How to scan for SQL installation
I've tried creating a Scan Profile (Options/Scan Profiles) called SQL Exes where I've added Files & Directories scanner with the Type as File and the Include Pattern(s) as *\sqlservr.exe. I set it to trigger once a day.
So far (several days later), I don't appear to be getting any info from this. Specifically, I created a Dynamic Collection that does a filter with Files & Directories where Name contains sqlservr.exe and it returns nothing.
What's the right way to do this?
0
Comments
Have you tried doing it based on installed applications?
Yes, I have. Unfortunately there are too many application names that have the words SQL Server in them, so I get a lot of false positives.
Looking at the pre-built scanner and it shows ** preceding the *.exe. Perhaps trying the ** preceeding your sqlservr.exe?
Available Wildcards: **\ - Current and All Subdirectories.
Have you considered querying the list of services in the registry instead? All services are in HKLM\System\CurrentControlSet\Services, so you can grab the item named MSSQLSERVER (if it's a full SQL). There may be a modified version for SQL Express or for instances - but either way, you could grab anything with SQL to start and then whittle it down to only the names/objects you care about. The DisplayName key will tell you the name of SQL and the ImagePath will give you the path to the executable. It would be interesting to see what it looks like on a machine where the service is using an instance and also where there could be multiple instances on the same server. Hope that helps.
Changed it to ?:**\sqlservr.exe. Waiting for the scan to run. I'll let you know how it turns out.
Worth a try. Create a registry scan for HKLM\SOFTWARE\Microsoft\MSSQLServer**. Waiting for the scan to run. I'll let you know how it turns out.
This worked!
This also worked!
Thanks for your help, Avi & Brodiemac!
So this seemed to work. At least, I am now getting matches to my query for files with the name sqlservr.exe. However, it is giving me a bunch of false positives. I did a manual file search on a machine that I know does not have SQL server installed, but does show up in the list and found this: C:\Windows\WinSxS\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.14393.0_none_d51f72c5729800a5\sqlservr.exe So apparently SxS has a copy of sql hidden away for some reason.
This, I think, will be my answer. The scan completed successfully and I can now filter on MSSQLServer in the path and the list it provides is quite promising.
Thanks!
You may want to look for MSSQL$ also, I believe. That will show you SQL with Instances (if you're familiar with SQL instances).
ok. We don't generally use instances, but it's good to know. Thanks!
ok. Keep in mind that some small apps that need a backend DB may use SQL Express and may install a small sql server with an instance specific to the app.
Please sign in to leave a comment.