API tools faq
paste
mikedopp

Detailed Server Audit to Text File

mikedopp
Nov 12th, 2018
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 11.32 KB | None | 0 0
raw download clone embed print report diff
  1. #Detailed Server Audit to Text File
  2. #
  3. #Thanks to all the Powershell Users who contributed their code. Created on 8/24/15.
  4. #
  5. #This Powershell script outputs a very verbose and detailed audit for a list of servers that can be put in a Word or OneNote Document. This script runs on the local server with the Invoke-Command command and saves the information to a detailed text file on a network file share. It requires the following commands to connect remotely and save to a network file share.
  6. #
  7. #Run Commands on Server in Powershell Console
  8. #"Set-ExecutionPolicy RemoteSigned -Force"
  9. #"Enable-PSRemoting -Force"
  10. #"Enable-WsManCredSSP -Role Server -Force"
  11. #
  12. #Run Commands on Your Computer in Powershell Console
  13. #"Enable-WSManCredSSP -Role Client -DelegateComputer *.YOURDOMAIN.COM"
  14. #
  15. #Replace the path to the text files in the script with your network file share location.
  16. #\\YOURSERVER\YOURFILESHARE\YOURTEXTFILE.txt
  17. #
  18. #Features To Update
  19. #-Add More Write-Host
  20. #-Add Logging
  21. #-Fix Date Time Formatting
  22. #-Cleanup Formatting
  23.  
  24. #Pre-Script Commands
  25. Clear-Host
  26.  
  27. #Get Credentials
  28. if($cred = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "")){}else{exit}
  29.  
  30. #Get Servers
  31. $ServerList = Get-Content "\\YOURSERVER\YOURFILESHARE\Servers.txt"
  32. ForEach ($Server in $ServerList) {
  33.  
  34. #Remote Script
  35. Invoke-Command -ComputerName $Server -Credential $cred -Authentication CredSSP -ScriptBlock {
  36.  
  37.     #Start Script
  38.     #Import Modules
  39.     Import-Module ServerManager
  40.  
  41.     #Misc Variables
  42.     $ServerName = $env:computername
  43.     $CurrentDateTime = Get-Date
  44.     $FileOutput = "\\YOURSERVER\YOURFILESHARE\$ServerName.txt"
  45.     Write-Host "$($ServerName) - Starting Script"
  46.     #Create Files
  47.     If(Test-Path -path $FileOutput)
  48.         {}
  49.         else {New-Item $FileOutput -type file}
  50.  
  51.     #Clear File Content
  52.     Clear-Content $FileOutput
  53.    
  54.     #WMI Queries
  55.     $OperatingSystems = Get-WmiObject -Class Win32_OperatingSystem | Select -Property Caption , CSDVersion , OSArchitecture , Description
  56.     $Disk = Get-WmiObject -Class Win32_LogicalDisk -Filter DriveType=3 | Select SystemName , DeviceID , @{Name=”sizeGB”;Expression={{0:N1}-f($_.size/1gb)}} , @{Name=”freespaceGB”;Expression={{0:N1}-f($_.freespace/1gb)}}
  57.     $BIOS = Get-WmiObject -Class Win32_BIOS | Select -Property Manufacturer , Model , Version , SerialNumber
  58.     $ComputerSystem = Get-WmiObject -Class Win32_ComputerSystem | Select -Property Name , Model , Manufacturer , NumberOfProcessors , Description
  59.     $Processor = [object[]]$(get-WMIObject Win32_Processor)
  60.     $ProcessorName = Get-WmiObject -Class Win32_Processor | Select -First 1 -Property Name
  61.     $PhysicalMemory = (Get-WMIObject Win32_PhysicalMemory |  Measure-Object Capacity -Sum).sum/1GB
  62.     $Adapters = Get-WmiObject -Class Win32_NetworkAdapterConfiguration
  63.     $Features = Get-WindowsFeature | Where-Object {$_.Installed -eq $True} | Select -Property DisplayName
  64.        
  65.     #Virtual or Physical System
  66.     if($BIOS.Version -match "VRTUAL") {$PhysicalOrVirtual = "Virtual - Hyper-V"}
  67.     elseif($BIOS.Version -match "A M I") {$PhysicalOrVirtual = "Virtual - Virtual PC"}
  68.     elseif($BIOS.Version -like "*Xen*") {$PhysicalOrVirtual = "Virtual - Xen"}
  69.     elseif($BIOS.SerialNumber -like "*VMware*") {$PhysicalOrVirtual = "Virtual - VMWare"}
  70.     elseif($ComputerSystem.manufacturer -like "*Microsoft*") {$PhysicalOrVirtual = "Virtual - Hyper-V"}
  71.     elseif($ComputerSystem.manufacturer -like "*VMWare*") {$PhysicalOrVirtual = "Virtual - VMWare"}
  72.     elseif($ComputerSystem.model -like "*Virtual*") {$PhysicalOrVirtual = "Virtual"}
  73.     else {$PhysicalOrVirtual = "Physical"}
  74.    
