rrent page or check for previous versions at the Internet Archive. Yahoo! is not affiliated with the authors of this page or responsible for its content.
Shavlik NetChk Analyzer Command Line Reference

















Shavlik NetChk Analyzer
Command Line Reference Copyright
Shavlik Technologies
ii

Shavlik NetChk Analyzer Command Line Reference

Copyright

© 2006 Shavlik Technologies. All rights reserved.

No part of this document may be reproduced or retransmitted in any form or by any means electronic,
mechanical, or otherwise, including photocopying and recording for any purpose other than the purchasers
personal use without written permission of Shavlik Technologies.

Trademarks
Shavlik, the Shavlik logo, Shavlik NetChk Analyzer, Shavlik HFNetChkPro, Shavlik NetChk Compliance,
Shavlik NetChk Protect, Shavlik NetChk Patch, Shavlik NetChk Spyware, and Shavlik NetChk Tracker are
trademarks of Shavlik Technologies. Microsoft and Windows are registered trademarks of Microsoft
Corporation.

All other trademarks, tradenames, or images mentioned herein belong to their respective owners.

Document Information and Print History

Shavlik NetChk Analyzer Command Line Reference

Document number: N/A

Date
Version
Description
May 2006
1.0
Initial release of this guide.

Shavlik Technologies
Contents

Shavlik NetChk Analyzer Command Line Reference
iii


C
ONTENTS

1

I
NTRODUCTION
...................................................................... 1

Command requirements ............................................................................... 1

For further information .................................................................................. 1

2

C
OMMAND
S
WITCHES
............................................................ 2

Specifying what machines to scan................................................................ 2

Specifying what machines not to scan.......................................................... 7

Specifying what patches to scan or not scan.............................................. 11

Specifying additional scan parameters ....................................................... 14

3

E
XAMPLES
.......................................................................... 22

I
NDEX
.................................................................................... 24

Contents
Shavlik Technologies
iv

Shavlik NetChk Analyzer Command Line Reference


THIS

PAGE

INTENTIONALLY

BLANK

Shavlik Technologies
Introduction

Shavlik NetChk Analyzer Command Line Reference
1


1
I
NTRODUCTION


About this guide
This guide describes the command line switches that are available for use with
Shavlik NetChk Analyzer.

Command
requirements
The commands you create must meet the following requirements:

Each command must be a complete command

Each command must begin with the term hfcli.exe


For further
information
If after reading this document you have further questions about the commands
available for use with Shavlik NetChk Analyzer, please see visit the Shavlik Support
Forum for Shavlik NetChk Analyzer at
http://forum.shavlik.com/viewtopic.php?t=3210

Commands Switches
Shavlik Technologies
2

Shavlik NetChk Analyzer Command Line Reference

2
C
OMMAND
S
WITCHES


Shavlik NetChk Analyzer supports the following command line switches. Items
marked in yellow are new since MBSA 1.2.1.
To view a list of available commandline switches in Shavlik NetChk Analyzer, type
hfcli.exe /?
at the command line.
Specifying what
machines to scan
The following command switches can be used to specify what machines you want to
scan.

Command Switch
Description
[-h hostname]
Specifies the NetBIOS machine name to scan. If you
are scanning multiple machines by name, you can
separate each hostname with a comma:
Example: -h pc1,pc2,pc3 (no spaces allowed after
the comma)
Machine names are converted to IP addresses during
the scan process. To ensure accurate results, make
sure that DNS, WINS, and DHCP are working
correctly.
The -h switch can be used in conjunction with any
other switch in this category:
Example: -h pc1,pc2 -d domainname -i 10.1.1.1
[-i ipaddress]
Specifies the IP address of a machine to scan. If you
are scanning multiple machines by IPaddress, you
can separate each IPaddress with a comma:
Example: -i 10.1.1.1,10.1.1.2,172.16.1.1 (no spaces
allowed)
The -i switch can be used in conjunction with any
other switch in this category:
Example: -i 10.1.1.1 -h pc1,pc2 -d domainname
[-d domainname]
Specifies the domain name to scan. All machines in
the domain will be enumerated and then scanned. To Shavlik Technologies
Command Switches
Shavlik NetChk Analyzer Command Line Reference
3


scan multiple domains, separate each domain with a
comma:
Example: -d corp,dmz,acme (no spaces allowed
after the comma)
During domain enumeration, the scan engine will
attempt to contact the domain controller(s) for each
domain and obtain the machine account list for the
domain. Your currently logged on user credentials will
be used to authenticate to the domain controller to
obtain this information. If you are not logged on to
your console with credentials to obtain this
information, the network browse list will be used
instead.
To force the scan engine to use the browse list only,
include the -ubo switch below.
The -domain switch can be used in conjunction with
any other switch in this category:
Example: -d corp -h pc1,pc2 -i 10.1.1.1 -ubo
[-n]
The -n switch will scan all of the Microsoft machines
on the local network. The list of machine to scan will
approximate the same list of machines that you can
see via Network Neighborhood.
The -n switch can be used in conjunction with any of
the other switches in this category, though it is best
used by itself.
[-ubo]
Use browse list only. This switch is applicable to the
-d switch. This switch forces the scan engine to
enumerate the domain membership using the browse
list from the master browser of the domain, rather
than attempting to gather the list of machine accounts
from the domain controllers.
In some cases it may be beneficial to use this switch
to scan the domain, particularly in cases where the
network administrator has not purged stale machine
accounts from the domain controller.
The -ubo switch is specific to the -d and -n switches.
[-r range]
The -r switch specifies a range of IP addresses to
scan. This switch is useful when scanning subnets
and identifying machines that may not be known, or
may not be a member of any domain. (In cases
where the scan engine encounters a 'rogue' machine Commands Switches
Shavlik Technologies
4

Shavlik NetChk Analyzer Command Line Reference

and does not have the credentials to logon to this
machine, the scan results will identify each machine
that it attempted to scan and failed, so you can later
research the 'rogue' system.)
If you are scanning multiple IP ranges, you can
separate each IP range with a comma:
Example:
-r 10.1.1.1-10.1.1.255,172.16.1.1-172.16.1.127
The -i switch can be used in conjunction with any
other switch in this category:
Example:
-r 172.16.1.1-172.16.1.255 -i 10.1.1.1 -h pc1,pc2
[-ou ou_name]
Specifies the organizational unit (OU) to scan. All
machines in the OU will be scanned.
In order to enumerate the OU membership, your
currently logged on username will be used to
authenticate to the domain controller. If you do not
have admin access to the domain associated with this
OU, then the enumeration may fail.
If you would like to include child OUs when scanning
the specified OU, use the -ouc switch below.
The -ou switch can be used in conjunction with any
other switch in this category:
Example:
-ou ou=development,DC=shavlik,dc=com -h pc1,pc2
[-ouc ou_name]
Specifies that children OUs of the specified OU
should be included in the scan.
The -ouc switch can be used in conjunction with any
other switch in this category:
Example:
-ouc cn=computers,DC=shavlik,dc=com -h pc1,pc2
[-fh hostfile]
Specifies a text file that contains a list of NetBIOS
machine names to scan. Each machine name should
be entered on its own line:
PC1
PC2
PC3
The text file will be read at scan time and any
machine names listed in this file will be scanned. Shavlik Technologies
Command Switches
Shavlik NetChk Analyzer Command Line Reference
5


This switch may be useful if you are using a separate
utility to create a list of machines to scan. For
example, you may wish to schedule hfcli.exe to scan
every hour, where it will scan the contents of the
specified text file. The text file is the result of a script
that enumerates the domain and outputs the results
to a text file.
The -fh switch can point to a file of hosts in any