
var taskResult = new TaskResult();
Result = taskResult;
const string uninstallKey64 = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall";
const string uninstallKey32 = @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall";
const string serviceName = "RemoteRegistry";
bool isLocal = ComputerName.ToUpper() == Environment.MachineName.ToUpper() ? true : false;
bool isServiceRunning = true;
// If the target computer is remote, then start the Remote Registry service.
using (
GlobalVar.UseAlternateCredentials
? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword)
: null)
using (var sc = new ServiceController(serviceName, ComputerName))
{
try
{
if (!isLocal && sc.Status != ServiceControllerStatus.Running)
{
isServiceRunning = false;
sc.Start();
}
}
catch (Exception)
{
}
try
{
using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, ComputerName))
{
using (RegistryKey mainKey64 = key.OpenSubKey(uninstallKey64))
apps.AddRange(EnumerateUninstallKeys(mainKey64));
using (RegistryKey mainKey32 = key.OpenSubKey(uninstallKey32))
apps.AddRange(EnumerateUninstallKeys(mainKey32));
}
var internetExplorerVersion = FileVersionInfo.GetVersionInfo($@"\\{ComputerName}\C$\Program Files\Internet Explorer\iexplore.exe");
if (internetExplorerVersion != null && internetExplorerVersion.ProductVersion.Length > 0)
{
apps.Add(new RemoteApplication
{
DisplayName = "Internet Explorer",
Publisher = "Microsoft Corporation",
Version = internetExplorerVersion.ProductVersion
});
}
taskResult.DidTaskSucceed = true;
}
catch
{
taskResult.DidTaskSucceed = false;
}
// Cleanup.
if (!isLocal && !isServiceRunning)
{
try
{
if (sc != null)
{
sc.Stop();
}
}
catch (Exception)
{
}
}
}
return(apps);
}
