Why Am I Starting a PowerShell Blog? A Funny Tale
Well, folks, I think it’s time I let you in on a little secret about why I decided to start a PowerShell blog. My story is not only educational but will hopefully put a smile on your faces too!
<# .SYNOPSIS Domain Check Toolkit .DESCRIPTION This script performs comprehensive checks and information gathering on an Active Directory domain, providing insights into domain controllers, users, groups, GPOs, and other domain-related configurations. .NOTES File Name : DomainCheckToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Active Directory module, and appropriate domain admin rights Version : 1.0 Date : [Current Date] .EXAMPLE .\DomainCheckToolkit.ps1 #> # Import required modules Import-Module ActiveDirectory # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Domain_Check_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Domain Check Toolkit ===" -ForegroundColor Cyan Write-Host "1. Domain Information" Write-Host "2. Domain Controller Health Check" Write-Host "3. User Account Analysis" Write-Host "4. Group Analysis" Write-Host "5. Group Policy Object (GPO) Check" Write-Host "6. DNS Health Check" Write-Host "7. FSMO Roles Check" Write-Host "8. Replication Status" Write-Host "9. Trust Relationships" Write-Host "10. Generate Comprehensive HTML Report" Write-Host "11. Exit" } function Get-DomainInformation { Write-Host "`nGathering Domain Information..." -ForegroundColor Yellow $domainInfo = Get-ADDomain $forestInfo = Get-ADForest $result = [PSCustomObject]@{ DomainName = $domainInfo.DNSRoot NetBIOSName = $domainInfo.NetBIOSName DomainMode = $domainInfo.DomainMode ForestName = $forestInfo.Name ForestMode = $forestInfo.ForestMode DomainControllers = ($domainInfo.ReplicaDirectoryServers -join ", ") GlobalCatalogs = ($forestInfo.GlobalCatalogs -join ", ") } $result | Format-List return $result } function Get-DomainControllerHealth { Write-Host "`nPerforming Domain Controller Health Check..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $results = @() foreach ($dc in $dcs) { $dcdiag = dcdiag /s:$($dc.HostName) /test:services /test:advertising /test:fsmocheck /test:ridmanager $results += [PSCustomObject]@{ Name = $dc.HostName Site = $dc.Site IPv4Address = $dc.IPv4Address OperatingSystem = $dc.OperatingSystem IsGlobalCatalog = $dc.IsGlobalCatalog ServicesTest = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" } AdvertisingTest = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" } FSMOCheckTest = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" } RidManagerTest = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" } } } $results | Format-Table -AutoSize return $results } function Get-UserAccountAnalysis { Write-Host "`nPerforming User Account Analysis..." -ForegroundColor Yellow $users = Get-ADUser -Filter * -Properties Enabled, PasswordLastSet, LastLogonDate, PasswordNeverExpires $results = @{ TotalUsers = $users.Count EnabledUsers = ($users | Where-Object { $_.Enabled -eq $true }).Count DisabledUsers = ($users | Where-Object { $_.Enabled -eq $false }).Count PasswordNeverExpires = ($users | Where-Object { $_.PasswordNeverExpires -eq $true }).Count InactiveUsers = ($users | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) }).Count } $results | Format-Table -AutoSize return $results } function Get-GroupAnalysis { Write-Host "`nPerforming Group Analysis..." -ForegroundColor Yellow $groups = Get-ADGroup -Filter * $results = @{ TotalGroups = $groups.Count SecurityGroups = ($groups | Where-Object { $_.GroupCategory -eq "Security" }).Count DistributionGroups = ($groups | Where-Object { $_.GroupCategory -eq "Distribution" }).Count GlobalGroups = ($groups | Where-Object { $_.GroupScope -eq "Global" }).Count UniversalGroups = ($groups | Where-Object { $_.GroupScope -eq "Universal" }).Count DomainLocalGroups = ($groups | Where-Object { $_.GroupScope -eq "DomainLocal" }).Count } $results | Format-Table -AutoSize return $results } function Get-GPOCheck { Write-Host "`nPerforming Group Policy Object Check..." -ForegroundColor Yellow $gpos = Get-GPO -All $results = @() foreach ($gpo in $gpos) { $results += [PSCustomObject]@{ Name = $gpo.DisplayName ID = $gpo.Id