Workgroup Computer Audit Toolkit
<# .SYNOPSIS Workgroup Computer Audit Toolkit .DESCRIPTION This script performs a comprehensive audit of a Windows computer that is not part of a domain. It checks various system settings, security configurations, and local information. .NOTES File Name : WorkgroupComputerAuditToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights on the local machine Version : 1.0 Date : [Current Date] .EXAMPLE .\WorkgroupComputerAuditToolkit.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Workgroup_Computer_Audit_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Workgroup Computer Audit Toolkit ===" -ForegroundColor Cyan Write-Host "1. System Information" Write-Host "2. Local User Accounts" Write-Host "3. Installed Software" Write-Host "4. Windows Update Status" Write-Host "5. Security Settings" Write-Host "6. Network Configuration" Write-Host "7. Shared Folders" Write-Host "8. Scheduled Tasks" Write-Host "9. Services Analysis" Write-Host "10. Generate Comprehensive HTML Report" Write-Host "11. Exit" } function Get-SystemInformation { Write-Host "`nGathering System Information..." -ForegroundColor Yellow $os = Get-WmiObject Win32_OperatingSystem $cs = Get-WmiObject Win32_ComputerSystem $bios = Get-WmiObject Win32_BIOS $result = [PSCustomObject]@{ ComputerName = $env:COMPUTERNAME OSName = $os.Caption OSVersion = $os.Version OSArchitecture = $os.OSArchitecture Manufacturer = $cs.Manufacturer Model = $cs.Model BIOSVersion = $bios.SMBIOSBIOSVersion LastBootUpTime = $os.ConvertToDateTime($os.LastBootUpTime) InstallDate = $os.ConvertToDateTime($os.InstallDate) WorkgroupName = $cs.Workgroup } $result | Format-List return $result } function Get-LocalUserAccounts { Write-Host "`nGathering Local User Account Information..." -ForegroundColor Yellow $users = Get-WmiObject Win32_UserAccount -Filter "LocalAccount=True" $results = @() foreach ($user in $users) { $results += [PSCustomObject]@{ Username = $user.Name FullName = $user.FullName Disabled = $user.Disabled PasswordRequired = $user.PasswordRequired PasswordChangeable = $user.PasswordChangeable PasswordExpires = $user.PasswordExpires } } $results | Format-Table -AutoSize return $results } function Get-InstalledSoftware { Write-Host "`nGathering Installed Software Information..." -ForegroundColor Yellow $software = Get-WmiObject Win32_Product | Select-Object Name, Version, Vendor, InstallDate $software | Format-Table -AutoSize return $software } function Get-WindowsUpdateStatus { Write-Host "`nChecking Windows Update Status..." -ForegroundColor Yellow $updateSession = New-Object -ComObject Microsoft.Update.Session $updateSearcher = $updateSession.CreateUpdateSearcher() $pendingUpdates = $updateSearcher.Search("IsInstalled=0") $result = [PSCustomObject]@{ PendingUpdatesCount = $pendingUpdates.Updates.Count LastUpdateDate = (Get-HotFix | Sort-Object -Property InstalledOn -Descending | Select-Object -First 1).InstalledOn } $result | Format-List return $result } function Get-SecuritySettings { Write-Host "`nGathering Security Settings..." -ForegroundColor Yellow $firewallStatus = Get-NetFirewallProfile | Select-Object Name, Enabled $avProduct = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct $uac = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" $result = [PSCustomObject]@{ FirewallStatus = $firewallStatus AntiVirusProduct = $avProduct.displayName UACEnabled = $uac.EnableLUA -eq 1 } $result | Format-List return $result } function Get-NetworkConfiguration { Write-Host "`nGathering Network Configuration..." -ForegroundColor Yellow $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -eq $true } $results = @() foreach ($adapter in $adapters) { $results += [PSCustomObject]@{ AdapterName = $adapter.Description IPAddress = $adapter.IPAddress -join ", " SubnetMask = $adapter.IPSubnet -join ", " DefaultGateway = $adapter.DefaultIPGateway -join ", " DNSServers = $adapter.DNSServerSearchOrder -join ", " MACAddress = $adapter.MACAddress } } $results | Format-Table -AutoSize return $results } function Get-SharedFolders { Write-Host "`nGathering Shared Folder Information..." -ForegroundColor Yellow $shares = Get-WmiObject Win32_Share $results = @() foreach ($share in $shares) { $results += [PSCustomObject]@{ Name = $share.Name Path = $share.Path Description = $share.Description Type = switch ($share.Type) { 0 {"Disk Drive"} 1 {"Print