  75.     #Computer.txt File Content
  76.     #Overview
  77.     Add-Content $FileOutput "Overview"
  78.     Add-Content $FileOutput "The $env:computername Server is the $($OperatingSystems.Description).  This Server was last queried on $CurrentDateTime."
  79.     Add-Content $FileOutput ""
  80.    
  81.     #Specifications
  82.     Add-Content $FileOutput "Specifications"
  83.     Write-Output "The $PhysicalOrVirtual Server $($ComputerSystem.Name) runs the $($OperatingSystems.Caption)$($OperatingSystems.CSDVersion) $($OperatingSystems.OSArchitecture) Operating System on $($ComputerSystem.Model) with $($PhysicalMemory) GBs of Memory running on $($SystemProcessor.Name) with $(($Processor|measure-object NumberOfLogicalProcessors -sum).Sum) Logical processors and $($Processor.count) Cores." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  84.     Add-Content $FileOutput ""
  85.     Write-Output "The Operating System is installed on the $env:SystemDrive Drive, and the rest of the drives are for data.  The server has the following $($Disk.count) drives:" | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  86.    
  87.     #Drives
  88.     $Disk | Foreach-Object {
  89.         Write-Output "The $($_.DeviceID) Drive size is $($_.sizeGB) GBs with $($_.freespaceGB) GBs of free space." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  90.         }
  91.     Add-Content $FileOutput ""
  92.    
  93.     #Network Adapters
  94.     Add-Content $FileOutput "This Server has the following active Network Adapters:"
  95.     Foreach ($Adapter in ($Adapters | Where {$_.IPEnabled -eq $True})) {
  96.         $AdapterDetails = "" | Select Description, "Physical address" , "IP Address" , "Subnet Mask" , "Default Gateway" , "DHCP Enabled", DNSServerSearchOrder , WINS , DNS
  97.         $AdapterDetails.Description = "$($Adapter.Description)"
  98.         $AdapterDetails."Physical address" = "$($Adapter.MACaddress)"
  99.         If ($Adapter.IPAddress -ne $Null) {
  100.         $AdapterDetails."IP Address" = "$($Adapter.IPAddress)"
  101.         $AdapterDetails."Subnet Mask" = "$($Adapter.IPSubnet)"
  102.         $AdapterDetails."Default Gateway" = "$($Adapter.DefaultIPGateway)"
  103.         }
  104.         If ($Adapter.DHCPEnabled -eq "True")    {
  105.         $AdapterDetails."DHCP Enabled" = "enabled"
  106.         }
  107.         Else {
  108.             $AdapterDetails."DHCP Enabled" = "not enabled"
  109.         }
  110.         If ($Adapter.DNSServerSearchOrder -ne $Null)    {
  111.             $AdapterDetails.DNS =  "$($Adapter.DNSServerSearchOrder)"
  112.         }
  113.         $AdapterDetails.WINS = "$($Adapter.WINSPrimaryServer) $($Adapter.WINSSecondaryServer)"
  114.         Write-Output "The Network Adapter '$($AdapterDetails.Description)' has the IP Address of $($AdapterDetails.”IP Address"), Subnet Mask of $($AdapterDetails.”Subnet Mask"), Default Gateway of $($AdapterDetails.”Default Gateway"), WINS Servers are $($AdapterDetails.WINS) and the DNS Servers are $($AdapterDetails.DNS) with the MAC Address of $($AdapterDetails.”Physical address"). DHCP Addressing is $($AdapterDetails."DHCP Enabled")." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  115.         Add-Content $FileOutput ""
  116.     }
  117.    
  118.     #Local Administrators
  119.     Add-Content $FileOutput "Local Administrators"
  120.     Add-Content $FileOutput "$env:ComputerName has the following Local Administrators:"
  121.     net localgroup administrators | where {$_ -AND $_ -notmatch "command completed successfully"} | select -skip 4 | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  122.     Add-Content $FileOutput ""
  123.    
  124.     #Roles and Features Section
  125.     Add-Content $FileOutput "Roles and Features"
  126.     Add-Content $FileOutput "$env:ComputerName has the following Roles and Features installed:"
  127.     $Features | Foreach-Object {
  128.         Write-Output $_.DisplayName | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  129.         }
  130.     Add-Content $FileOutput "" 
  131.    
