Workstation/Server Audit

One thing I wish I had was more time to re-visit my old scripts and re-write them as I often look at my old script and it sends a cold shiver down my spine as I now know a better way of doing things.

As I was away for the weekend and had no internet connection I took my old Audit Script with me, I had a few personal objectives that I wanted to achieve by re-writing this code and I was also asked by a friend who has started to adapt the code into other formats.

So, this is version 3 of the script, you can see how much I have learnt recently as V1 of this script was over 1000 lines, V2 of this script was 847 and now with the new improved code it is a miniscule 459 lines ๐Ÿ™‚

My main objectives for this version of the script were:

  1. Apply my newly learnt PS Skills to optimise the code
  2. Use a HTML format that worked in all browsers
  3. Make the code easy to follow
  4. Make the code easy for other people to produce similar reports of other systems

When you see the code and use the output I hope you will agree I have achieved each of these. The code now works with all browsers I have tested and is very easily customisable.

Check out a screenshot of the output below:


As before this script can be run in two modes, if you run it as it is you will produce an audit of your current machine or if you run it with a path to a text file it will read a list of server names and audit each machine saving a separate html file for each one.


<SMALL RANT> Someone took my last script and removed my name from the code and then posted it as their own code on a powershell site, whilst I do not mind people adjusting and re-using my code, in fact there is nothing better than seeing how other people use my code I would prefer that you at least make a reference to my site or me in your comments.

I have been under certain pressure to start charging for some of my code which I have resisted as I like contributing and making the life of my fellow admins easier, claiming my code as your own is just plain rude.</SMALL RANT>

43 thoughts on “Workstation/Server Audit”

  1. I’ve been trying unsuccessfully to export an additional csv document with the WMI data pulled for the ‘general’ section.

    Is it possible to have all or some of this exported to a single csv file?

    1. Here is what I am tying to adapt:

      $obj1 = get-wmiobject win32_computersystem | select-object Name,Manufacturer,Model,TotalPhysicalMemory,Domain,NumberOfProcessors,PrimaryOwnerName,UserName
      $obj2 = get-wmiobject win32_processor | select-object @{l=”Processor”;e={$}},NumberOfCores
      $obj3 = get-wmiobject win32_bios | select-object SerialNumber
      $obj4 = get-wmiobject win32_operatingsystem | select-object OSArchitecture,@{l=”Operating System”;e={$_.Caption}},Version,SystemDrive,Oganization
      $obj5 = get-wmiobject win32_VideoController | select-object @{l=”Video Card”;e={$_.Name}}

      $Combined = New-Object -Type PSObject
      $obj1,$obj2,$obj3,$obj4,$obj5|%{$CurObj = $_;$_|gm|?{$_.MemberType -match “NoteProperty”}|%{$NewMember = $_.Name;$Combined|Add-Member -MemberType NoteProperty -Name $NewMember -Value $CurObj.$NewMember}}
      $Combined|Export-CSV -Path C:\Audit\MachineSpecs.CSV -NoTypeInfo -InputObject $Combined

      Found here:

    1. Write-Output “..Hotfix Information”
      $colQuickFixes = Get-WmiObject Win32_QuickFixEngineering
      $MyReport += Get-CustomHeader “2” “HotFixes”
      $MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, InstalledOn, Description, InstalledBy | Sort-Object -Property InstalledOn)
      $MyReport += Get-CustomHeaderClose

      Why would it populate hotfix data from my local PC instead of from computers specified in the path?

        1. I reported the issue, hope that was the correct way to do that.

          Also, I noticed the HotFix info was not sorted by date. I went ahead and added, “InstalledOn” and “InstalledBy” then sorted it by InstalledOn. This makes it easier to see if the latest patches are installed.

