Windows Audit Script This PowerShell script performs comprehensive auditing of a Windows system, collecting essential information about hardware, software, network configuration, user accounts, and security settings. It generates detailed logs for analysis and system monitoring.
- Open Powershell in admininstration mode
- Change directory to where the script is stored
- Set Execution policy - Set-ExecutionPolicy RemoteSigned
- .\audit.ps1
Basic System Information:
System model, manufacturer, and other hardware details.
Operating system version, installation date, and other OS-related information.
Processor details (CPU model, architecture, etc.).
Hardware Information:
Memory (RAM) details including capacity, speed, and type.
Disk drive information such as type, capacity, and interface.
Network adapter details like name, MAC address, and status.
Software and Patch Management:
List of installed software including name, version, and vendor.
Installed Windows updates and patches (hotfixes).
Network and Security Information:
Network configuration details (IP addresses, DNS settings, etc.).
Firewall settings and status.
Antivirus status and Windows Defender settings.
Open ports and listening processes on the system.
User and Account Information:
Local user accounts and their properties (name, description, etc.).
Active Directory user information (if applicable).
Event Logs and Monitoring:
Recent system, security, and application event logs.
Monitoring of system changes and critical events.
Scheduled Tasks and Services:
List of scheduled tasks and their configurations.
Running services on the system with their current status.
Advanced Security Checks:
File and folder permissions.
Registry permissions and settings.
Checking for unauthorized or suspicious processes.
System Configuration Checks:
UAC (User Account Control) settings.
Startup programs and services.
Domain and Active Directory Information:
Details about the domain the system is joined to (if applicable).
Information about Active Directory users and groups.
Additional Information:
Group Policy settings and configurations.
System startup and boot configurations.
Advanced system and network configurations.
These functions collectively provide a comprehensive overview of the Windows system's configuration, security posture, hardware specifications, software inventory, and user/account management. Depending on specific audit requirements and use cases, you can tailor the script to include relevant sections and customize the output format for easier analysis and reporting.
The output to is stored in
C:\AuditLogs
