One thing I wish I had was more time to re-visit my old scripts and re-write them as I often look at my old script and it sends a cold shiver down my spine as I now know a better way of doing things.
As I was away for the weekend and had no internet connection I took my old Audit Script with me, I had a few personal objectives that I wanted to achieve by re-writing this code and I was also asked by a friend who has started to adapt the code into other formats.
So, this is version 3 of the script, you can see how much I have learnt recently as V1 of this script was over 1000 lines, V2 of this script was 847 and now with the new improved code it is a miniscule 459 lines 🙂
My main objectives for this version of the script were:
- Apply my newly learnt PS Skills to optimise the code
- Use a HTML format that worked in all browsers
- Make the code easy to follow
- Make the code easy for other people to produce similar reports of other systems
When you see the code and use the output I hope you will agree I have achieved each of these. The code now works with all browsers I have tested and is very easily customisable.
Check out a screenshot of the output below:
As before this script can be run in two modes, if you run it as it is you will produce an audit of your current machine or if you run it with a path to a text file it will read a list of server names and audit each machine saving a separate html file for each one.
<SMALL RANT> Someone took my last script and removed my name from the code and then posted it as their own code on a powershell site, whilst I do not mind people adjusting and re-using my code, in fact there is nothing better than seeing how other people use my code I would prefer that you at least make a reference to my site or me in your comments.
I have been under certain pressure to start charging for some of my code which I have resisted as I like contributing and making the life of my fellow admins easier, claiming my code as your own is just plain rude.</SMALL RANT>
Love this script. Found it on your site a few years ago, and still use it.
Is it possible to change the output from .htm to a SQL connection and update the results into a database table?
Here is what I am tying to adapt:
$obj1 = get-wmiobject win32_computersystem | select-object Name,Manufacturer,Model,TotalPhysicalMemory,Domain,NumberOfProcessors,PrimaryOwnerName,UserName
$obj2 = get-wmiobject win32_processor | select-object @{l=”Processor”;e={$_.name}},NumberOfCores
$obj3 = get-wmiobject win32_bios | select-object SerialNumber
$obj4 = get-wmiobject win32_operatingsystem | select-object OSArchitecture,@{l=”Operating System”;e={$_.Caption}},Version,SystemDrive,Oganization
$obj5 = get-wmiobject win32_VideoController | select-object @{l=”Video Card”;e={$_.Name}}
$Combined = New-Object -Type PSObject
$obj1,$obj2,$obj3,$obj4,$obj5|%{$CurObj = $_;$_|gm|?{$_.MemberType -match “NoteProperty”}|%{$NewMember = $_.Name;$Combined|Add-Member -MemberType NoteProperty -Name $NewMember -Value $CurObj.$NewMember}}
$Combined|Export-CSV -Path C:\Audit\MachineSpecs.CSV -NoTypeInfo -InputObject $Combined
Found here: http://stackoverflow.com/questions/22202978/combining-output-of-many-objects-into-a-csv
I’ve been trying unsuccessfully to export an additional csv document with the WMI data pulled for the ‘general’ section.
Is it possible to have all or some of this exported to a single csv file?
Write-Output “..Hotfix Information”
$colQuickFixes = Get-WmiObject -ComputerName $Target Win32_QuickFixEngineering
$MyReport += Get-CustomHeader “2” “HotFixes”
$MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, Description, Installedby, InstalledOn | Sort-Object -Property InstalledOn -Descending)
$MyReport += Get-CustomHeaderClose
I reported the issue, hope that was the correct way to do that.
Also, I noticed the HotFix info was not sorted by date. I went ahead and added, “InstalledOn” and “InstalledBy” then sorted it by InstalledOn. This makes it easier to see if the latest patches are installed.
Nice job finding that! Please make sure you update the GitHub repo! https://github.com/alanrenouf/Windows-Workstation-and-Server-Audit
Okay, I found the issue. Looks like ‘ -ComputerName $Target’ variable was missing.
Write-Output “..Hotfix Information”
$colQuickFixes = Get-WmiObject Win32_QuickFixEngineering
$MyReport += Get-CustomHeader “2” “HotFixes”
$MyReport += Get-HTMLTable ($colQuickFixes | Where {$_.HotFixID -ne “File 1” } |Select HotFixID, InstalledOn, Description, InstalledBy | Sort-Object -Property InstalledOn)
$MyReport += Get-CustomHeaderClose
————————
Why would it populate hotfix data from my local PC instead of from computers specified in the path?
Is there any reason why Win32_QuickfixEngineering is populating local patches instead of data from the server.txt?
Pingback: PowerShell Host Audit Script – youremindmeofmymother
Thank You Alan, for your hard work.
it’s possible to generate the report by local users?
very helpfull script
Excellent thanks, Do you have a contact email I could have to send you an email regarding the script, thanks
Sorry, download should be fixed now!
