Workstation/Server Audit

One thing I wish I had was more time to re-visit my old scripts and re-write them as I often look at my old script and it sends a cold shiver down my spine as I now know a better way of doing things.

As I was away for the weekend and had no internet connection I took my old Audit Script with me, I had a few personal objectives that I wanted to achieve by re-writing this code and I was also asked by a friend who has started to adapt the code into other formats.

So, this is version 3 of the script, you can see how much I have learnt recently as V1 of this script was over 1000 lines, V2 of this script was 847 and now with the new improved code it is a miniscule 459 lines 🙂

My main objectives for this version of the script were:

  1. Apply my newly learnt PS Skills to optimise the code
  2. Use a HTML format that worked in all browsers
  3. Make the code easy to follow
  4. Make the code easy for other people to produce similar reports of other systems

When you see the code and use the output I hope you will agree I have achieved each of these. The code now works with all browsers I have tested and is very easily customisable.

Check out a screenshot of the output below:

image

As before this script can be run in two modes, if you run it as it is you will produce an audit of your current machine or if you run it with a path to a text file it will read a list of server names and audit each machine saving a separate html file for each one.

{filelink=8}

<SMALL RANT> Someone took my last script and removed my name from the code and then posted it as their own code on a powershell site, whilst I do not mind people adjusting and re-using my code, in fact there is nothing better than seeing how other people use my code I would prefer that you at least make a reference to my site or me in your comments.

I have been under certain pressure to start charging for some of my code which I have resisted as I like contributing and making the life of my fellow admins easier, claiming my code as your own is just plain rude.</SMALL RANT>

43 thoughts on “Workstation/Server Audit

  1. B Packard

    Here is what I am tying to adapt:

    $obj1 = get-wmiobject win32_computersystem | select-object Name,Manufacturer,Model,TotalPhysicalMemory,Domain,NumberOfProcessors,PrimaryOwnerName,UserName
    $obj2 = get-wmiobject win32_processor | select-object @{l=”Processor”;e={$_.name}},NumberOfCores
    $obj3 = get-wmiobject win32_bios | select-object SerialNumber
    $obj4 = get-wmiobject win32_operatingsystem | select-object OSArchitecture,@{l=”Operating System”;e={$_.Caption}},Version,SystemDrive,Oganization
    $obj5 = get-wmiobject win32_VideoController | select-object @{l=”Video Card”;e={$_.Name}}

    $Combined = New-Object -Type PSObject
    $obj1,$obj2,$obj3,$obj4,$obj5|%{$CurObj = $_;$_|gm|?{$_.MemberType -match “NoteProperty”}|%{$NewMember = $_.Name;$Combined|Add-Member -MemberType NoteProperty -Name $NewMember -Value $CurObj.$NewMember}}
    $Combined|Export-CSV -Path C:\Audit\MachineSpecs.CSV -NoTypeInfo -InputObject $Combined

    Found here: http://stackoverflow.com/questions/22202978/combining-output-of-many-objects-into-a-csv

  2. B Packard

    I’ve been trying unsuccessfully to export an additional csv document with the WMI data pulled for the ‘general’ section.

    Is it possible to have all or some of this exported to a single csv file?

  3. B Packard

    Write-Output “..Hotfix Information”
    $colQuickFixes = Get-WmiObject -ComputerName $Target Win32_QuickFixEngineering
    $MyReport += Get-CustomHeader “2” “HotFixes”
    $MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, Description, Installedby, InstalledOn | Sort-Object -Property InstalledOn -Descending)
    $MyReport += Get-CustomHeaderClose

  4. B Packard

    I reported the issue, hope that was the correct way to do that.

    Also, I noticed the HotFix info was not sorted by date. I went ahead and added, “InstalledOn” and “InstalledBy” then sorted it by InstalledOn. This makes it easier to see if the latest patches are installed.

  5. B Packard

    Write-Output “..Hotfix Information”
    $colQuickFixes = Get-WmiObject Win32_QuickFixEngineering
    $MyReport += Get-CustomHeader “2” “HotFixes”
    $MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, InstalledOn, Description, InstalledBy | Sort-Object -Property InstalledOn)
    $MyReport += Get-CustomHeaderClose

    ————————
    Why would it populate hotfix data from my local PC instead of from computers specified in the path?

  6. Pingback: PowerShell Host Audit Script – youremindmeofmymother

  7. craig

    Excellent thanks, Do you have a contact email I could have to send you an email regarding the script, thanks

  8. Ayanes

    The download link above does not work and I cannot find this script in GitHub. Any ideas where I can download this?

  9. FunBobby

    Below is a little addition you can add to give you User and Group info, i noticed someone else also requested this.

