-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdump-state.ps1
132 lines (116 loc) · 5.22 KB
/
dump-state.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
param(
[string]$Prefix = $env:computerName,
[string]$Postfix = "",
[string]$OutputPath = ""
)
# these settings should make the script stop on error
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"
$PSDefaultParameterValues['*:ErrorAction']='Stop'
# listing drivers requires administrator privileges
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "You do not have Administrator rights to run this script!`nPlease re-run this script as an Administrator!"
break
}
# the module(s) and output folder should be in the same directory as the main
# script, therefore they can be accessed by $PSScriptRoot
Import-Module $PSScriptRoot\installedapplication.psm1 -Force
if ([string]::IsNullOrEmpty($OutputPath) -eq $true) {
$path = Join-Path -Path $PSScriptRoot -ChildPath "output"
} else {
$path = $OutputPath
}
# create unique folder
$stamp = $(get-date -f yyyyMMdd) + $(get-date -f HHmmss)
if ([string]::IsNullOrEmpty($Prefix) -eq $false) {
$stamp = "$($Prefix.ToLower())_$stamp"
}
if ([string]::IsNullOrEmpty($Postfix) -eq $false) {
$stamp = "$($stamp)_$Postfix"
}
$path = Join-Path -Path $path -ChildPath $stamp
New-Item -ItemType directory -Path $path | Out-Null
# List drivers by using the built-in Get-WindowsDriver call
$driversFile = Join-Path $path -ChildPath "drivers.csv"
Write-Host "Gathering drivers"
Get-WindowsDriver -Online |
Sort-Object -Property ClassGuid, Driver |
Export-Csv -NoTypeInformation -Path $driversFile
# List installed applications by
# using the provided Get-InstalledApplication cmdlet
$appsFile = Join-Path $path -ChildPath "applications.csv"
Write-Host "Gathering applications"
Get-InstalledApplication |
Sort-Object -Property Application, Publisher, Architecture, Version |
Select-Object -Property Application, Version, Architecture, Publisher |
Export-Csv -NoTypeInformation -Path $appsFile
# List App Packages
$appPackagesFile = Join-Path $path -ChildPath "apppackages.csv"
Write-Host "Gathering app packages"
Get-AppxPackage -AllUsers |
Sort-Object -Property Name, Version |
Select-Object -Property Name, Version |
Export-Csv -NoTypeInformation -Path $appPackagesFile
# List services by using the built-in Get-Service call
$servicesFile = Join-Path $path -ChildPath "services.csv"
Write-Host "Gathering services"
Get-Service |
Where-Object { $_.ServiceType -like "*Win32*" } |
Sort-Object -Property ServiceName |
Select-Object -Property ServiceName, DisplayName, StartType |
Export-Csv -NoTypeInformation -Path $servicesFile
# List programs & programdata in the windows default folders
$foldersFile = Join-Path $path -ChildPath "folders.csv"
Write-Host "Gathering application folders"
Get-Item 'C:\Program Files\*' |
Select-Object -Property Parent, Name, CreationTime |
Sort-Object -Property Parent, Name |
Export-Csv -NoTypeInformation -Path $foldersFile
Get-Item 'C:\Program Files (x86)\*' |
Select-Object -Property Parent, Name, CreationTime |
Sort-Object -Property Parent, Name |
Export-Csv -NoTypeInformation -Append -Path $foldersFile
Get-Item 'C:\ProgramData\*' |
Select-Object -Property Parent, Name, CreationTime |
Sort-Object -Property Parent, Name |
Export-Csv -NoTypeInformation -Append -Path $foldersFile
# List startup programs
$startupFile = Join-Path $path -ChildPath "startup.csv"
Write-Host "Gathering startup programs"
Get-CimInstance Win32_StartupCommand |
Select-Object Name, command, Location, User |
Sort-Object -Property Name, Command |
Export-Csv -NoTypeInformation -Path $startupFile
# List scheduled tasks, excluding the ones in \Microsoft\
$tasksFile = Join-Path $path -ChildPath "tasks.csv"
Write-Host "Gathering scheduled tasks"
Get-ScheduledTask |
Where-Object {$_.TaskPath -notlike "\Microsoft\*" } |
Sort-Object -Property URI |
Select-Object -Property TaskPath, Author, TaskName, State, Triggers |
Export-Csv -NoTypeInformation -Path $tasksFile
# List start menu folders
$startmenuFile = Join-Path $path -ChildPath "startmenu.csv"
Write-Host "Gathering start menu folders"
Get-ChildItem -Recurse -Directory -Path "$([Environment]::GetFolderPath('StartMenu'))" |
Select-Object -Property Name, Parent, FullName, CreationTime |
Sort-Object -Property FullName |
Export-Csv -NoTypeInformation -Path $startmenuFile
Get-ChildItem -Recurse -Directory -Path "$([Environment]::GetFolderPath('CommonStartMenu'))" |
Select-Object -Property Name, Parent, FullName, CreationTime |
Sort-Object -Property FullName |
Export-Csv -NoTypeInformation -Append -Path $startmenuFile
# BIOS version
$biosFile = Join-Path $path -ChildPath "bios.csv"
Write-Host "Gathering BIOS version"
Get-WmiObject win32_bios | Export-Csv -NoTypeInformation -Path $biosFile
$osVersionFile = Join-Path $path -ChildPath "osversion.csv"
Write-Host "Gathering OS version"
[System.Environment]::OSVersion |
Export-Csv -NoTypeInformation -Path $osVersionFile
# Output the unique folder name so it can be copied over to a memo
Write-Host $path
# Pause so the powershell window doesn't disappear until the user has seen the
# folder name
Read-Host -Prompt "Press Enter to continue"