CreationTime = $gpo.CreationTime ModificationTime = $gpo.ModificationTime UserVersionNumber = $gpo.UserVersion.DSVersion ComputerVersionNumber = $gpo.ComputerVersion.DSVersion } } $results | Format-Table -AutoSize return $results } function Get-DNSHealthCheck { Write-Host "`nPerforming DNS Health Check..." -ForegroundColor Yellow $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty Name $results = @() foreach ($server in $dnsServers) { $dnsTest = Test-DnsServer -ComputerName $server -Context DnsServer $results += [PSCustomObject]@{ Server = $server IsResponding = $dnsTest.IsResponding TCPPort53Open = ($dnsTest.TcpOpen -contains 53) UDPPort53Open = ($dnsTest.UdpOpen -contains 53) } } $results | Format-Table -AutoSize return $results } function Get-FSMORolesCheck { Write-Host "`nChecking FSMO Roles..." -ForegroundColor Yellow $domain = Get-ADDomain $forest = Get-ADForest $result = [PSCustomObject]@{ PDCEmulator = $domain.PDCEmulator RIDMaster = $domain.RIDMaster InfrastructureMaster = $domain.InfrastructureMaster SchemaMaster = $forest.SchemaMaster DomainNamingMaster = $forest.DomainNamingMaster } $result | Format-List return $result } function Get-ReplicationStatus { Write-Host "`nChecking Replication Status..." -ForegroundColor Yellow $results = @() $repl = repadmin /showrepl * /csv $replData = ConvertFrom-Csv $repl foreach ($item in $replData) { if ($item."Number of Failures" -ne "0") { $results += [PSCustomObject]@{ SourceDC = $item."Source DC" DestinationDC = $item."Destination DC" FailureCount = $item."Number of Failures" LastFailureTime = $item."Last Failure Time" LastSuccessTime = $item."Last Success Time" } } } if ($results.Count -eq 0) { Write-Host "No replication failures detected." -ForegroundColor Green } else { $results | Format-Table -AutoSize } return $results } function Get-TrustRelationships { Write-Host "`nChecking Trust Relationships..." -ForegroundColor Yellow $trusts = Get-ADTrust -Filter * $results = @() foreach ($trust in $trusts) { $results += [PSCustomObject]@{ Name = $trust.Name Direction = $trust.Direction TrustType = $trust.TrustType ForestTransitive = $trust.ForestTransitive IntraForest = $trust.IntraForest } } $results | Format-Table -AutoSize return $results } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain Check Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>Domain Check Report</h1> <p>Generated on: $(Get-Date)</p> <h2>Domain Information</h2> $($AllResults.DomainInfo | ConvertTo-Html -Fragment) <h2>Domain Controller Health</h2> $($AllResults.DCHealth | ConvertTo-Html -Fragment) <h2>User Account Analysis</h2> $($AllResults.UserAnalysis | ConvertTo-Html -Fragment) <h2>Group Analysis</h2> $($AllResults.GroupAnalysis | ConvertTo-Html -Fragment) <h2>Group Policy Objects</h2> $($AllResults.GPOCheck | ConvertTo-Html -Fragment) <h2>DNS Health Check</h2> $($AllResults.DNSHealth | ConvertTo-Html -Fragment) <h2>FSMO Roles</h2> $($AllResults.FSMORoles | ConvertTo-Html -Fragment) <h2>Replication Status</h2> $($AllResults.ReplicationStatus | ConvertTo-Html -Fragment) <h2>Trust Relationships</h2> $($AllResults.TrustRelationships | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-11)" switch ($choice) { "1" { $allResults.DomainInfo = Get-DomainInformation } "2" { $allResults.DCHealth = Get-DomainControllerHealth } "3" { $allResults.UserAnalysis = Get-UserAccountAnalysis } "4" { $allResults.GroupAnalysis = Get-GroupAnalysis } "5" { $allResults.GPOCheck = Get-GPOCheck } "6" { $allResults.DNSHealth = Get-DNSHealthCheck } "7" { $allResults.FSMORoles = Get-FSMORolesCheck } "8" { $allResults.ReplicationStatus = Get-ReplicationStatus } "9" { $allResults.TrustRelationships = Get-TrustRelationships } "10" { Generate-HTMLReport -AllResults $allResults } "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "11") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "11")
This Domain Check Toolkit includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a thorough check of an Active Directory domain, helping to identify potential issues, misconfigurations, or security concerns. It’s designed to give administrators a quick but comprehensive view of their domain’s health and configuration.
