Solved

Windows server local account audit script

Posted on 2014-02-19
4
696 Views
Last Modified: 2014-02-20
Hi guys

I have a requirement from my customer, to send a monthly report of local accounts on a windows servers. I have been able to do this, from a script I found from google. The only problem is, they are requesting to have more column of the existing report. Specifically, they want another 2 columns

1 - When last password changed?
2 - How many days after last password changed?

Here is the script that I've been using, not sure if the owner of the script is in this forum too, thank you so much!

##########Start PS script#############

Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

###########END PS script################
0
Comment
Question by:ServerManagementTeam
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Arpit Bajpai
Comment Utility
Hi,
You should use better tools to audit the systems.
You can try Spiceworks..it is free and open source.

Or if you want to pay use Desktop Central - ManageEngine

Hope this helps.
thanks
Arpit
0
 
LVL 1

Author Comment

by:ServerManagementTeam
Comment Utility
Hi

I don't have that option as it's customer's decision.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
I made a couple adjustments to your code to add the requested properties.
Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

$now = Get-Date
Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
            $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now - ($now.AddSeconds(-$rawPWAge))).Days

            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

Open in new window

0
 
LVL 1

Author Comment

by:ServerManagementTeam
Comment Utility
footech

that was awesome.. Can I learn powershell from you? I know what is required to be called, but not too sure the correct attributes.. any tips?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now