Free script Friday's are either large Powershell scripts I use, or portions of ones I use that provide some sort of useful functionality. I don't go into detail on these as the write up's would be lengthy. You are free to use these however you would like, and they come with no guarantee. I'm happy to answer questions in the comments below if I can and am happy to help research the question if I can't.
Basic Computer Audit (WMI and Registry)
This audit script uses both WMI and the registry to gather system information to be reported in a console output. Quickly gather base system information in a single click. Furthermore, this can be saved as a script, and ran remotely against servers using invoke-pssession (more on that later). Questions/Comments/Requests? Leave them in the comments below.
cls
# Clear Variables/Set to Defaults
$AuditDate = $(Get-Date -format "MM/dd/yy HH:mm:ss")
$FQDN = $env:COMPUTERNAME + "." + $env:USERDNSDOMAIN
$SysMake = (Get-WmiObject Win32_ComputerSystem).Manufacturer
$SysModel = (Get-WmiObject Win32_ComputerSystem).Model
If ( $SysModel -like "$SysMake*" ) { $SysInfo = $SysModel } Else { $SysInfo = $SysMake + " " + $SysModel }
$IEver = ((get-item "c:\program files\internet explorer\iexplore.exe" | select -expand versioninfo | fl productversion) | out-string).split(':')[1].split('.')[0]
$OperatingSystem = (Get-WmiObject Win32_OperatingSystem).Caption.substring(10) + " SP " + (Get-WmiObject Win32_OperatingSystem).ServicePackMajorVersion
$TimeZone = (Get-WmiObject Win32_TimeZone).Caption
# Get Memory Information
$SystemMemory = "{0:N0}" -f ((Get-WmiObject Win32_ComputerSystem).TotalPhysicalMemory/1gb)
$MemSlots = [string](@((Get-WmiObject Win32_PhysicalMemory)).count) + " Slots"
$MemSpeed = " at " + [string](@((Get-WmiObject Win32_PhysicalMemory))[0].Speed) + " Mhz"
If ( $MemSpeed -eq " at Mhz" ) { $MemSpeed = "" }
$MemInfo = $SystemMemory + " GB in " + $MemSlots + $MemSpeed
# Get UAC Info
if((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System").EnableLUA -eq "0") {$UAC = "Disabled"} ELSE { $UAC = "Enabled" }
# Get DEP Info: All Programs or Essential Programs Only
if(!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\NoExecuteState")) {$DEP = "Essential Programs Only"} ELSE {$DEP = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\NoExecuteState").LastNoExecuteRadioButtonState}
if ($DEP -eq 14012){$DEP="Essential Programs Only"}
if ($DEP -eq 14013){$DEP="All Programs"}
# Get Proc Info
$ProcSummary = @()
$ProcTotal = 0
Get-WmiObject Win32_Processor | Select Name, NumberofCores, NumberofLogicalProcessors | Foreach { $ProcSummary += $_; $ProcTotal += $_.NumberofCores }
If ( $ProcSummary[0].NumberofLogicalProcessors -eq $ProcSummary[0].NumberofCores ) { $HT = " - HT Disabled" } Else { $HT = " - HT Enabled" }
$ProcInfo = [string]($ProcTotal) + " " + $ProcSummary[0].Name.replace(" ","").replace("(R)","").split("@")[0] + $ProcSummary[0].Name.split("@")[1] + $HT
# Write-Output
write-host "Server Summary Audit" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Date:" $AuditDate -fo Green
write-host "FQDN:" $FQDN -fo Green
write-host "System Info:" $SysInfo -fo Green
write-host
write-host "Operating System Audit" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Operating System:" $OperatingSystem
write-host "Timezone:" $TimeZone
write-host "Internet Explorer:" $IEver
write-host "UAC Status:" $UAC
write-host "DEP Status:" $DEP
write-host
write-host "Hardware - Memory" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Memory:" $MemInfo
write-host
write-host "Hardware - Processor" -fo Cyan
write-host "==========================" -fo Cyan
write-host "Processor:" $ProcInfo
write-host
write-host "Hardware - Storage" -fo Cyan
write-host "==========================" -fo Cyan
foreach ($system_vol in (Get-WmiObject Win32_Volume | Where { $_.Name -notlike "\\?\*" } | Sort Name)){
$system_volname = $system_vol.name
$system_vollabel = (Get-WmiObject Win32_LogicalDisk | Where { $_.DeviceID -eq $system_vol.DriveLetter }).VolumeName
$system_VolSize = "{0:N0}" -f ($system_Vol.Capacity/1gb)
$system_volfs = $system_vol.filesystem
$system_volpagefile = $system_vol.PageFilePresent
if (!$system_volpagefile) {$system_volpagefile = "False"} ELSE {$system_volpagefile = "True"}
if (!$system_volfs) {$system_volfs = "N/A"}
if ($system_vol.drivetype -eq "5") {$system_volfs = "CDROM"}
$system_volletter = $system_vol.DriveLetter
if ($system_vol.drivetype -eq "3") {$system_voldeviceid = ((Get-WmiObject Win32_LogicalDiskToPartition | Where { $_.Dependent -like "*$system_volletter*" }).Antecedent).split("=")[1].replace("""","") }
Else { $system_volDeviceID = "N/A" }
# Console Output
write-host "Volume Name :" $system_volname
write-host "Volume Label :" $system_vollabel
write-host "Volume Size (GB) :" $system_volsize
write-host "File System :" $system_volfs
write-host "Device ID :" $system_voldeviceid
write-host "---"
}
write-host
write-host "Hardware - Network Info" -fo Cyan
write-host "==========================" -fo Cyan
$objWin32NAC = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -namespace "root\CIMV2" -Filter "IPEnabled = 'True'"
foreach ($objNACItem in $objWin32NAC){
$system_nicdesc = $objNACItem.Description
$system_nicipv4 = $objNACItem.IPAddress[0]
$system_nicipv6 = $objNACItem.IPAddress[1]
$system_nicsub = $objNACItem.IPSubnet[0]
$system_nicdg = $objNACItem.DefaultIPGateway
#Console Output
Write-Host "Description :" $system_nicdesc
Write-Host "IP Address (IPv4) :" $system_nicipv4
Write-Host "IP Address (IPv6) :" $system_nicipv6
Write-Host "Subnet Mask :" $system_nicsub
Write-Host "Default Gateway :" $system_nicdg
Write-Host "---"
}
write-host
No comments:
Post a Comment