<# .SYNOPSIS Local Windows Client Audit Toolkit for Domain Computers .DESCRIPTION This script performs a comprehensive audit of a local Windows client that is part of a domain environment. It checks various system settings, security configurations, and domain-related information. .NOTES File Name : LocalWindowsClientAuditToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights on the local machine Version : 1.0 Date : [Current Date] .EXAMPLE .\LocalWindowsClientAuditToolkit.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Windows_Client_Audit_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Local Windows Client Audit Toolkit ===" -ForegroundColor Cyan Write-Host "1. System Information" Write-Host "2. Domain Information" Write-Host "3. Local User Accounts" Write-Host "4. Installed Software" Write-Host "5. Windows Update Status" Write-Host "6. Security Settings" Write-Host "7. Network Configuration" Write-Host "8. Shared Folders" Write-Host "9. Scheduled Tasks" Write-Host "10. Generate Comprehensive HTML Report" Write-Host "11. Exit" } function Get-SystemInformation { Write-Host "`nGathering System Information..." -ForegroundColor Yellow $os = Get-WmiObject Win32_OperatingSystem $cs = Get-WmiObject Win32_ComputerSystem $bios = Get-WmiObject Win32_BIOS $result = [PSCustomObject]@{ ComputerName = $env:COMPUTERNAME OSName = $os.Caption OSVersion = $os.Version OSArchitecture = $os.OSArchitecture Manufacturer = $cs.Manufacturer Model = $cs.Model BIOSVersion = $bios.SMBIOSBIOSVersion LastBootUpTime = $os.ConvertToDateTime($os.LastBootUpTime) InstallDate = $os.ConvertToDateTime($os.InstallDate) } $result | Format-List return $result } function Get-DomainInformation { Write-Host "`nGathering Domain Information..." -ForegroundColor Yellow $domain = Get-WmiObject Win32_ComputerSystem $adInfo = Get-WmiObject Win32_NTDomain $result = [PSCustomObject]@{ DomainName = $domain.Domain PartOfDomain = $domain.PartOfDomain DomainRole = switch ($domain.DomainRole) { 0 {"Standalone Workstation"} 1 {"Member Workstation"} 2 {"Standalone Server"} 3 {"Member Server"} 4 {"Backup Domain Controller"} 5 {"Primary Domain Controller"} } DomainController = $adInfo.DomainControllerName DomainControllerAddress = $adInfo.DomainControllerAddress } $result | Format-List return $result } function Get-LocalUserAccounts { Write-Host "`nGathering Local User Account Information..." -ForegroundColor Yellow $users = Get-WmiObject Win32_UserAccount -Filter "LocalAccount=True" $results = @() foreach ($user in $users) { $results += [PSCustomObject]@{ Username = $user.Name FullName = $user.FullName Disabled = $user.Disabled PasswordRequired = $user.PasswordRequired PasswordChangeable = $user.PasswordChangeable PasswordExpires = $user.PasswordExpires } } $results | Format-Table -AutoSize return $results } function Get-InstalledSoftware { Write-Host "`nGathering Installed Software Information..." -ForegroundColor Yellow $software = Get-WmiObject Win32_Product | Select-Object Name, Version, Vendor, InstallDate $software | Format-Table -AutoSize return $software } function Get-WindowsUpdateStatus { Write-Host "`nChecking Windows Update Status..." -ForegroundColor Yellow $updateSession = New-Object -ComObject Microsoft.Update.Session $updateSearcher = $updateSession.CreateUpdateSearcher() $pendingUpdates = $updateSearcher.Search("IsInstalled=0") $result = [PSCustomObject]@{ PendingUpdatesCount = $pendingUpdates.Updates.Count LastUpdateDate = (Get-HotFix | Sort-Object -Property InstalledOn -Descending | Select-Object -First 1).InstalledOn } $result | Format-List return $result } function Get-SecuritySettings { Write-Host "`nGathering Security Settings..." -ForegroundColor Yellow $firewallStatus = Get-NetFirewallProfile | Select-Object Name, Enabled $avProduct = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct $uac = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" $result = [PSCustomObject]@{ FirewallStatus = $firewallStatus AntiVirusProduct = $avProduct.displayName UACEnabled = $uac.EnableLUA -eq 1 } $result | Format-List return $result } function Get-NetworkConfiguration { Write-Host "`nGathering Network Configuration..." -ForegroundColor Yellow $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -eq $true } $results = @() foreach ($adapter in $adapters) { $results += [PSCustomObject]@{ AdapterName = $adapter.Description IPAddress = $adapter.IPAddress -join ", " SubnetMask = $adapter.IPSubnet -join ", " DefaultGateway = $adapter.DefaultIPGateway -join ", " DNSServers = $adapter.DNSServerSearchOrder -join ", " MACAddress = $adapter.MACAddress } } $results | Format-Table -AutoSize return $results } function Get-SharedFolders { Write-Host "`nGathering Shared Folder Information..." -ForegroundColor Yellow $shares = Get-WmiObject Win32_Share $results = @() foreach ($share in $shares) { $results += [PSCustomObject]@{ Name = $share.Name Path = $share.Path Description = $share.Description Type = switch ($share.Type) { 0 {"Disk Drive"} 1 {"Print Queue"} 2 {"Device"} 3 {"IPC"} 2147483648 {"Disk Drive Admin"} 2147483649 {"Print Queue Admin"} 2147483650 {"Device Admin"} 2147483651 {"IPC Admin"} } } } $results | Format-Table -AutoSize return $results } function Get-ScheduledTasks { Write-Host "`nGathering Scheduled Task Information..." -ForegroundColor Yellow $tasks = Get-ScheduledTask | Where-Object {$_.State -ne "Disabled"} $results = @() foreach ($task in $tasks) { $results += [PSCustomObject]@{ TaskName = $task.TaskName State = $task.State LastRunTime = $task.LastRunTime NextRunTime = $task.NextRunTime Author = $task.Author } } $results | Format-Table -AutoSize return $results } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Windows Client Audit Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>Windows Client Audit Report</h1> <p>Generated on: $(Get-Date)</p> <h2>System Information</h2> $($AllResults.SystemInfo | ConvertTo-Html -Fragment) <h2>Domain Information</h2> $($AllResults.DomainInfo | ConvertTo-Html -Fragment) <h2>Local User Accounts</h2> $($AllResults.LocalUsers | ConvertTo-Html -Fragment) <h2>Installed Software</h2> $($AllResults.InstalledSoftware | ConvertTo-Html -Fragment) <h2>Windows Update Status</h2> $($AllResults.WindowsUpdateStatus | ConvertTo-Html -Fragment) <h2>Security Settings</h2> $($AllResults.SecuritySettings | ConvertTo-Html -Fragment) <h2>Network Configuration</h2> $($AllResults.NetworkConfig | ConvertTo-Html -Fragment) <h2>Shared Folders</h2> $($AllResults.SharedFolders | ConvertTo-Html -Fragment) <h2>Scheduled Tasks</h2> $($AllResults.ScheduledTasks | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-11)" switch ($choice) { "1" { $allResults.SystemInfo = Get-SystemInformation } "2" { $allResults.DomainInfo = Get-DomainInformation } "3" { $allResults.LocalUsers = Get-LocalUserAccounts } "4" { $allResults.InstalledSoftware = Get-InstalledSoftware } "5" { $allResults.WindowsUpdateStatus = Get-WindowsUpdateStatus } "6" { $allResults.SecuritySettings = Get-SecuritySettings } "7" { $allResults.NetworkConfig = Get-NetworkConfiguration } "8" { $allResults.SharedFolders = Get-SharedFolders } "9" { $allResults.ScheduledTasks = Get-ScheduledTasks } "10" { Generate-HTMLReport -AllResults $allResults } "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "11") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "11")
This Local Windows Client Audit Toolkit for Domain Computers includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a thorough audit of a Windows client, helping to identify potential issues, misconfigurations, or security concerns in a domain environment. It’s designed to be run locally on the machine being audited, making it suitable for situations where remote access might be limited or restricted.
<# .SYNOPSIS Local Windows Client Audit Toolkit .DESCRIPTION This script performs a comprehensive audit of a local Windows client machine, gathering information about hardware, software, security settings, and more. .NOTES File Name : LocalWindowsClientAuditToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights Version : 1.0 Date : [Current Date] .EXAMPLE .\LocalWindowsClientAuditToolkit.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Windows_Client_Audit_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Local Windows Client Audit Toolkit ===" -ForegroundColor Cyan Write-Host "1. System Information" Write-Host "2. Hardware Inventory" Write-Host "3. Installed Software" Write-Host "4. Windows Update Status" Write-Host "5. Security Settings" Write-Host "6. Network Configuration" Write-Host "7. User Accounts and Groups" Write-Host "8. Startup Programs" Write-Host "9. Disk Space and File System" Write-Host "10. Event Log Analysis" Write-Host "11. Generate Comprehensive HTML Report" Write-Host "12. Exit" } function Get-SystemInformation { Write-Host "`nGathering System Information..." -ForegroundColor Yellow $os = Get-CimInstance Win32_OperatingSystem $cs = Get-CimInstance Win32_ComputerSystem $result = [PSCustomObject]@{ ComputerName = $env:COMPUTERNAME OSName = $os.Caption OSVersion = $os.Version OSArchitecture = $os.OSArchitecture LastBootUpTime = $os.LastBootUpTime Manufacturer = $cs.Manufacturer Model = $cs.Model TotalPhysicalMemory = "{0:N2} GB" -f ($cs.TotalPhysicalMemory / 1GB) } $result | Format-List return $result } function Get-HardwareInventory { Write-Host "`nGathering Hardware Inventory..." -ForegroundColor Yellow $cpu = Get-CimInstance Win32_Processor $ram = Get-CimInstance Win32_PhysicalMemory $disk = Get-CimInstance Win32_DiskDrive $gpu = Get-CimInstance Win32_VideoController $result = [PSCustomObject]@{ CPU = "$($cpu.Name) ($($cpu.NumberOfCores) cores, $($cpu.NumberOfLogicalProcessors) logical processors)" RAM = $ram | ForEach-Object { "$($_.Capacity / 1GB) GB $($_.Manufacturer)" } Disks = $disk | ForEach-Object { "$($_.Model) ($([math]::Round($_.Size / 1GB)) GB)" } GPU = $gpu.Name } $result | Format-List return $result } function Get-InstalledSoftware { Write-Host "`nGathering Installed Software..." -ForegroundColor Yellow $software = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -and $_.DisplayName -notmatch '^(Update for|Security Update for|Hotfix for)' } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName $software | Format-Table -AutoSize return $software } function Get-WindowsUpdateStatus { Write-Host "`nChecking Windows Update Status..." -ForegroundColor Yellow $updateSession = New-Object -ComObject Microsoft.Update.Session $updateSearcher = $updateSession.CreateUpdateSearcher() $pendingUpdates = $updateSearcher.Search("IsInstalled=0") $lastUpdate = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1 $result = [PSCustomObject]@{ PendingUpdatesCount = $pendingUpdates.Updates.Count LastUpdateDate = $lastUpdate.InstalledOn LastUpdateHotfixID = $lastUpdate.HotFixID } $result | Format-List return $result } function Get-SecuritySettings { Write-Host "`nGathering Security Settings..." -ForegroundColor Yellow $firewall = Get-NetFirewallProfile $av = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct $uac = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" $result = [PSCustomObject]@{ FirewallStatus = $firewall | ForEach-Object { "$($_.Name): $($_.Enabled)" } AntivirusProduct = $av.displayName UACEnabled = if ($uac.EnableLUA -eq 1) { "Enabled" } else { "Disabled" } } $result | Format-List return $result } function Get-NetworkConfiguration { Write-Host "`nGathering Network Configuration..." -ForegroundColor Yellow $adapters = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } $result = @() foreach ($adapter in $adapters) { $ipConfig = Get-NetIPConfiguration -InterfaceIndex $adapter.ifIndex $result += [PSCustomObject]@{ InterfaceName = $adapter.Name InterfaceDescription = $adapter.InterfaceDescription MACAddress = $adapter.MacAddress IPAddress = $ipConfig.IPv4Address.IPAddress SubnetMask = $ipConfig.IPv4Address.PrefixLength DefaultGateway = $ipConfig.IPv4DefaultGateway.NextHop DNSServers = $ipConfig.DNSServer.ServerAddresses -join ", " } } $result | Format-Table -AutoSize return $result } function Get-UserAccountsAndGroups { Write-Host "`nGathering User Accounts and Groups..." -ForegroundColor Yellow $users = Get-LocalUser | Select-Object Name, Enabled, LastLogon, PasswordLastSet $groups = Get-LocalGroup | Select-Object Name, Description $result = [PSCustomObject]@{ Users = $users Groups = $groups } $result.Users | Format-Table -AutoSize $result.Groups | Format-Table -AutoSize return $result } function Get-StartupPrograms { Write-Host "`nGathering Startup Programs..." -ForegroundColor Yellow $startupPrograms = Get-CimInstance Win32_StartupCommand | Select-Object Name, Command, Location, User $startupPrograms | Format-Table -AutoSize return $startupPrograms } function Get-DiskSpaceAndFileSystem { Write-Host "`nAnalyzing Disk Space and File System..." -ForegroundColor Yellow $disks = Get-CimInstance Win32_LogicalDisk | Where-Object { $_.DriveType -eq 3 } $result = @() foreach ($disk in $disks) { $result += [PSCustomObject]@{ DriveLetter = $disk.DeviceID VolumeName = $disk.VolumeName FileSystem = $disk.FileSystem TotalSpace = "{0:N2} GB" -f ($disk.Size / 1GB) FreeSpace = "{0:N2} GB" -f ($disk.FreeSpace / 1GB) PercentFree = "{0:N2}%" -f (($disk.FreeSpace / $disk.Size) * 100) } } $result | Format-Table -AutoSize return $result } function Get-EventLogAnalysis { Write-Host "`nAnalyzing Event Logs..." -ForegroundColor Yellow $logs = @("System", "Application", "Security") $result = @() foreach ($log in $logs) { $events = Get-EventLog -LogName $log -Newest 100 $errorCount = ($events | Where-Object { $_.EntryType -eq "Error" }).Count $warningCount = ($events | Where-Object { $_.EntryType -eq "Warning" }).Count $result += [PSCustomObject]@{ LogName = $log TotalEvents = $events.Count ErrorCount = $errorCount WarningCount = $warningCount MostCommonSource = ($events | Group-Object Source | Sort-Object Count -Descending | Select-Object -First 1).Name } } $result | Format-Table -AutoSize return $result } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Windows Client Audit Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>Windows Client Audit Report</h1> <p>Generated on: $(Get-Date)</p> <h2>System Information</h2> $($AllResults.SystemInfo | ConvertTo-Html -Fragment) <h2>Hardware Inventory</h2> $($AllResults.HardwareInventory | ConvertTo-Html -Fragment) <h2>Installed Software</h2> $($AllResults.InstalledSoftware | ConvertTo-Html -Fragment) <h2>Windows Update Status</h2> $($AllResults.WindowsUpdateStatus | ConvertTo-Html -Fragment) <h2>Security Settings</h2> $($AllResults.SecuritySettings | ConvertTo-Html -Fragment) <h2>Network Configuration</h2> $($AllResults.NetworkConfig | ConvertTo-Html -Fragment) <h2>User Accounts and Groups</h2> <h3>Users</h3> $($AllResults.UserAccountsAndGroups.Users | ConvertTo-Html -Fragment) <h3>Groups</h3> $($AllResults.UserAccountsAndGroups.Groups | ConvertTo-Html -Fragment) <h2>Startup Programs</h2> $($AllResults.StartupPrograms | ConvertTo-Html -Fragment) <h2>Disk Space and File System</h2> $($AllResults.DiskSpace | ConvertTo-Html -Fragment) <h2>Event Log Analysis</h2> $($AllResults.EventLogAnalysis | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-12)" switch ($choice) { "1" { $allResults.SystemInfo = Get-SystemInformation } "2" { $allResults.HardwareInventory = Get-HardwareInventory } "3" { $allResults.InstalledSoftware = Get-InstalledSoftware } "4" { $allResults.WindowsUpdateStatus = Get-WindowsUpdateStatus } "5" { $allResults.SecuritySettings = Get-SecuritySettings } "6" { $allResults.NetworkConfig = Get-NetworkConfiguration } "7" { $allResults.UserAccountsAndGroups = Get-UserAccountsAndGroups } "8" { $allResults.StartupPrograms = Get-StartupPrograms } "9" { $allResults.DiskSpace = Get-DiskSpaceAndFileSystem } "10" { $allResults.EventLogAnalysis = Get-EventLogAnalysis } "11" { Generate-HTMLReport -AllResults $allResults } "12" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "12") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "12")
