GetSysInfo.ps1
|
<#PSScriptInfo
.VERSION 1.0 .GUID 41272be8-bc1d-4b8c-b2ff-914ba219200c .AUTHOR Administrator .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .DESCRIPTION Bla #> function Get-SysInfo { <# .SYNOPSIS Gets basic system information from the host #> [CmdletBinding()] Param() $os_info = gwmi Win32_OperatingSystem $uptime = [datetime]::ParseExact($os_info.LastBootUpTime.SubString(0,14), "yyyyMMddHHmmss", $null) $uptime = (Get-Date).Subtract($uptime) $uptime = ("{0} Days, {1} Hours, {2} Minutes, {3} Seconds" -f ($uptime.Days, $uptime.Hours, $uptime.Minutes, $uptime.Seconds)) $date = Get-Date $IsHighIntegrity = [bool]([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") $SysInfoHash = @{ HOSTNAME = $ENV:COMPUTERNAME IPADDRESSES = (@([System.Net.Dns]::GetHostAddresses($ENV:HOSTNAME)) | %{$_.IPAddressToString}) -join ", " OS = $os_info.caption + ' ' + $os_info.CSDVersion ARCHITECTURE = $os_info.OSArchitecture "DATE(UTC)" = $date.ToUniversalTime()| Get-Date -uformat "%Y%m%d%H%M%S" "DATE(LOCAL)" = $date | Get-Date -uformat "%Y%m%d%H%M%S%Z" INSTALLDATE = $os_info.InstallDate UPTIME = $uptime USERNAME = $ENV:USERNAME DOMAIN = (GWMI Win32_ComputerSystem).domain LOGONSERVER = $ENV:LOGONSERVER PSVERSION = $PSVersionTable.PSVersion.ToString() PSCOMPATIBLEVERSIONS = ($PSVersionTable.PSCompatibleVersions) -join ', ' PSSCRIPTBLOCKLOGGING = If((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -EA 0).EnableScriptBlockLogging -eq 1){"Enabled"} Else {"Disabled"} PSTRANSCRIPTION = If((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -EA 0).EnableTranscripting -eq 1){"Enabled"} Else {"Disabled"} PSTRANSCRIPTIONDIR = (Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -EA 0).OutputDirectory PSMODULELOGGING = If((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging -EA 0).EnableModuleLogging -eq 1){"Enabled"} Else {"Disabled"} LSASSPROTECTION = If((Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -EA 0).RunAsPPL -eq 1){"Enabled"} Else {"Disabled"} LAPS = If((Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd" -EA 0).AdmPwdEnabled -eq 1){"Enabled"} Else {"Disabled"} UAC = If((Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -EA 0).EnableLUA -eq 1){"Enabled"} Else {"Disabled"} # LocalAccountTokenFilterPolicy = 1 disables local account token filtering UACTOKENFILTERING = If((Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -EA 0).LocalAccountTokenFilterPolicy -eq 1){"Disabled (PTH likely w/ local admins)"} Else {"Enabled"} UACFILTERADMINTOKEN = If((Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -EA 0).FilterAdministratorToken -eq 1){"Enabled (RID500 protected)"} Else {"Disabled"} HIGHINTEGRITY = $IsHighIntegrity DENYRDPCONNECTIONS = [bool](Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -EA 0).FDenyTSConnections } # PS feels the need to randomly re-order everything when converted to an object so let's presort New-Object -TypeName PSobject -Property $SysInfoHash | Select-Object Hostname, OS, Architecture, "Date(UTC)", "Date(Local)", InstallDate, UpTime, IPAddresses, Domain, Username, LogonServer, PSVersion, PSCompatibleVersions, PSScriptBlockLogging, PSTranscription, PSTranscriptionDir, PSModuleLogging, LSASSProtection, LAPS, UAC, UACTOKENFILTERING, UACFILTERADMINTOKEN, HIGHINTEGRITY } |