Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Powershell compliance reports

Posted on 2016-09-20
7
Medium Priority
?
118 Views
Last Modified: 2016-09-21
Hello EE,

I am looking for some powershell scripts available that will report on Access security formatted for the general competencies such as PCI or IT general Control listing . In summary , something to pull all the AD and preferably SQL access and formatted in excel or a table to drop into any required documents .

Thanks.
0
Comment
Question by:davesnb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 64

Expert Comment

by:btan
ID: 41806926
You probably can get from AD based on event id e.g. To access event logs, Windows PowerShell comes with Get-EventLog cmdlet. For example, define the start date, grab event log of warning and error from that date, select the fields desired, and send it into xls..

$now=get-date
$startdate=$now.adddays(-7)
$el = get-eventlog -ComputerName Serv1 -log System -After $startdate -EntryType Error, Warning
$el|Select EntryType, TimeGenerated, Source, EventID | Export-CSV eventlog.csv -NoTypeInfo

http://eventlogxp.com/blog/exporting-event-logs-with-windows-powershell/

I see it more of object access event so need to check for the ID. In short, depending which audit enabled and application specific log with the specific id, the PS can be use to grab and print to xls.
0
 

Author Comment

by:davesnb
ID: 41806933
I am looking for something more for access control , so Active Directory reporting
0
 
LVL 64

Expert Comment

by:btan
ID: 41806941
There are also access event log for AD access if that is what you are looking at. For e.g.
https://blogs.technet.microsoft.com/heyscriptingguy/2012/03/12/use-powershell-to-explore-active-directory-security/
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:davesnb
ID: 41806974
I am using Add-PSSnapin Quest.ActiveRoles.ADManagement module now to pull a lot of this data, I wondered if there is a script already created to provide all group roles , and user roles in a domain
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41806983
Maybe something of a recursive read
https://4sysops.com/archives/display-access-rights-on-active-directory-ous-with-powershell/
there is a free scanner per se
Once the GUI is running, you can directly connect to your AD domain; loading the Active Directory PowerShell module is not required. Next, you have to select the AD object for which you want to retrieve the permissions. In AD ACL Scanner’s Advanced section, you can set several options, such as the scan type (DACL or SACL) and the scan depth (OUs, containers, all objects).
https://4sysops.com/archives/ad-acl-scanner-easily-generate-active-directory-permissions-reports/
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41807407
0
 

Author Closing Comment

by:davesnb
ID: 41808638
ok thanks for the info guys!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question