This Local Windows Client Audit Toolkit includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a thorough audit of a Windows client machine, making it easier to inventory, troubleshoot, or document system configurations. Remember to use this tool responsibly and respect privacy and security policies when auditing systems.
<# .SYNOPSIS Local Admin User and Group Toolkit .DESCRIPTION This script provides functionality to manage local administrators and groups on Windows systems. It allows creating, deleting, and managing local admin users and groups, as well as viewing current configurations. .NOTES File Name : LocalAdminToolkit.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights Version : 1.0 Date : [Current Date] .EXAMPLE .\LocalAdminToolkit.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Local_Admin_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" function Show-Menu { Clear-Host Write-Host "=== Local Admin User and Group Toolkit ===" -ForegroundColor Cyan Write-Host "1. View Local Administrators" Write-Host "2. Create New Local Admin User" Write-Host "3. Delete Local Admin User" Write-Host "4. Add User to Administrators Group" Write-Host "5. Remove User from Administrators Group" Write-Host "6. View All Local Groups" Write-Host "7. Create New Local Group" Write-Host "8. Delete Local Group" Write-Host "9. Add User to Group" Write-Host "10. Remove User from Group" Write-Host "11. Generate HTML Report" Write-Host "12. Exit" } function View-LocalAdministrators { Write-Host "`nViewing Local Administrators..." -ForegroundColor Yellow $admins = Get-LocalGroupMember -Group "Administrators" $admins | Format-Table Name, PrincipalSource return $admins } function Create-NewLocalAdminUser { $username = Read-Host "Enter the new admin username" $password = Read-Host "Enter the password" -AsSecureString $fullName = Read-Host "Enter the full name (optional)" $description = Read-Host "Enter a description (optional)" try { New-LocalUser -Name $username -Password $password -FullName $fullName -Description $description -ErrorAction Stop Add-LocalGroupMember -Group "Administrators" -Member $username Write-Host "User $username created and added to Administrators group." -ForegroundColor Green } catch { Write-Host "Error creating user: $_" -ForegroundColor Red } } function Delete-LocalAdminUser { $username = Read-Host "Enter the username to delete" try { Remove-LocalUser -Name $username -ErrorAction Stop Write-Host "User $username deleted." -ForegroundColor Green } catch { Write-Host "Error deleting user: $_" -ForegroundColor Red } } function Add-UserToAdministrators { $username = Read-Host "Enter the username to add to Administrators group" try { Add-LocalGroupMember -Group "Administrators" -Member $username -ErrorAction Stop Write-Host "User $username added to Administrators group." -ForegroundColor Green } catch { Write-Host "Error adding user to Administrators group: $_" -ForegroundColor Red } } function Remove-UserFromAdministrators { $username = Read-Host "Enter the username to remove from Administrators group" try { Remove-LocalGroupMember -Group "Administrators" -Member $username -ErrorAction Stop Write-Host "User $username removed from Administrators group." -ForegroundColor Green } catch { Write-Host "Error removing user from Administrators group: $_" -ForegroundColor Red } } function View-AllLocalGroups { Write-Host "`nViewing All Local Groups..." -ForegroundColor Yellow $groups = Get-LocalGroup $groups | Format-Table Name, Description return $groups } function Create-NewLocalGroup { $groupName = Read-Host "Enter the new group name" $description = Read-Host "Enter a description (optional)" try { New-LocalGroup -Name $groupName -Description $description -ErrorAction Stop Write-Host "Group $groupName created." -ForegroundColor Green } catch { Write-Host "Error creating group: $_" -ForegroundColor Red } } function Delete-LocalGroup { $groupName = Read-Host "Enter the group name to delete" try { Remove-LocalGroup -Name $groupName -ErrorAction Stop Write-Host "Group $groupName deleted." -ForegroundColor Green } catch { Write-Host "Error deleting group: $_" -ForegroundColor Red } } function Add-UserToGroup { $username = Read-Host "Enter the username to add" $groupName = Read-Host "Enter the group name" try { Add-LocalGroupMember -Group $groupName -Member $username -ErrorAction Stop Write-Host "User $username added to group $groupName." -ForegroundColor Green } catch { Write-Host "Error adding user to group: $_" -ForegroundColor Red } } function Remove-UserFromGroup { $username = Read-Host "Enter the username to remove" $groupName = Read-Host "Enter the group name" try { Remove-LocalGroupMember -Group $groupName -Member $username -ErrorAction Stop Write-Host "User $username removed from group $groupName." -ForegroundColor Green } catch { Write-Host "Error removing user from group: $_" -ForegroundColor Red } } function Generate-HTMLReport { Write-Host "`nGenerating HTML Report..." -ForegroundColor Yellow $admins = View-LocalAdministrators $groups = View-AllLocalGroups $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Local Admin and Group Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Local Admin and Group Report</h1> <p>Generated on: $(Get-Date)</p> <h2>Local Administrators</h2> $($admins | ConvertTo-Html -Fragment) <h2>All Local Groups</h2> $($groups | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop do { Show-Menu $choice = Read-Host "`nEnter your choice (1-12)" switch ($choice) { "1" { View-LocalAdministrators } "2" { Create-NewLocalAdminUser } "3" { Delete-LocalAdminUser } "4" { Add-UserToAdministrators } "5" { Remove-UserFromAdministrators } "6" { View-AllLocalGroups } "7" { Create-NewLocalGroup } "8" { Delete-LocalGroup } "9" { Add-UserToGroup } "10" { Remove-UserFromGroup } "11" { Generate-HTMLReport } "12" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "12") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "12")
This Local Admin User and Group Toolkit includes:
Key features:
Important notes:
To use this script:
.\LocalAdminToolkit.ps1This toolkit provides a convenient way to manage local administrators and groups on Windows systems, which can be particularly useful for system administrators managing multiple machines or performing routine user management tasks.
<# .SYNOPSIS Windows Services Analyzer Tool .DESCRIPTION This script analyzes and audits Windows services on local or remote systems, providing insights into service configurations, startup types, and potential issues. .NOTES File Name : ServicesAnalyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights Version : 1.0 Date : [Current Date] .EXAMPLE .\ServicesAnalyzer.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Services_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" $global:targetComputer = $env:COMPUTERNAME <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== Windows Services Analyzer Tool ===" -ForegroundColor Cyan Write-Host "Current Target: $global:targetComputer" Write-Host "1. Set Target Computer" Write-Host "2. Analyze All Services" Write-Host "3. Check Automatic Services Not Running" Write-Host "4. Identify Manual Services Running" Write-Host "5. Analyze Service Dependencies" Write-Host "6. Check Services with Non-Standard Accounts" Write-Host "7. Identify Services with No Description" Write-Host "8. Generate Comprehensive HTML Report" Write-Host "9. Exit" } <# .SYNOPSIS Sets the target computer for analysis. #> function Set-TargetComputer { $computer = Read-Host "Enter the name of the target computer (or press Enter for local machine)" if ([string]::IsNullOrWhiteSpace($computer)) { $global:targetComputer = $env:COMPUTERNAME } else { $global:targetComputer = $computer } Write-Host "Target computer set to: $global:targetComputer" -ForegroundColor Green } <# .SYNOPSIS Analyzes all services on the target computer. .OUTPUTS Array of PSObjects containing service details. #> function Analyze-AllServices { Write-Host "`nAnalyzing All Services..." -ForegroundColor Yellow try { $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName State = $service.State StartMode = $service.StartMode StartName = $service.StartName } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error analyzing services: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Checks for automatic services that are not running. .OUTPUTS Array of PSObjects containing details of automatic services not running. #> function Check-AutomaticServicesNotRunning { Write-Host "`nChecking Automatic Services Not Running..." -ForegroundColor Yellow try { $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer | Where-Object { $_.StartMode -eq "Auto" -and $_.State -ne "Running" } $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName State = $service.State StartMode = $service.StartMode } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error checking automatic services: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Identifies manual services that are running. .OUTPUTS Array of PSObjects containing details of manual services running. #> function Identify-ManualServicesRunning { Write-Host "`nIdentifying Manual Services Running..." -ForegroundColor Yellow try { $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer | Where-Object { $_.StartMode -eq "Manual" -and $_.State -eq "Running" } $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName State = $service.State StartMode = $service.StartMode } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error identifying manual services: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Analyzes service dependencies. .OUTPUTS Array of PSObjects containing service dependency details. #> function Analyze-ServiceDependencies { Write-Host "`nAnalyzing Service Dependencies..." -ForegroundColor Yellow try { $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer $results = @() foreach ($service in $services) { if ($service.DependentServices) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName DependentServices = $service.DependentServices -join ", " } } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error