Local Windows Client Audit Toolkit
<# .SYNOPSIS Local Windows Client Audit Toolkit .DESCRIPTION This script performs a comprehensive audit of a local Windows client machine, gathering information about hardware, software, security settings, and more. .NOTES File Name : LocalWindowsClientAuditToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights Version : 1.0 Date : [Current Date] .EXAMPLE .\LocalWindowsClientAuditToolkit.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Windows_Client_Audit_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Local Windows Client Audit Toolkit ===" -ForegroundColor Cyan Write-Host "1. System Information" Write-Host "2. Hardware Inventory" Write-Host "3. Installed Software" Write-Host "4. Windows Update Status" Write-Host "5. Security Settings" Write-Host "6. Network Configuration" Write-Host "7. User Accounts and Groups" Write-Host "8. Startup Programs" Write-Host "9. Disk Space and File System" Write-Host "10. Event Log Analysis" Write-Host "11. Generate Comprehensive HTML Report" Write-Host "12. Exit" } function Get-SystemInformation { Write-Host "`nGathering System Information..." -ForegroundColor Yellow $os = Get-CimInstance Win32_OperatingSystem $cs = Get-CimInstance Win32_ComputerSystem $result = [PSCustomObject]@{ ComputerName = $env:COMPUTERNAME OSName = $os.Caption OSVersion = $os.Version OSArchitecture = $os.OSArchitecture LastBootUpTime = $os.LastBootUpTime Manufacturer = $cs.Manufacturer Model = $cs.Model TotalPhysicalMemory = "{0:N2} GB" -f ($cs.TotalPhysicalMemory / 1GB) } $result | Format-List return $result } function Get-HardwareInventory { Write-Host "`nGathering Hardware Inventory..." -ForegroundColor Yellow $cpu = Get-CimInstance Win32_Processor $ram = Get-CimInstance Win32_PhysicalMemory $disk = Get-CimInstance Win32_DiskDrive $gpu = Get-CimInstance Win32_VideoController $result = [PSCustomObject]@{ CPU = "$($cpu.Name) ($($cpu.NumberOfCores) cores, $($cpu.NumberOfLogicalProcessors) logical processors)" RAM = $ram | ForEach-Object { "$($_.Capacity / 1GB) GB $($_.Manufacturer)" } Disks = $disk | ForEach-Object { "$($_.Model) ($([math]::Round($_.Size / 1GB)) GB)" } GPU = $gpu.Name } $result | Format-List return $result } function Get-InstalledSoftware { Write-Host "`nGathering Installed Software..." -ForegroundColor Yellow $software = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -and $_.DisplayName -notmatch '^(Update for|Security Update for|Hotfix for)' } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName $software | Format-Table -AutoSize return $software } function Get-WindowsUpdateStatus { Write-Host "`nChecking Windows Update Status..." -ForegroundColor Yellow $updateSession = New-Object -ComObject Microsoft.Update.Session $updateSearcher = $updateSession.CreateUpdateSearcher() $pendingUpdates = $updateSearcher.Search("IsInstalled=0") $lastUpdate = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1 $result = [PSCustomObject]@{ PendingUpdatesCount = $pendingUpdates.Updates.Count LastUpdateDate = $lastUpdate.InstalledOn LastUpdateHotfixID = $lastUpdate.HotFixID } $result | Format-List return $result } function Get-SecuritySettings { Write-Host "`nGathering Security Settings..." -ForegroundColor Yellow $firewall = Get-NetFirewallProfile $av = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct $uac = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" $result = [PSCustomObject]@{ FirewallStatus = $firewall | ForEach-Object { "$($_.Name): $($_.Enabled)" } AntivirusProduct = $av.displayName UACEnabled = if ($uac.EnableLUA -eq 1) { "Enabled" } else { "Disabled" } } $result | Format-List return $result } function Get-NetworkConfiguration { Write-Host "`nGathering Network Configuration..." -ForegroundColor Yellow $adapters = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } $result = @() foreach ($adapter in $adapters) { $ipConfig = Get-NetIPConfiguration -InterfaceIndex $adapter.ifIndex $result += [PSCustomObject]@{ InterfaceName = $adapter.Name InterfaceDescription = $adapter.InterfaceDescription MACAddress = $adapter.MacAddress IPAddress = $ipConfig.IPv4Address.IPAddress SubnetMask = $ipConfig.IPv4Address.PrefixLength DefaultGateway = $ipConfig.IPv4DefaultGateway.NextHop DNSServers = $ipConfig.DNSServer.ServerAddresses -join ", " } } $result | Format-Table -AutoSize return $result } function Get-UserAccountsAndGroups { Write-Host "`nGathering User Accounts and Groups..." -ForegroundColor Yellow $users = Get-LocalUser | Select-Object Name, Enabled, LastLogon, PasswordLastSet $groups = Get-LocalGroup | Select-Object Name, Description $result = [PSCustomObject]@{ Users = $users Groups = $groups } $result.Users | Format-Table -AutoSize $result.Groups | Format-Table -AutoSize return $result } function Get-StartupPrograms { Write-Host "`nGathering Startup Programs..." -ForegroundColor Yellow $startupPrograms = Get-CimInstance Win32_StartupCommand | Select-Object Name, Command, Location, User $startupPrograms | Format-Table -AutoSize return $startupPrograms } function Get-DiskSpaceAndFileSystem { Write-Host "`nAnalyzing Disk Space and File System..." -ForegroundColor Yellow $disks = Get-CimInstance Win32_LogicalDisk | Where-Object { $_.DriveType -eq 3 } $result = @() foreach ($disk in $disks) { $result += [PSCustomObject]@{ DriveLetter = $disk.DeviceID VolumeName = $disk.VolumeName FileSystem = $disk.FileSystem TotalSpace = "{0:N2} GB" -f ($disk.Size / 1GB) FreeSpace = "{0:N2} GB" -f ($disk.FreeSpace / 1GB) PercentFree = "{0:N2}%" -f (($disk.FreeSpace / $disk.Size) * 100) } } $result | Format-Table -AutoSize return $result } function Get-EventLogAnalysis { Write-Host "`nAnalyzing Event Logs..." -ForegroundColor Yellow $logs = @("System", "Application", "Security") $result = @() foreach ($log in $logs) { $events = Get-EventLog -LogName $log -Newest 100 $errorCount = ($events | Where-Object { $_.EntryType -eq "Error" }).Count $warningCount = ($events | Where-Object { $_.EntryType -eq "Warning" }).Count $result += [PSCustomObject]@{ LogName = $log TotalEvents = $events.Count ErrorCount = $errorCount WarningCount = $warningCount MostCommonSource = ($events | Group-Object Source | Sort-Object Count -Descending | Select-Object -First 1).Name } } $result | Format-Table -AutoSize return $result } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Windows Client Audit Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>Windows Client Audit Report</h1> <p>Generated on: $(Get-Date)</p> <h2>System Information</h2> $($AllResults.SystemInfo | ConvertTo-Html -Fragment) <h2>Hardware Inventory</h2> $($AllResults.HardwareInventory | ConvertTo-Html -Fragment) <h2>Installed Software</h2> $($AllResults.InstalledSoftware | ConvertTo-Html -Fragment) <h2>Windows Update Status</h2> $($AllResults.WindowsUpdateStatus | ConvertTo-Html -Fragment) <h2>Security Settings</h2> $($AllResults.SecuritySettings | ConvertTo-Html -Fragment) <h2>Network Configuration</h2> $($AllResults.NetworkConfig | ConvertTo-Html -Fragment) <h2>User Accounts and Groups</h2> <h3>Users</h3> $($AllResults.UserAccountsAndGroups.Users | ConvertTo-Html -Fragment) <h3>Groups</h3> $($AllResults.UserAccountsAndGroups.Groups | ConvertTo-Html -Fragment) <h2>Startup Programs</h2> $($AllResults.StartupPrograms | ConvertTo-Html -Fragment) <h2>Disk Space and File System</h2> $($AllResults.DiskSpace | ConvertTo-Html -Fragment) <h2>Event Log Analysis</h2> $($AllResults.EventLogAnalysis | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-12)" switch ($choice) { "1" { $allResults.SystemInfo = Get-SystemInformation } "2" { $allResults.HardwareInventory = Get-HardwareInventory } "3" { $allResults.InstalledSoftware = Get-InstalledSoftware } "4" { $allResults.WindowsUpdateStatus = Get-WindowsUpdateStatus } "5" { $allResults.SecuritySettings = Get-SecuritySettings } "6" { $allResults.NetworkConfig = Get-NetworkConfiguration } "7" { $allResults.UserAccountsAndGroups = Get-UserAccountsAndGroups } "8" { $allResults.StartupPrograms = Get-StartupPrograms } "9" { $allResults.DiskSpace = Get-DiskSpaceAndFileSystem } "10" { $allResults.EventLogAnalysis = Get-EventLogAnalysis } "11" { Generate-HTMLReport -AllResults $allResults } "12" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "12") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "12")
This Local Windows Client Audit Toolkit includes:
- A menu-driven interface for easy navigation.
- Functions to gather various aspects of system information:
- System Information (OS details, manufacturer, model, etc.)
- Hardware Inventory (CPU, RAM, disk, GPU)
- Installed Software
- Windows Update Status
- Security Settings (firewall, antivirus, UAC)
- Network Configuration
- User Accounts and Groups
- Startup Programs
- Disk Space and File System information
- Event Log Analysis
- HTML report generation for easy sharing and viewing of results
Key features:
- Comprehensive system information gathering
- Detailed hardware inventory
- Software inventory including version information
- Windows update status check
- Security settings overview
- Network configuration details
- User account and group information
- Startup program listing
- Disk space analysis
- Basic event log analysis
This tool is particularly useful for:
- IT administrators performing system audits
- Help desk personnel gathering system information
- System analysts investigating performance or security issues
- Anyone needing a comprehensive overview of a Windows client machine
To use this script effectively:
- Run PowerShell as an administrator
- Ensure you have the necessary permissions to query system information
- Review the generated HTML report for a comprehensive overview of the system
This script provides a thorough audit of a Windows client machine, making it easier to inventory, troubleshoot, or document system configurations. Remember to use this tool responsibly and respect privacy and security policies when auditing systems.