Queue"} 2 {"Device"} 3 {"IPC"} 2147483648 {"Disk Drive Admin"} 2147483649 {"Print Queue Admin"} 2147483650 {"Device Admin"} 2147483651 {"IPC Admin"} } } } $results | Format-Table -AutoSize return $results } function Get-ScheduledTasks { Write-Host "`nGathering Scheduled Task Information..." -ForegroundColor Yellow $tasks = Get-ScheduledTask | Where-Object {$_.State -ne "Disabled"} $results = @() foreach ($task in $tasks) { $results += [PSCustomObject]@{ TaskName = $task.TaskName State = $task.State LastRunTime = $task.LastRunTime NextRunTime = $task.NextRunTime Author = $task.Author } } $results | Format-Table -AutoSize return $results } function Get-ServicesAnalysis { Write-Host "`nAnalyzing Services..." -ForegroundColor Yellow $services = Get-WmiObject Win32_Service $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName StartMode = $service.StartMode State = $service.State StartName = $service.StartName } } $results | Format-Table -AutoSize return $results } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Workgroup Computer Audit Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>Workgroup Computer Audit Report</h1> <p>Generated on: $(Get-Date)</p> <h2>System Information</h2> $($AllResults.SystemInfo | ConvertTo-Html -Fragment) <h2>Local User Accounts</h2> $($AllResults.LocalUsers | ConvertTo-Html -Fragment) <h2>Installed Software</h2> $($AllResults.InstalledSoftware | ConvertTo-Html -Fragment) <h2>Windows Update Status</h2> $($AllResults.WindowsUpdateStatus | ConvertTo-Html -Fragment) <h2>Security Settings</h2> $($AllResults.SecuritySettings | ConvertTo-Html -Fragment) <h2>Network Configuration</h2> $($AllResults.NetworkConfig | ConvertTo-Html -Fragment) <h2>Shared Folders</h2> $($AllResults.SharedFolders | ConvertTo-Html -Fragment) <h2>Scheduled Tasks</h2> $($AllResults.ScheduledTasks | ConvertTo-Html -Fragment) <h2>Services Analysis</h2> $($AllResults.ServicesAnalysis | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-11)" switch ($choice) { "1" { $allResults.SystemInfo = Get-SystemInformation } "2" { $allResults.LocalUsers = Get-LocalUserAccounts } "3" { $allResults.InstalledSoftware = Get-InstalledSoftware } "4" { $allResults.WindowsUpdateStatus = Get-WindowsUpdateStatus } "5" { $allResults.SecuritySettings = Get-SecuritySettings } "6" { $allResults.NetworkConfig = Get-NetworkConfiguration } "7" { $allResults.SharedFolders = Get-SharedFolders } "8" { $allResults.ScheduledTasks = Get-ScheduledTasks } "9" { $allResults.ServicesAnalysis = Get-ServicesAnalysis } "10" { Generate-HTMLReport -AllResults $allResults } "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "11") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "11")
This Workgroup Computer Audit Toolkit includes:
- A menu-driven interface for easy navigation.
- Functions to gather various aspects of the local Windows computer:
- System Information
- Local User Accounts
- Installed Software
- Windows Update Status
- Security Settings
- Network Configuration
- Shared Folders
- Scheduled Tasks
- Services Analysis
- HTML report generation for easy sharing and viewing of results.
Key features:
- Comprehensive system information gathering
- Local user account analysis
- Software inventory
- Windows Update status check
- Basic security settings review (firewall, antivirus, UAC)
- Network configuration details
- Shared folder enumeration
- Active scheduled tasks listing
- Services analysis
This tool is particularly useful for:
- IT administrators performing audits on standalone or workgroup computers
- Security professionals assessing the configuration of non-domain Windows machines
- Help desk personnel gathering system information for troubleshooting
- Anyone needing to quickly collect comprehensive information about a Windows computer not joined to a domain
To use this script effectively:
- Run PowerShell as an administrator on the Windows computer you want to audit
- Ensure you have the necessary permissions to query system information
- Review the generated HTML report for a comprehensive overview of the computer’s configuration
This script provides a thorough audit of a workgroup Windows computer, helping to identify potential issues, misconfigurations, or security concerns. It’s designed to be run locally on the machine being audited, making it suitable for situations where centralized management tools are not available.