analyzing service dependencies: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Checks for services with non-standard accounts. .OUTPUTS Array of PSObjects containing details of services with non-standard accounts. #> function Check-ServicesWithNonStandardAccounts { Write-Host "`nChecking Services with Non-Standard Accounts..." -ForegroundColor Yellow try { $standardAccounts = @("LocalSystem", "NT AUTHORITY\LocalService", "NT AUTHORITY\NetworkService") $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer | Where-Object { $standardAccounts -notcontains $_.StartName } $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName StartName = $service.StartName State = $service.State } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error checking services with non-standard accounts: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Identifies services with no description. .OUTPUTS Array of PSObjects containing details of services with no description. #> function Identify-ServicesWithNoDescription { Write-Host "`nIdentifying Services with No Description..." -ForegroundColor Yellow try { $services = Get-WmiObject -Class Win32_Service -ComputerName $global:targetComputer | Where-Object { [string]::IsNullOrWhiteSpace($_.Description) } $results = @() foreach ($service in $services) { $results += [PSCustomObject]@{ Name = $service.Name DisplayName = $service.DisplayName State = $service.State StartMode = $service.StartMode } } $results | Format-Table -AutoSize return $results } catch { Write-Host "Error identifying services with no description: $_" -ForegroundColor Red return $null } } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Windows Services Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Windows Services Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <p>Target Computer: $global:targetComputer</p> <h2>All Services</h2> $($AllResults.AllServices | ConvertTo-Html -Fragment) <h2>Automatic Services Not Running</h2> $($AllResults.AutomaticNotRunning | ConvertTo-Html -Fragment) <h2>Manual Services Running</h2> $($AllResults.ManualRunning | ConvertTo-Html -Fragment) <h2>Service Dependencies</h2> $($AllResults.ServiceDependencies | ConvertTo-Html -Fragment) <h2>Services with Non-Standard Accounts</h2> $($AllResults.NonStandardAccounts | ConvertTo-Html -Fragment) <h2>Services with No Description</h2> $($AllResults.NoDescription | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-9)" switch ($choice) { "1" { Set-TargetComputer } "2" { $allResults.AllServices = Analyze-AllServices } "3" { $allResults.AutomaticNotRunning = Check-AutomaticServicesNotRunning } "4" { $allResults.ManualRunning = Identify-ManualServicesRunning } "5" { $allResults.ServiceDependencies = Analyze-ServiceDependencies } "6" { $allResults.NonStandardAccounts = Check-ServicesWithNonStandardAccounts } "7" { $allResults.NoDescription = Identify-ServicesWithNoDescription } "8" { Generate-HTMLReport -AllResults $allResults } "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "9") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "9")
This Windows Services Analyzer Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of Windows services, making it easier to audit and maintain proper service configurations, identify potential security issues, and ensure the correct setup of services across Windows systems.
In the Windows operating system, folder permissions play a crucial role in controlling access and managing the security of your files and directories. These permissions determine who can perform specific actions, such as reading, writing, or modifying the contents of a folder. Understanding and properly configuring folder permissions is essential for maintaining the integrity and confidentiality of your data.
Understanding Folder Permissions: Folder permissions in Windows are based on the NTFS (New Technology File System) file system. NTFS provides a robust set of permissions that can be applied to folders, files, and other objects within the file system. The main types of permissions include:
Configuring Folder Permissions: To configure folder permissions in Windows, follow these steps:
Inheritance and Propagation: Folder permissions can be inherited from parent folders or propagated to subfolders and files. By default, new folders and files inherit the permissions from their parent folder. This inheritance can be modified or disabled as needed.
Best Practices for Folder Permissions: To effectively manage folder permissions, consider the following best practices:
By understanding and properly configuring folder permissions in Windows, you can enhance the security and control of your file system, protecting your valuable data and ensuring that users have the appropriate level of access to perform their tasks effectively.
Windows PowerShell: Automate tasks and streamline IT operations with Microsoft’s powerful command-line shell and scripting language. Boost productivity, manage systems efficiently, and harness the full potential of Windows and cloud platforms. Discover the power of PowerShell today!
PowerShell Book:
https://www.powershellbook.com
Amazon Books:
https://amazon.com/author/bocso
PowerShell Book Series:
— Email —
hello@powershellblog.com