Solved

Windows server local account audit script

Posted on 2014-02-19
4
721 Views
Last Modified: 2014-02-20
Hi guys

I have a requirement from my customer, to send a monthly report of local accounts on a windows servers. I have been able to do this, from a script I found from google. The only problem is, they are requesting to have more column of the existing report. Specifically, they want another 2 columns

1 - When last password changed?
2 - How many days after last password changed?

Here is the script that I've been using, not sure if the owner of the script is in this forum too, thank you so much!

##########Start PS script#############

Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

###########END PS script################
0
Comment
Question by:ServerManagementTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Arpit Bajpai
ID: 39870701
Hi,
You should use better tools to audit the systems.
You can try Spiceworks..it is free and open source.

Or if you want to pay use Desktop Central - ManageEngine

Hope this helps.
thanks
Arpit
0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39870899
Hi

I don't have that option as it's customer's decision.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39870995
I made a couple adjustments to your code to add the requested properties.
Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

$now = Get-Date
Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
            $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now - ($now.AddSeconds(-$rawPWAge))).Days

            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

Open in new window

0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39875683
footech

that was awesome.. Can I learn powershell from you? I know what is required to be called, but not too sure the correct attributes.. any tips?
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question