Local Windows Client Audit Toolkit for Domain Computers

/0 Comments/in /by 

<#
.SYNOPSIS
Local Windows Client Audit Toolkit for Domain Computers

.DESCRIPTION
This script performs a comprehensive audit of a local Windows client that is part of a domain environment.
It checks various system settings, security configurations, and domain-related information.

.NOTES
File Name      : LocalWindowsClientAuditToolkit.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, administrator rights on the local machine
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\LocalWindowsClientAuditToolkit.ps1
#>

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Windows_Client_Audit_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

function Show-Menu {
    Clear-Host
    Write-Host "=== Local Windows Client Audit Toolkit ===" -ForegroundColor Cyan
    Write-Host "1. System Information"
    Write-Host "2. Domain Information"
    Write-Host "3. Local User Accounts"
    Write-Host "4. Installed Software"
    Write-Host "5. Windows Update Status"
    Write-Host "6. Security Settings"
    Write-Host "7. Network Configuration"
    Write-Host "8. Shared Folders"
    Write-Host "9. Scheduled Tasks"
    Write-Host "10. Generate Comprehensive HTML Report"
    Write-Host "11. Exit"
}

function Get-SystemInformation {
    Write-Host "`nGathering System Information..." -ForegroundColor Yellow
    $os = Get-WmiObject Win32_OperatingSystem
    $cs = Get-WmiObject Win32_ComputerSystem
    $bios = Get-WmiObject Win32_BIOS

    $result = [PSCustomObject]@{
        ComputerName = $env:COMPUTERNAME
        OSName = $os.Caption
        OSVersion = $os.Version
        OSArchitecture = $os.OSArchitecture
        Manufacturer = $cs.Manufacturer
        Model = $cs.Model
        BIOSVersion = $bios.SMBIOSBIOSVersion
        LastBootUpTime = $os.ConvertToDateTime($os.LastBootUpTime)
        InstallDate = $os.ConvertToDateTime($os.InstallDate)
    }

    $result | Format-List
    return $result
}

function Get-DomainInformation {
    Write-Host "`nGathering Domain Information..." -ForegroundColor Yellow
    $domain = Get-WmiObject Win32_ComputerSystem
    $adInfo = Get-WmiObject Win32_NTDomain

    $result = [PSCustomObject]@{
        DomainName = $domain.Domain
        PartOfDomain = $domain.PartOfDomain
        DomainRole = switch ($domain.DomainRole) {
            0 {"Standalone Workstation"}
            1 {"Member Workstation"}
            2 {"Standalone Server"}
            3 {"Member Server"}
            4 {"Backup Domain Controller"}
            5 {"Primary Domain Controller"}
        }
        DomainController = $adInfo.DomainControllerName
        DomainControllerAddress = $adInfo.DomainControllerAddress
    }

    $result | Format-List
    return $result
}

function Get-LocalUserAccounts {
    Write-Host "`nGathering Local User Account Information..." -ForegroundColor Yellow
    $users = Get-WmiObject Win32_UserAccount -Filter "LocalAccount=True"
    $results = @()

    foreach ($user in $users) {
        $results += [PSCustomObject]@{
            Username = $user.Name
            FullName = $user.FullName
            Disabled = $user.Disabled
            PasswordRequired = $user.PasswordRequired
            PasswordChangeable = $user.PasswordChangeable
            PasswordExpires = $user.PasswordExpires
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-InstalledSoftware {
    Write-Host "`nGathering Installed Software Information..." -ForegroundColor Yellow
    $software = Get-WmiObject Win32_Product | Select-Object Name, Version, Vendor, InstallDate
    $software | Format-Table -AutoSize
    return $software
}

function Get-WindowsUpdateStatus {
    Write-Host "`nChecking Windows Update Status..." -ForegroundColor Yellow
    $updateSession = New-Object -ComObject Microsoft.Update.Session
    $updateSearcher = $updateSession.CreateUpdateSearcher()
    $pendingUpdates = $updateSearcher.Search("IsInstalled=0")

    $result = [PSCustomObject]@{
        PendingUpdatesCount = $pendingUpdates.Updates.Count
        LastUpdateDate = (Get-HotFix | Sort-Object -Property InstalledOn -Descending | Select-Object -First 1).InstalledOn
    }

    $result | Format-List
    return $result
}

function Get-SecuritySettings {
    Write-Host "`nGathering Security Settings..." -ForegroundColor Yellow
    $firewallStatus = Get-NetFirewallProfile | Select-Object Name, Enabled
    $avProduct = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct
    $uac = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA"

    $result = [PSCustomObject]@{
        FirewallStatus = $firewallStatus
        AntiVirusProduct = $avProduct.displayName
        UACEnabled = $uac.EnableLUA -eq 1
    }

