Firstly, I did not "write" these per se. I found pieces of code here and there, and strung em together. File operations, the registry stuff, etc etc.
This is from an email i sent to my counterparts. Script code will be in subsequent posts.
Figured they'd help, i know we have some IT folks on here.
These are some things i came up with to make my job easier. Each one outputs a text file. One lists all the installed hotfixes/updates (including what KB number they are.) The other two list installed server roles/features and installed software, respectively. I made a service account to run them under via task scheduler, and store them on a network share. I created a service account to do this, called DocumentationScripts, and gave it access to the folder the scripts reside in. That account also needs login rights to the servers in order to run. If you create the tasks via group policy, use "replace" for each one, so that any changes you make cause the whole task to be recreated. I also told it to end the existing instance if already running, and repeat up to 5 times if failed.
In my environment, only signed powershell scripts can be run (set the execution policy to allsigned via GPO) that way no unsigned scripts can run, even locally, for security. If someone changes the files, they will fail to run because the hash won't match the one that was put on it after signing. You'll have to sign them if you have the same setup . In addition, any time you modify them you'll have to resign.
Here are complete signing instructions, including creating the CodeSigning certificate, signing the scripts with it, and creation of a policy to add to the trusted publishers store (required if you want to automate this.) It's a two part blog post on technet.
http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/16/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx If you'd like to see the output it produces, I'm having mine run domain wide at 11 today. Let me know if you want to see it. I had a test run earlier but deleted those results in order to get the full domain at 11.