New Data Points for the Windows Workstation Inspector
reviewed
K
Kevin Fuller
Large Prospect: Arch Tech
Contact: Edward Wilson
The Arch Tech team is looking to replace their current manual processes for pulling the following data.
Bitlocker Keys
Inactivity Screen Timeout
BIOS Update Info
Windows Updates Timestamp
Hard Drive health
They provided example scripts for us.
Bitlocker Keys
$BitLockerKeyInfo = Get-BitLockerVolume | Select MountPoint,KeyProtector | Sort -Property MountPoint
$BitLockerKeyArray = @()
ForEach ($item in $BitLockerKeyInfo) {
$MountPoint = $item.MountPoint
$RecoveryKey = string.RecoveryPassword
if ($RecoveryKey.Length -gt 5) {
$BitLockerKeyOutput = "BLRK $MountPoint $RecoveryKey"
$BitLockerKeyArray += $BitLockerKeyOutput
}
else {
$BitLockerKeyOutput = "BLRK $MountPoint None"
$BitLockerKeyArray += $BitLockerKeyOutput
}
}
Inactivity Screen Timeout
$timeout = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System").InactivityTimeoutSecs
if (!$timeout -or $timeout -gt 1800) {
$passed = $false
$results += " - Screenlock"
}
BIOS Update Info
First Factor - BIOS has not been updated in more than 1 year
$BIOSReleaseDate = Get-WmiObject -Class Win32_BIOS | Select ReleaseDate
$BIOSDate = [datetime]::ParseExact($BIOSReleaseDate.ReleaseDate.Substring(0, 8), "yyyyMMdd", $null)
if ($BIOSDate -lt (Get-Date).AddMonths(-12)) {
$passed = $false
$results += " - BIOS Updates"
}
Windows Updates Timestamp
$lastWindowsUpdate = (Get-WmiObject -Class Win32_QuickFixEngineering | Sort-Object -Property HotFixID | Select-Object -Last 1).InstalledOn
if ($lastWindowsUpdate -eq $null) {
$lastWindowsUpdate = (Get-WmiObject -Class Win32_QuickFixEngineering | Sort-Object -Property HotFixID | Select-Object -Last 2).InstalledOn
if ($lastWindowsUpdate -lt (Get-Date).AddMonths(-2)) {
$passed = $false
$results += " - OS Updates"
}
}
elseif ($lastWindowsUpdate -lt (Get-Date).AddMonths(-2)) {
$passed = $false
$results += " - OS Updates"
}
Hard Drive health
$DiskOutputArray = @()
ForEach ($item in $DiskInfo) {
$DiskID = $item.DeviceID
$MediaType = $item.MediaType
$DiskHealth = $item.HealthStatus
$DiskOutput = "Disk $DiskID`: $MediaType $DiskHealth"
$DiskOutputArray += $DiskOutput
}