    $result | Format-List
    return $result
}

function Get-NetworkConfiguration {
    Write-Host "`nGathering Network Configuration..." -ForegroundColor Yellow
    $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -eq $true }
    $results = @()

    foreach ($adapter in $adapters) {
        $results += [PSCustomObject]@{
            AdapterName = $adapter.Description
            IPAddress = $adapter.IPAddress -join ", "
            SubnetMask = $adapter.IPSubnet -join ", "
            DefaultGateway = $adapter.DefaultIPGateway -join ", "
            DNSServers = $adapter.DNSServerSearchOrder -join ", "
            MACAddress = $adapter.MACAddress
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-SharedFolders {
    Write-Host "`nGathering Shared Folder Information..." -ForegroundColor Yellow
    $shares = Get-WmiObject Win32_Share
    $results = @()

    foreach ($share in $shares) {
        $results += [PSCustomObject]@{
            Name = $share.Name
            Path = $share.Path
            Description = $share.Description
            Type = switch ($share.Type) {
                0 {"Disk Drive"}
                1 {"Print Queue"}
                2 {"Device"}
                3 {"IPC"}
                2147483648 {"Disk Drive Admin"}
                2147483649 {"Print Queue Admin"}
                2147483650 {"Device Admin"}
                2147483651 {"IPC Admin"}
            }
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-ScheduledTasks {
    Write-Host "`nGathering Scheduled Task Information..." -ForegroundColor Yellow
    $tasks = Get-ScheduledTask | Where-Object {$_.State -ne "Disabled"}
    $results = @()

    foreach ($task in $tasks) {
        $results += [PSCustomObject]@{
            TaskName = $task.TaskName
            State = $task.State
            LastRunTime = $task.LastRunTime
            NextRunTime = $task.NextRunTime
            Author = $task.Author
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Windows Client Audit Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
        .warning { color: orange; }
        .critical { color: red; }
    </style>
</head>
<body>
    <h1>Windows Client Audit Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>System Information</h2>
    $($AllResults.SystemInfo | ConvertTo-Html -Fragment)

    <h2>Domain Information</h2>
    $($AllResults.DomainInfo | ConvertTo-Html -Fragment)

    <h2>Local User Accounts</h2>
    $($AllResults.LocalUsers | ConvertTo-Html -Fragment)

    <h2>Installed Software</h2>
    $($AllResults.InstalledSoftware | ConvertTo-Html -Fragment)

    <h2>Windows Update Status</h2>
    $($AllResults.WindowsUpdateStatus | ConvertTo-Html -Fragment)

    <h2>Security Settings</h2>
    $($AllResults.SecuritySettings | ConvertTo-Html -Fragment)

    <h2>Network Configuration</h2>
    $($AllResults.NetworkConfig | ConvertTo-Html -Fragment)

    <h2>Shared Folders</h2>
    $($AllResults.SharedFolders | ConvertTo-Html -Fragment)

    <h2>Scheduled Tasks</h2>
    $($AllResults.ScheduledTasks | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1" { $allResults.SystemInfo = Get-SystemInformation }
        "2" { $allResults.DomainInfo = Get-DomainInformation }
        "3" { $allResults.LocalUsers = Get-LocalUserAccounts }
        "4" { $allResults.InstalledSoftware = Get-InstalledSoftware }
        "5" { $allResults.WindowsUpdateStatus = Get-WindowsUpdateStatus }
        "6" { $allResults.SecuritySettings = Get-SecuritySettings }
        "7" { $allResults.NetworkConfig = Get-NetworkConfiguration }
        "8" { $allResults.SharedFolders = Get-SharedFolders }
        "9" { $allResults.ScheduledTasks = Get-ScheduledTasks }
        "10" { Generate-HTMLReport -AllResults $allResults }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Local Windows Client Audit Toolkit for Domain Computers includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to gather various aspects of the local Windows client:
    • System Information
    • Domain Information
    • Local User Accounts
    • Installed Software
    • Windows Update Status
    • Security Settings
    • Network Configuration
    • Shared Folders
    • Scheduled Tasks
  3. HTML report generation for easy sharing and viewing of results.

Key features:

  • Comprehensive system information gathering
  • Domain-specific information for domain-joined computers
  • Local user account analysis
  • Software inventory
  • Windows Update status check
  • Basic security settings review (firewall, antivirus, UAC)
  • Network configuration details
  • Shared folder enumeration
  • Active scheduled tasks listing

This tool is particularly useful for:

  • IT administrators performing audits on domain-joined computers
  • Security professionals assessing the configuration of Windows clients
  • Help desk personnel gathering system information for troubleshooting
  • Anyone needing to quickly collect comprehensive information about a Windows client in a domain environment

To use this script effectively:

  1. Run PowerShell as an administrator on the Windows client you want to audit
  2. Ensure you have the necessary permissions to query system information
  3. Review the generated HTML report for a comprehensive overview of the client’s configuration

This script provides a thorough audit of a Windows client, helping to identify potential issues, misconfigurations, or security concerns in a domain environment. It’s designed to be run locally on the machine being audited, making it suitable for situations where remote access might be limited or restricted.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *