2 things: Tell if a server is server core remotely. Tell if a server is a VM remotely. (C#) - Brad Rutkowski's Blog - Site Home

I've been messing around over the last week making a tool that will frisk a remote machine. It's been a fun project, a couple of items I got hung up on were if the machine was server core and if it was a VM.

I mean who would knowingly TS to a server if they knew it was server core? As for the VM, it's nice to know before-hand so you dont request a debugger to be attached to a virtual server ;).

Well here are some snippets for those two things, hope it helps those trying to do similar queries...

Server Core:

Basically you just need to look at the OperatingSystemSKU value and if it E (hex) or 14 (decimal) then its server core. This and all the other SKU numbers are listed here: http://msdn2.microsoft.com/en-us/library/ms724358.aspx

System.Management.ConnectionOptions objconn = new System.Management.ConnectionOptions();
        objconn.Impersonation = System.Management.ImpersonationLevel.Impersonate;
        objconn.EnablePrivileges = true;
        System.Management.ManagementScope exmangescope = new System.Management.ManagementScope(@"\\" + srvName + @"\root\cimv2", objconn);
        System.Management.ObjectQuery objquery = new System.Management.ObjectQuery("SELECT * FROM Win32_OperatingSystem");
        System.Management.ManagementObjectSearcher objsearch = new System.Management.ManagementObjectSearcher(exmangescope, objquery);
        System.Management.ManagementObjectCollection queryCollection = objsearch.Get();
        foreach (System.Management.ManagementObject stringer in queryCollection)
        {
            serverCoreval = stringer["OperatingSystemSKU"].ToString();
            //Console.WriteLine(serverCoreval);
        }

Virtual Machine:

If the VM is either Vista/Windows 2008 it's a simple reg query:

if (buildInt >= 6000)
{
sysInfo = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, srvName).OpenSubKey(@"SYSTEM\CurrentControlSet\Control\SystemInformation").GetValue("SystemProductName").ToString();

    if (sysInfo.Contains("Virtual"))
    {
        vmCheck = 1;
    }

}

If the VM is downlevel then it's a WMI query

else if (buildInt == 3790)
{
    System.Management.ConnectionOptions objconn = new System.Management.ConnectionOptions();
    objconn.Impersonation = System.Management.ImpersonationLevel.Impersonate;
    objconn.EnablePrivileges = true;
    System.Management.ManagementScope exmangescope = new System.Management.ManagementScope(@"\\" + srvName + @"\root\cimv2", objconn);
    System.Management.ObjectQuery objquery = new System.Management.ObjectQuery("SELECT * FROM Win32_ComputerSystem");
    System.Management.ManagementObjectSearcher objsearch = new System.Management.ManagementObjectSearcher(exmangescope, objquery);
    System.Management.ManagementObjectCollection queryCollection1 = objsearch.Get();
    foreach (System.Management.ManagementObject stringer in queryCollection1)
    {
        sysInfo = stringer["Model"].ToString();
        //System.Console.WriteLine(sysinfo);
    }
    if (sysInfo.Contains("Virtual"))
    {
        vmCheck = 1;
    }

Technorati Tags: windows 2008,Server Core,C#,Virtualization