We Keep Coding

Powershell IIS Audit Scripting

I'm in the early stages of learning powershell, and I'm trying to put together a script that remotely gathers information from our IIS servers, but I'm encountering several issues.
The first one is that the IP Address and OU columns remain empty in the output file.
The second one is that I'm not able to format the Administrator group column to have 1 group per line, or delimited by commas.
This is the current version of the code:
$computers = Get-Content "C:\servers.txt"
#Running the invoke-command on remote machine to run the iisreset
$output = foreach ($computer in $computers)
{
Write-Host "Details from server $computer..."
try{
Invoke-command -ComputerName $computer -ErrorAction Stop -ScriptBlock{
# Ensure to import the WebAdministration and AD module
Import-Module WebAdministration
Import-Module ActiveDirectory
$webapps = Get-WebApplication
$list = #()
foreach ($webapp in get-childitem IIS:\AppPools\)
{
$name = "IIS:\AppPools\" + $webapp.name
$item = #{}
$item.server = $env:computername
$item.WebAppName = $webapp.name
$item.Version = (Get-ItemProperty $name managedRuntimeVersion).Value
$item.State = (Get-WebAppPoolState -Name $webapp.name).Value
$item.UserIdentityType = $webapp.processModel.identityType
$item.Username = $webapp.processModel.userName
$item.Password = $webapp.processModel.password
$item.OU = (Get-ADComputer $_ | select DistinguishedNAme)
$item.IPAddress = (Get-NetIPAddress -AddressFamily IPv4)
$item.Administrators = (Get-LocalGroupMember -Group "Administrators")
$obj = New-Object PSObject -Property $item
$list += $obj
}
$list | select -Property "Server","WebAppName", "Version", "State", "UserIdentityType", "Username", "Password", "OU", "Ip Address", "Administrators"
}
} catch {
Add-Content .\failedservers.txt -Force -Value $computer
}
}
$output | Export-Csv -Path .\output.csv
#Stop-Transcript
I'd really appreciate any input on how to get it to work properly or improve on the code itself.
Thanks in advance!

For the OU property, you'll want to reference $env:COMPUTERNAME instead of $_:
$item.OU = (Get-ADComputer $env:COMPUTERNAME |Select -Expand DistinguishedName)
For the IPAddress and Administrators fields you'll want to use -join to create comma-separated lists of the relevant values:
$item.IPAddress = (Get-NetIPAddress -AddressFamily IPv4).IPAddress -join ','
$item.Administrators = (Get-LocalGroupMember -Group "Administrators").Name -join ','

Cannot run PS1 with different credential

I have a script, which does multiple things on different servers. If I log on to a computer with my admin account, the script runs fine. However, I want to to be able to run it on my standard account by using my admin credential.
I have used invoke-command with -credential or get-credential at the beginning of my script but none has worked. I keep getting "access is denied"
Here is a part of my script.
$Computername = "Computer"
if (test-Connection -ComputerName $ComputerName -Count 1 -quiet) {Write-Host "`n$computername is ONLINE."}
else {Write-Host "`n$computername is OFFLINE."
Get-ADComputer -identity $computername
if (!$?) {Write-Host "`n$computername is not found in ActiveDir."}
Else {
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.filter = "(&(objectclass=computer)(name=$computername))"
$search.findall() | %{$_.GetDirectoryEntry() } | %{$_.DeleteObject(0)}
Write-Host "`n$computername is deleted from ActiveDir."
}}

Running powershell script as multiple users

I have different accounts for my server admin and workstation admin roles. I want to run a powershell script that will query my ad to get a list of computers and the query each computer returned to check for a service. The first part needs to run as the server admin and the second as the workstation admin. Currently I use two separate scripts. Is it possible to integrate it into one script?
Here are my two scripts they both run on the one computer. The first script I run on my workstation but run as my server admin account as this is the only one with access to active directory. This script creates an XML file which is used by the second script. I run this script as my workstation admin account.
runas.exe /user:domain\srvadmin "powershell.exe -executionpolicy bypass -command c:\output\script1.ps1"
runas.exe /user:domain\wsadmin "powershell.exe -executionpolicy bypass -command c:\output\script2.ps1"
script1
import-module -name activedirectory -cmdlet get-adcomputer, get-adorganizationalunit;
$orgUnit = #("OU=Computers,DC=domain,DC=com")
$computerList = get-adcomputer -filter * -searchscope subtree -searchbase (get-adorganizationalunit $orgUnit).distinguishedname;
write $computerList | export-clixml c:\output\computerList.xml
script2
$computersInOU = import-clixml c:\output\computerList.xml
foreach ($comp in $computersInOU) {
if ($comp.Enabled) {
$cpu = get-wmiobject -class win32_processor -computername $comp.name
write "$comp.name $cpu"
}
}

