Solved

Windows server local account audit script

Posted on 2014-02-19
4
699 Views
Last Modified: 2014-02-20
Hi guys

I have a requirement from my customer, to send a monthly report of local accounts on a windows servers. I have been able to do this, from a script I found from google. The only problem is, they are requesting to have more column of the existing report. Specifically, they want another 2 columns

1 - When last password changed?
2 - How many days after last password changed?

Here is the script that I've been using, not sure if the owner of the script is in this forum too, thank you so much!

##########Start PS script#############

Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

###########END PS script################
0
Comment
Question by:ServerManagementTeam
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Arpit Bajpai
ID: 39870701
Hi,
You should use better tools to audit the systems.
You can try Spiceworks..it is free and open source.

Or if you want to pay use Desktop Central - ManageEngine

Hope this helps.
thanks
Arpit
0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39870899
Hi

I don't have that option as it's customer's decision.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39870995
I made a couple adjustments to your code to add the requested properties.
Param
(
      [Parameter(Position=0,Mandatory=$false)]
      [ValidateNotNullorEmpty()]
      [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      [Parameter(Position=1,Mandatory=$false)]
      [Alias('un')][String[]]$AccountName,
      [Parameter(Position=2,Mandatory=$false)]
      [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
      
$Obj = @()

$now = Get-Date
Foreach($Computer in $ComputerName)
{
      If($Credential)
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      }
      else
      {
            $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
            -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      }
      
      Foreach($LocalAccount in $AllLocalAccounts)
      {
            $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
            $Object = New-Object -TypeName PSObject
            
            $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
            $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
            $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
            $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
            $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
            $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
            $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
            $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
            $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
            $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
            $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
            $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
            $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
            $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
            $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
            $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now - ($now.AddSeconds(-$rawPWAge))).Days

            
            $Obj+=$Object
      }
      
      If($AccountName)
      {
            Foreach($Account in $AccountName)
            {
                  $Obj|Where-Object{$_.Name -like "$Account"}
            }
      }
      else
      {
            $Obj
      }
}

Open in new window

0
 
LVL 1

Author Comment

by:ServerManagementTeam
ID: 39875683
footech

that was awesome.. Can I learn powershell from you? I know what is required to be called, but not too sure the correct attributes.. any tips?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Set OWA language and time zone in Exchange for individuals, all users or per database.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now