    Write-Output “..Users”

    $adsi = [ADSI]”WinNT://$Target”

    function getAdmins
    {$adsi.Children | where {$_.SchemaClassName -eq ‘user’} | Foreach-Object {
    $groups = $_.Groups() | Foreach-Object {$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}
    $_ | Select-Object @{n=’UserName’;e={$_.Name}},@{n=’Groups’;e={$groups -join ‘;’}}}}

    $MyReport += Get-CustomHeader “2” “Users”
    $MyReport += Get-HTMLTable ( getAdmins )
    $MyReport += Get-CustomHeaderClose

  10. David

    Just in case you have a locked down environment like I do. The only way I could get this script to run without signing it was to run it as: Set-ExecutionPolicy Unrestricted
    Not the preferred method of doing things, but I got it done and I love the result. Thanks!

  11. David

    I was right, I did run that command before. I’m still getting the same results about the script not being digitally signed.

  12. David

    Yes, and I did it again to be sure and here is my result after running: PS C:\*****\*******\*****\PowerShell Scripts\Server Audit> .\Audit.ps1
    File C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 cannot be loaded. The file C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 is not digitally signed. The script will not execute on the system
    . Please see “get-help about_signing” for more details..
    At line:1 char:12
    + .\Audit.ps1 <<<<
    + CategoryInfo : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException

  13. Alan Post author

    Ok then your execution policy may not have been set, did you follow the response and read more about execution policies ?

    Normally people will set their executionpolicy to remotesigned like this:

    Set-ExecutionPolicy RemoteSigned

  14. David

    I right click on Audit.ps1 and I see no such option. Only to run it in PowerShell or to edit. Can you clarify Alan?

  15. David

    A little help? I’m not sure what’s up here…
    Audit.ps1 is not digitally signed. The script will not execute on the system
    . Please see “get-help about_signing” for more details..
    At line:1 char:12
    + .\Audit.ps1 <<<< Servers.txt
    + CategoryInfo : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException

  16. Larry Hunter

    This is a great script. You deserve props for it. I am always looking and developing new scripts. anyone that dev a new script should be acknowledged.

  17. Steve

    Hello again Alan, for the printers part of the script could the share name and printer driver also be added?

    Thanks

    Steve

  18. Steve

    Thanks for the script Alan. Could you also add the path for any installed software? and for the network card information could you also add the virtual network the card is attached too or its Windows label name?

    Thanks

    Steve

  19. Infrastructure - It pay well :)

    To run this script do the following:

    – Create a .txt file containing Server\PC names with each machine on a new line.
    – Call it anything you like and save it to the same place as Audit.ps1.
    – Run up a PowerShell Command Prompt (Start>All Programs>Administrative Tools>PowerShell)
    – Navigate to the folder where the Audit.ps1 script is
    -Type this:

    .\Audit.ps1 (your_server_txt_file).txt

    Yup that easy! and dont feel stupid, from v1 to v3 I could not work it out either until a team mate said try it. 🙂

    The .\ before the .ps1 file is all about permissions or somehting.

    Im not a script person im a lazy GUI Based Gen Xer

  20. Hans

    Great script

    I have one problem I can’t get it to run with a text file. Can some help me. need to perform and audit.

    Thanks

  21. Bernardo

    A great script.
    I’d like to modify it, but need some help.
    I would like to exclude the Event Logs part and include Members of the Administrators group.

  22. dre

    Very good script, many thanks for it.

    Is it possible to show the installed roles for w2k8 servers and also show the websites which are configured, including the portnumbers?
    A nicer display would be with more than one ip-address the subnetmasks right behind it and not on the bottum.

  23. Pingback: Workstation/Server Audit – Powershell Script « kb4you

  24. Damien

    A very very handy script, thankyou! One question though, why are you saving the file as ASCII? When auditing a Windows 2008 server, the OS name comes out with “?”s (unable to display the ® symbol) in the text. Switching it back to Unicode resolves this and I was just wondering why you chose ASCII over the default? Thanks!

  25. Zach Loeber

    Great script my friend! One option which would be welcome would be limiting the number of event logs collected to some set number. Running this report in a larger environment for a client who keeps obscenely large event log files can really take a very long time 🙂

  26. mickjf

    I’m staggered that people can be such pr1cks to steal your hard word. I know you don’t want to give them credit by naming them, but I’d love to know what sites sanction this sort of behaviour. Thanks heaps for the script – very impressive, and I”m planning to use some of your ideas for an internal audit – rest assured, I’ll leave your name and details in the scrtip !!

    Thanks again.

    Mick

Leave a Reply to Alan

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.