Windows server local account audit script

Hi guys

I have a requirement from my customer, to send a monthly report of local accounts on a windows servers. I have been able to do this, from a script I found from google. The only problem is, they are requesting to have more column of the existing report. Specifically, they want another 2 columns

1 - When last password changed?
2 - How many days after last password changed?

Here is the script that I've been using, not sure if the owner of the script is in this forum too, thank you so much!

##########Start PS script#############

Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

###########END PS script################
LVL 1
ServerManagementTeamAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
footechConnect With a Mentor Commented:
I made a couple adjustments to your code to add the requested properties.
Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

$now = Get-Date
Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
            $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now - ($now.AddSeconds(-$rawPWAge))).Days

            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

Open in new window

0
 
Arpit BajpaiCo-founder/DirectorCommented:
Hi,
You should use better tools to audit the systems.
You can try Spiceworks..it is free and open source.

Or if you want to pay use Desktop Central - ManageEngine

Hope this helps.
thanks
Arpit
0
 
ServerManagementTeamAuthor Commented:
Hi

I don't have that option as it's customer's decision.
0
 
ServerManagementTeamAuthor Commented:
footech

that was awesome.. Can I learn powershell from you? I know what is required to be called, but not too sure the correct attributes.. any tips?
0
All Courses

From novice to tech pro — start learning today.