Solved

Windows server local account audit script

Posted on 2014-02-19
4
702 Views
Last Modified: 2014-02-20
Hi guys

I have a requirement from my customer, to send a monthly report of local accounts on a windows servers. I have been able to do this, from a script I found from google. The only problem is, they are requesting to have more column of the existing report. Specifically, they want another 2 columns

1 - When last password changed?
2 - How many days after last password changed?

Here is the script that I've been using, not sure if the owner of the script is in this forum too, thank you so much!

##########Start PS script#############

Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

###########END PS script################
0
Comment
Question by:ServerManagementTeam
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Arpit Bajpai
ID: 39870701
Hi,
You should use better tools to audit the systems.
You can try Spiceworks..it is free and open source.

Or if you want to pay use Desktop Central - ManageEngine

Hope this helps.
thanks
Arpit
0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39870899
Hi

I don't have that option as it's customer's decision.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39870995
I made a couple adjustments to your code to add the requested properties.
Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

$now = Get-Date
Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
            $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now - ($now.AddSeconds(-$rawPWAge))).Days

            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

Open in new window

0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39875683
footech

that was awesome.. Can I learn powershell from you? I know what is required to be called, but not too sure the correct attributes.. any tips?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question