This comes up quite often, so I thought I share a method I came up with to enumerate open ports in VBScript using netstat. Basically the script, which is available here on TechNet Script Center, runs “netstat –a –n” and parses the output into the following format:
In DCM, you would configure CI setting with this script. The validation rules for this CI would validate against the returned list. For example:
- ‘Not Contains’ to exclude certain IP & ports (e.g. ‘Not Contains’ on ‘TCPv4\0.0.0.0:445’ (without quotes when entered in the console) would return non-complaint for any machines with TCPv4 445 open on all addresses
- ‘Contains’ to make sure a IP & port is open (e.g. ‘Contains’ on TCPv4\0.0.0.0:445′ would return non-compliant for any machine with TCPv4 445 closed on all addresses (or 0.0.0.0))
- ‘Does not end with’ to check for only a port being closed on any address (e.g. ‘Does not end with’ on ‘:445’ would return non-compliant for any machine with TCPv4 open on any address)
Here is what a simple set of CIs to look for ports 445 and 139 looks like from one of my test ConfigMgr clients:
Please let me know if you found this useful or any other feedback.
This post was contributed by Saud Al-Mishari, a Premier Field Engineer with Microsoft Premier Field Engineering, UK.