You can cycle through an array of machines and use Invoke-Command to run scripts remotely:
$script = {Get-Process explorer}
$servers = #("Server1", "Server2") # or $servers = Get-ADComputer -filter blah1
$serverCred = Get-Credential "(Server)"
$workstations = #("WS1", "WS2") # or $workstations = Get-ADComputer -filter blah2
$workstationCred = Get-Credential "(Workstation)"
$servers | %{Invoke-Command $script -Computer $_ -Credential $serverCred}
$workstations | %{Invoke-Command $script -Computer $_ -Credential $workstationCred}
Update based on new question info:
You can combine your scripts like this:
$srvCred = Get-Credential "domain\srvadmin"
$wsCred = Get-Credential "domain\wsadmin"
Import-Module -name ActiveDirectory -cmdlet Get-ADComputer, Get-ADOrganizationalUnit;
$orgUnit = #("OU=Computers,DC=domain,DC=com")
$searchBase = (Get-ADOrganizationalUnit -Credential $srvCred $orgUnit).distinguishedname
$computersInOU = Get-ADComputer -Credential $srvCred -filter * -searchscope subtree -searchbase $searchBase;
foreach ($comp in $computersInOU) {
if ($comp.Enabled) {
$cpu = Get-WmiObject -Credential $wsCred -class win32_processor -computername $comp.name
write "$comp.name $cpu"
}
}

Combining Powershell Commands in a Foreach Loop

I'm pretty new to powershell, and am wondering why this isn't working. Basically, I have a foreach loop that checks if IIS is running and reports the OS version if so and writes this out to a file. However, it's not reporting correctly. It seems like it gets the values for the first item (IIS state and OS) and then populates it through the other items in my loop.
#Get List of Servers to Scan
$servers = (Get-Content e:\servers.txt)
#Determine if IIS is Running
foreach($server in $servers){
$iis = get-wmiobject Win32_Service -ComputerName $server -Filter "name='IISADMIN'";
if($iis.State -eq "Running")
{$OSVer= [environment]::OSVersion.Version}
Write-Host "$server,$IISRun,$OSVer" | Out-File -FilePath "E:\results.txt"
}
The Results:
Server1,true,5.2.3790.131072 <---- Correct
Server2,true,5.2.3790.131072 <---- Correct
Server3,true,5.2.3790.131072 <---- Wrong OS reported (windows 2008)
Server4,true,5.2.3790.131072 <---- Wrong OS reported (windows 2008)
Server5,true,5.2.3790.131072 <---- IIS isn't installed here at all
Server6,true,5.2.3790.131072 <---- IIS isn't installed here at all
Thanks for any advice...

[environment]::OSVersion.Version gets you your local OS version. Use Get-WmiObject Win32_OperatingSystem -ComputerName $server instead to get target computer's OS information, e.g.:
foreach ($server in $servers)
{
$iis = Get-WmiObject Win32_Service -ComputerName $server -Filter "name='IISADMIN'"
$os = Get-WmiObject Win32_OperatingSystem -ComputerName $server
$iisRunning = $iis.State -eq "Running"
$osVersion = $os.Version
Write-Host "$server, $iisRunning, $osVersion"
}

Getting back TIME information by Powershell

I have the below code that looks at OS system and based on the build type it returns the NTP server they point to.
However, it works fine on a match of 7601 (Windows Server 2008 R2) - but, for Windows Server 2003 servers I always get an error. For Windows Server 2003 servers you need to read a registry key.
If I did the same query on the registry key locally on a server it works fine...although it reports back other stuff aswell as the registry key..
here is the error:
NTPSource Server
--------- ------
The following error occurred: The procedure number is ou... SERV1
Here is the code:
$servers = #('SERV1','SERV2')
$version = Get-WmiObject Win32_OperatingSystem -computer $servers | select buildnumber
foreach ($server in $servers){
if ($version -match '7601')
{
$ntps = w32tm /query /computer:$server /source
new-object psobject -property #{
Server = $Server
NTPSource = $ntps
}
}
elseif($version -match '3790')
{
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters' -Name Type
}
}

Personally I use this to retrieve NTP server (Windows Server 2000/2003/2008/2008r2):
$Servers = (gc Computers.txt) # list of servers name
$pw = Get-Credential
$HKLM = 2147483650
foreach( $Server in $Servers )
{
$reg = GWMI -list -namespace root\default -computername $server -Credential $pw |
where-object { $_.name -eq "StdRegProv" }
$key = $reg.GetStringValue($HKLM,"SYSTEM\CurrentControlSet\Services\W32Time\Parameters","NtpServer")
write-host "$server `t$($key.svalue)"
}