Where can the latest version be downloaded? as the link appears to be dead, thanks
The download link above does not work and I cannot find this script in GitHub. Any ideas where I can download this?
Below is a little addition you can add to give you User and Group info, i noticed someone else also requested this.
Write-Output “..Users”
$adsi = [ADSI]”WinNT://$Target”
function getAdmins
{$adsi.Children | where {$_.SchemaClassName -eq ‘user’} | Foreach-Object {
$groups = $_.Groups() | Foreach-Object {$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}
$_ | Select-Object @{n=’UserName’;e={$_.Name}},@{n=’Groups’;e={$groups -join ‘;’}}}}
$MyReport += Get-CustomHeader “2” “Users”
$MyReport += Get-HTMLTable ( getAdmins )
$MyReport += Get-CustomHeaderClose
You’re a GURU!
A very very handy script, thank you!!
Just in case you have a locked down environment like I do. The only way I could get this script to run without signing it was to run it as: Set-ExecutionPolicy Unrestricted
Not the preferred method of doing things, but I got it done and I love the result. Thanks!
I was right, I did run that command before. I’m still getting the same results about the script not being digitally signed.
Yes, and I did it again to be sure and here is my result after running: PS C:\*****\*******\*****\PowerShell Scripts\Server Audit> .\Audit.ps1
File C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 cannot be loaded. The file C:\*****\*******\*****\PowerShell Scripts\Server Audit\Audit.ps1 is not digitally signed. The script will not execute on the system
. Please see “get-help about_signing” for more details..
At line:1 char:12
+ .\Audit.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
I believe I have but let me try again in the morning. Thanks!
Ok then your execution policy may not have been set, did you follow the response and read more about execution policies ?
Normally people will set their executionpolicy to remotesigned like this:
Set-ExecutionPolicy RemoteSigned
I right click on Audit.ps1 and I see no such option. Only to run it in PowerShell or to edit. Can you clarify Alan?
Right click the file and unblock it before you run it.
A little help? I’m not sure what’s up here…
Audit.ps1 is not digitally signed. The script will not execute on the system
. Please see “get-help about_signing” for more details..
At line:1 char:12
+ .\Audit.ps1 <<<< Servers.txt
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
This is a great script. You deserve props for it. I am always looking and developing new scripts. anyone that dev a new script should be acknowledged.
Hello again Alan, for the printers part of the script could the share name and printer driver also be added?
Thanks
Steve
Thanks for the script Alan. Could you also add the path for any installed software? and for the network card information could you also add the virtual network the card is attached too or its Windows label name?
Thanks
Steve
Thanks for the script! One question – do you have a list of ports that need to be open for the script to work properly?
To run this script do the following:
– Create a .txt file containing Server\PC names with each machine on a new line.
– Call it anything you like and save it to the same place as Audit.ps1.
– Run up a PowerShell Command Prompt (Start>All Programs>Administrative Tools>PowerShell)
– Navigate to the folder where the Audit.ps1 script is
-Type this:
.\Audit.ps1 (your_server_txt_file).txt
Yup that easy! and dont feel stupid, from v1 to v3 I could not work it out either until a team mate said try it. 🙂
The .\ before the .ps1 file is all about permissions or somehting.
Im not a script person im a lazy GUI Based Gen Xer
Great script
I have one problem I can’t get it to run with a text file. Can some help me. need to perform and audit.
Thanks
A great script.
I’d like to modify it, but need some help.
I would like to exclude the Event Logs part and include Members of the Administrators group.
Hi
Not able to execute specify a text file
What format are you using
Thx you
Very good script, many thanks for it.
Is it possible to show the installed roles for w2k8 servers and also show the websites which are configured, including the portnumbers?
A nicer display would be with more than one ip-address the subnetmasks right behind it and not on the bottum.
Pingback: Workstation/Server Audit – Powershell Script « kb4you
A very very handy script, thankyou! One question though, why are you saving the file as ASCII? When auditing a Windows 2008 server, the OS name comes out with “?”s (unable to display the ® symbol) in the text. Switching it back to Unicode resolves this and I was just wondering why you chose ASCII over the default? Thanks!
Great script my friend! One option which would be welcome would be limiting the number of event logs collected to some set number. Running this report in a larger environment for a client who keeps obscenely large event log files can really take a very long time 🙂
Thank you very much!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I’m staggered that people can be such pr1cks to steal your hard word. I know you don’t want to give them credit by naming them, but I’d love to know what sites sanction this sort of behaviour. Thanks heaps for the script – very impressive, and I”m planning to use some of your ideas for an internal audit – rest assured, I’ll leave your name and details in the scrtip !!
Thanks again.
Mick