Friday, August 7, 2015

Free Script Friday - Basic Server Audit

Free script Friday's are either large Powershell scripts I use, or portions of ones I use that provide some sort of useful functionality. I don't go into detail on these as the write up's would be lengthy. You are free to use these however you would like, and they come with no guarantee. I'm happy to answer questions in the comments below if I can and am happy to help research the question if I can't.

Basic Computer Audit (WMI and Registry)

This audit script uses both WMI and the registry to gather system information to be reported in a console output. Quickly gather base system information in a single click. Furthermore, this can be saved as a script, and ran remotely against servers using invoke-pssession (more on that later). Questions/Comments/Requests? Leave them in the comments below.

cls
# Clear Variables/Set to Defaults
$AuditDate = $(Get-Date  -format "MM/dd/yy HH:mm:ss")
$FQDN = $env:COMPUTERNAME + "." + $env:USERDNSDOMAIN
$SysMake = (Get-WmiObject Win32_ComputerSystem).Manufacturer
$SysModel = (Get-WmiObject Win32_ComputerSystem).Model
If ( $SysModel -like "$SysMake*" ) { $SysInfo = $SysModel } Else { $SysInfo = $SysMake + " " + $SysModel }
$IEver = ((get-item "c:\program files\internet explorer\iexplore.exe" | select -expand versioninfo | fl productversion) | out-string).split(':')[1].split('.')[0]
$OperatingSystem = (Get-WmiObject Win32_OperatingSystem).Caption.substring(10) + " SP " + (Get-WmiObject Win32_OperatingSystem).ServicePackMajorVersion
$TimeZone = (Get-WmiObject Win32_TimeZone).Caption
# Get Memory Information
$SystemMemory = "{0:N0}" -f ((Get-WmiObject Win32_ComputerSystem).TotalPhysicalMemory/1gb)
$MemSlots = [string](@((Get-WmiObject Win32_PhysicalMemory)).count) + " Slots"
$MemSpeed = " at " + [string](@((Get-WmiObject Win32_PhysicalMemory))[0].Speed) + " Mhz"
If ( $MemSpeed -eq " at  Mhz" ) { $MemSpeed = "" }
$MemInfo = $SystemMemory + " GB in " + $MemSlots + $MemSpeed
# Get UAC Info
if((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System").EnableLUA -eq "0") {$UAC = "Disabled"} ELSE { $UAC = "Enabled" }
# Get DEP Info: All Programs or Essential Programs Only
if(!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\NoExecuteState")) {$DEP = "Essential Programs Only"} ELSE {$DEP = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\NoExecuteState").LastNoExecuteRadioButtonState}
if ($DEP -eq 14012){$DEP="Essential Programs Only"}
if ($DEP -eq 14013){$DEP="All Programs"}
# Get Proc Info
$ProcSummary = @()
$ProcTotal = 0
Get-WmiObject Win32_Processor | Select Name, NumberofCores, NumberofLogicalProcessors | Foreach { $ProcSummary += $_; $ProcTotal += $_.NumberofCores }
If ( $ProcSummary[0].NumberofLogicalProcessors -eq $ProcSummary[0].NumberofCores ) { $HT = " - HT Disabled" } Else { $HT = " - HT Enabled" }
$ProcInfo = [string]($ProcTotal) + " " + $ProcSummary[0].Name.replace("  ","").replace("(R)","").split("@")[0] + $ProcSummary[0].Name.split("@")[1] + $HT

# Write-Output
write-host "Server Summary Audit" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Date:" $AuditDate -fo Green
write-host "FQDN:" $FQDN -fo Green
write-host "System Info:" $SysInfo -fo Green
write-host
write-host "Operating System Audit" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Operating System:" $OperatingSystem
write-host "Timezone:" $TimeZone
write-host "Internet Explorer:" $IEver
write-host "UAC Status:" $UAC
write-host "DEP Status:" $DEP
write-host
write-host "Hardware - Memory" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Memory:" $MemInfo
write-host
write-host "Hardware - Processor" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Processor:" $ProcInfo
write-host
write-host "Hardware - Storage" -fo Cyan
write-host "==========================" -fo Cyan
foreach ($system_vol in (Get-WmiObject Win32_Volume | Where { $_.Name -notlike "\\?\*" } | Sort Name)){
    $system_volname = $system_vol.name
    $system_vollabel = (Get-WmiObject Win32_LogicalDisk | Where { $_.DeviceID -eq $system_vol.DriveLetter }).VolumeName
    $system_VolSize = "{0:N0}" -f ($system_Vol.Capacity/1gb)
    $system_volfs = $system_vol.filesystem
    $system_volpagefile = $system_vol.PageFilePresent
    if (!$system_volpagefile) {$system_volpagefile = "False"} ELSE {$system_volpagefile = "True"}
    if (!$system_volfs) {$system_volfs = "N/A"}
    if ($system_vol.drivetype -eq "5") {$system_volfs = "CDROM"}
    $system_volletter = $system_vol.DriveLetter
    if ($system_vol.drivetype -eq "3") {$system_voldeviceid = ((Get-WmiObject Win32_LogicalDiskToPartition | Where { $_.Dependent -like "*$system_volletter*" }).Antecedent).split("=")[1].replace("""","") }
    Else { $system_volDeviceID = "N/A" }
    # Console Output
    write-host "Volume Name               :" $system_volname
    write-host "Volume Label              :" $system_vollabel
    write-host "Volume Size (GB)          :" $system_volsize
    write-host "File System               :" $system_volfs
    write-host "Device ID                 :" $system_voldeviceid
    write-host "---"
}
write-host
write-host "Hardware - Network Info" -fo Cyan
write-host "==========================" -fo Cyan
$objWin32NAC = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -namespace "root\CIMV2" -Filter "IPEnabled = 'True'" 
foreach ($objNACItem in $objWin32NAC){
    $system_nicdesc = $objNACItem.Description
    $system_nicipv4 = $objNACItem.IPAddress[0]
    $system_nicipv6 = $objNACItem.IPAddress[1]
    $system_nicsub = $objNACItem.IPSubnet[0]
    $system_nicdg = $objNACItem.DefaultIPGateway
    #Console Output
    Write-Host "Description               :" $system_nicdesc
    Write-Host "IP Address (IPv4)         :" $system_nicipv4
    Write-Host "IP Address (IPv6)         :" $system_nicipv6
    Write-Host "Subnet Mask               :" $system_nicsub
    Write-Host "Default Gateway           :" $system_nicdg
    Write-Host "---"
}
write-host

No comments:

Post a Comment