          1. Write-Output “..Hotfix Information”
            $colQuickFixes = Get-WmiObject -ComputerName $Target Win32_QuickFixEngineering
            $MyReport += Get-CustomHeader “2” “HotFixes”
            $MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, Description, Installedby, InstalledOn | Sort-Object -Property InstalledOn -Descending)
            $MyReport += Get-CustomHeaderClose

  2. The download link above does not work and I cannot find this script in GitHub. Any ideas where I can download this?

  3. Below is a little addition you can add to give you User and Group info, i noticed someone else also requested this.

    Write-Output “..Users”

    $adsi = [ADSI]”WinNT://$Target”

    function getAdmins
    {$adsi.Children | where {$_.SchemaClassName -eq ‘user’} | Foreach-Object {
    $groups = $_.Groups() | Foreach-Object {$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}
    $_ | Select-Object @{n=’UserName’;e={$_.Name}},@{n=’Groups’;e={$groups -join ‘;’}}}}

    $MyReport += Get-CustomHeader “2” “Users”
    $MyReport += Get-HTMLTable ( getAdmins )
    $MyReport += Get-CustomHeaderClose

      1. Just in case you have a locked down environment like I do. The only way I could get this script to run without signing it was to run it as: Set-ExecutionPolicy Unrestricted
        Not the preferred method of doing things, but I got it done and I love the result. Thanks!

  4. A little help? I’m not sure what’s up here…
    Audit.ps1 is not digitally signed. The script will not execute on the system
    . Please see “get-help about_signing” for more details..
    At line:1 char:12
    + .\Audit.ps1 <<<< Servers.txt
    + CategoryInfo : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException

        1. Ok then your execution policy may not have been set, did you follow the response and read more about execution policies ?

          Normally people will set their executionpolicy to remotesigned like this:

          Set-ExecutionPolicy RemoteSigned

          1. Yes, and I did it again to be sure and here is my result after running: PS C:\*****\*******\*****\PowerShell Scripts\Server Audit> .\Audit.ps1
            File C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 cannot be loaded. The file C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 is not digitally signed. The script will not execute on the system
            . Please see “get-help about_signing” for more details..
            At line:1 char:12
            + .\Audit.ps1 <<<<
            + CategoryInfo : NotSpecified: (:) [], PSSecurityException
            + FullyQualifiedErrorId : RuntimeException

  5. Hello again Alan, for the printers part of the script could the share name and printer driver also be added?



  6. Thanks for the script Alan. Could you also add the path for any installed software? and for the network card information could you also add the virtual network the card is attached too or its Windows label name?



  7. To run this script do the following:

    – Create a .txt file containing Server\PC names with each machine on a new line.
    – Call it anything you like and save it to the same place as Audit.ps1.
    – Run up a PowerShell Command Prompt (Start>All Programs>Administrative Tools>PowerShell)
    – Navigate to the folder where the Audit.ps1 script is
    -Type this:

    .\Audit.ps1 (your_server_txt_file).txt

    Yup that easy! and dont feel stupid, from v1 to v3 I could not work it out either until a team mate said try it. ๐Ÿ™‚

    The .\ before the .ps1 file is all about permissions or somehting.

    Im not a script person im a lazy GUI Based Gen Xer

  8. Great script

    I have one problem I can’t get it to run with a text file. Can some help me. need to perform and audit.


  9. A great script.
    I’d like to modify it, but need some help.
    I would like to exclude the Event Logs part and include Members of the Administrators group.

  10. Very good script, many thanks for it.

    Is it possible to show the installed roles for w2k8 servers and also show the websites which are configured, including the portnumbers?
    A nicer display would be with more than one ip-address the subnetmasks right behind it and not on the bottum.

  11. A very very handy script, thankyou! One question though, why are you saving the file as ASCII? When auditing a Windows 2008 server, the OS name comes out with “?”s (unable to display the ยฎ symbol) in the text. Switching it back to Unicode resolves this and I was just wondering why you chose ASCII over the default? Thanks!

  12. Great script my friend! One option which would be welcome would be limiting the number of event logs collected to some set number. Running this report in a larger environment for a client who keeps obscenely large event log files can really take a very long time ๐Ÿ™‚

  13. I’m staggered that people can be such pr1cks to steal your hard word. I know you don’t want to give them credit by naming them, but I’d love to know what sites sanction this sort of behaviour. Thanks heaps for the script – very impressive, and I”m planning to use some of your ideas for an internal audit – rest assured, I’ll leave your name and details in the scrtip !!

    Thanks again.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Living in software defined reality

%d bloggers like this: