Windows 7: Follow the MAP

Using the Microsoft Assessment and Planning Toolkit 4.0 for pre-deployment inventory and assessment will help ensure a smooth process.

Jorge Orchilles

Adapted from “Microsoft Windows 7 Administrator’s Reference” (Syngress, an imprint of Elsevier)

When it comes to planning an OS deployment, you need to begin with an inventory of what you have in place, from hardware to software. Knowing what you have is the key.

Microsoft provides a free tool for you to use to plan your Windows 7 deployment. The Microsoft Assessment and Planning Toolkit 4.0 (MAP) is an agentless inventory, assessment and reporting tool that will simplify your Windows 7 deployment planning. MAP will assess workstations running Windows 2000, Windows XP, Windows Vista, and Windows 7, as well as Windows Server 2000, Windows Server 2003, and Windows Server 2008, including R2.

Installing MAP 4.0

You need to install MAP 4.0 on a computer that’s connected to the systems you want to inventory. The setup wizard guides you through the process of installing MAP and SQL Server 2008 Express Edition. The discovery computer also needs Word 2007 (or 2003 SP2) and Excel 2007 (or 2003 SP2) in order to generate and view reports.

MAP uses Microsoft SQL Server 2008 Express Edition to store collected data. If you don’t have it, the installer will download and configure an instance for you. The first time you launch MAP, you’ll create an inventory database, enter any name you like and click OK.

Discovering Network Computers

MAP can discover network computers through a variety of methods, including:

  • Active Directory Domain Services (AD DS)
  • Windows Networking Protocols
  • Internet Protocol (IP) Address Range scans
  • Manually inputting computer names
  • Importing computer names from a file

Using AD DS, you’ll be able to customize the computers scanned by domains, containers or organizational units. This will discover all computers joined to the domain. You can use this method to scan up to 120,000 computers at one time.

You can also use Windows networking protocols that utilize NetBIOS to discover the computers on the network. The computer browser service must be running on all computers; otherwise, they won’t be discovered. There’s no limit to the number of computers you can scan using this method. The more computers you scan, however, the longer it takes to complete. Also, you can’t run a scan using AD DS and Windows networking protocols at the same time.

You can scan based on an IP address range. Again, there’s no limit to the number of computers scanned, but the more you include in the scan, the longer it will take.

Finally, you can input the name of a single computer or import a file containing the names of the computers you wish to scan up to a maximum of 120,000 computers. You can use the computer name, NetBIOS name, or the fully qualified domain name (FQDN) as long as each computer name is on a new line and you don’t use any delimiters.

MAP uses a number of methods to gather information from the computers being scanned including Windows Management Instrumentation (WMI), which collects hardware, software and device information from the remote computer. You can also use Remote Registry Service, which collects roles installed on a server.

There are a few caveats you need to be aware of regarding WMI:

  • The local account on the remote computer must have a password for WMI to be successful.
  • The Remote Administration exception (Transmission Control Protocol [TCP] port 135) must be enabled if Windows Firewall is enabled.
  • The File and Print Sharing exception (TCP port 137, 445, and User Datagram Protocol [UDP] port 137, 138) must be enabled if Windows Firewall is enabled.
  • If the computer is part of a workgroup, the Network Access: Sharing and Security Model for Local Accounts policy setting must be set to Classic.

Once you’ve installed and launched MAP, you will be presented with the Discovery and Readiness node. To begin, click on Inventory and Assessment Wizard to launch the wizard. You’ll have to select your discovery method and provide WMI credentials. Depending on which method you chose, you may also be required to provide AD DS credentials, IP addresses, or computer names.

Once your scan begins, you will see a review that includes how many computers were scanned, how many scans were successfully completed and how many failed to connect.

Analyzing MAP Data

When your scan is complete, it’s time to analyze the data. To begin, expand Discovery and Readiness in the left pane and then choose Windows 7 Readiness Assessment. You’ll see a number of pie charts highlighting the inventory summary, computers ready for Windows 7 before hardware upgrades, computers ready for Windows 7 after hardware upgrades, and a list of devices and their compatibility.

You can get more detailed reports by clicking on Generate report/proposal in the right pane. This will generate a Word document and Excel document with greater detail on the inventory data collected, all of which will help you analyze all this data you have gathered

Jorge Orchilles

Jorge Orchilles began his networking career as a network administrator for the small private school he attended. He’s currently a security operating center analyst, and recently completed his Master of Science degree in management information systems at Florida International University.

©2011 Elsevier Inc. All rights reserved. Printed with permission from Syngress, an imprint of Elsevier. Copyright 2011. “Microsoft Windows 7 Administrator’s Reference” by Jorge Orchilles. For more information on this title and other similar books, please visit