  132.     #Applications Section
  133.     Add-Content $FileOutput "Applications"
  134.     Add-Content $FileOutput "This Server has the following non-default Applications installed:"
  135.     $ServerAppFilter = Get-Content -Path "\\YOURSERVER\YOURFILESHARE\ServerAppFilter.txt"
  136.     $ServerApps = Get-WmiObject Win32_Product | Select Name , Version
  137.     $ServerApps | Where-Object {!($ServerAppFilter -contains $_.Name -or $_.Name -like "*Microsoft*" -or $_.Name -Like "*NetIQ*" -or $_.Name -like "*SQL Server*" -or $_.Name -like "*Symantec*" -or $_.Name -like "*Visual Studio*" -or $_.Name -like "*Visual Basic*")} | Sort Name | Foreach-Object {
  138.             Write-Output "$($_.Name)" | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  139.             }
  140.     Add-Content $FileOutput ""
  141.     Add-Content $FileOutput "This Server has the following default Applications installed:"
  142.     $ServerAppFilter = Get-Content -Path "\\YOURSERVER\YOURFILESHARE\ServerAppFilter.txt"
  143.     $ServerApps | Where-Object {$ServerAppFilter -contains $_.Name -or $_.Name -like "*Microsoft*" -or $_.Name -Like "*NetIQ*" -or $_.Name -like "*SQL Server*" -or $_.Name -like "*Symantec*" -or $_.Name -like "*Visual Studio*" -or $_.Name -like "*Visual Basic*"} | Sort Name | Foreach-Object {
  144.             Write-Output "$($_.Name)" | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  145.             }
  146.     Add-Content $FileOutput ""
  147.    
  148.     #Services Section
  149.     Add-Content $FileOutput "Services"
  150.     Add-Content $FileOutput "This Server has the following non-default services installed:"
  151.     $ServerServiceFilter = Get-Content -Path "\\YOURSERVER\YOURFILESHARE\ServerServiceFilter.txt"
  152.     $Service = Get-WmiObject win32_service | Select DisplayName , State , StartName | Where-Object { $ServerServiceFilter -notcontains $_.DisplayName}
  153.     $Service | Foreach-Object {
  154.             Write-Output "$($_.DisplayName) runs as $($_.State) on $($_.StartName)." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  155.             }
  156.     Add-Content $FileOutput ""
  157.    
  158.     #File Shares
  159.     Add-Content $FileOutput "File Shares"
  160.     Add-Content $FileOutput "$env:ComputerName has the following File Shares installed:"
  161.     $FileShares = Get-WmiObject -Class Win32_Share | Select -Property Name , Path , Description
  162.     $FileShares | Foreach-Object {
  163.         Write-Output "$($_.Name) with the path of $($_.Path) is used for $($_.Description)." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  164.         }
  165.     Add-Content $FileOutput ""
  166.    
  167.     #Scheduled Tasks Section
  168.     $SchedTasks = New-Object -Com "Schedule.Service"
  169.     $SchedTasks.Connect()
  170.     $SchedOut = @()
  171.     $SchedTasks.GetFolder("\").GetTasks(0) | % {
  172.         $xml = [xml]$_.xml
  173.         $SchedOut += New-Object psobject -Property @{
  174.             "Name" = $_.Name
  175.             "Path" = $_.Path
  176.             "Status" = switch($_.State) {0 {"Unknown"} 1 {"Disabled"} 2 {"Queued"} 3 {"Ready"} 4 {"Running"}}
  177.             "NextRunTime" = $_.NextRunTime
  178.             "LastRunTime" = $_.LastRunTime
  179.             "LastRunResult" = $_.LastTaskResult
  180.             "NumberOfMissedRuns" = $_.numberofmissedruns
  181.             "Actions" = ($xml.Task.Actions.Exec | % { "$($_.Command) $($_.Arguments)" }) -join "`n"
  182.             "Author" = $xml.Task.RegistrationInfo.Author
  183.             "Created" = $xml.Task.RegistrationInfo.Date
  184.             "Description" = ([xml]$_.xml).Task.RegistrationInfo.Description
  185.             "UserId" = ([xml]$_.xml).Task.Principals.Principal.UserId      
  186.         }
  187.     }
  188.     Add-Content $FileOutput "Scheduled Tasks"
  189.     Add-Content $FileOutput "This Server has the following Scheduled Tasks:"
  190.     $SchedOut | Select Name , Path , Status , NextRunTime , LastRunTime , LastRunResult , NumberOfMissedRuns , Actions , Author , Created , Description , UserId , GroupId |`
  191.     Foreach-Object {
  192.         Write-Output "The Scheduled Task '$($_.Name)' which $($_.Description) was created by $($_.Author). This task runs the command '$($_.Actions)' with the NT Account '$($_.UserId)'. The Status is $($_.Status), the Last Run Time is $($_.LastRunTime), the Next Run Time is $($_.NextRunTime), and it has missed running $($_.NumberOfMissedRuns) times." | Out-File -FilePath$FileOutput-Encoding "UTF8" -Append
  193.         Add-Content $FileOutput ""
  194.         }
  195.  
  196.     #Replace Text
  197.     (Get-Content $FileOutput) | Foreach-Object {$_ -replace "NT Account 'S-1-5-18'", "NT Account 'NT Authority\SYSTEM'"} | Set-Content $FileOutput
  198.    
  199.     #End of Remote Script
  200.     Write-Host "$($ServerName) - Stopping Script"
  201.     }
  202. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!