IT People - some helpful scripts i cobbled together.

[Fitz]

Firstly, I did not "write" these per se. I found pieces of code here and there, and strung em together. File operations, the registry stuff, etc etc.

This is from an email i sent to my counterparts. Script code will be in subsequent posts.

Figured they'd help, i know we have some IT folks on here.

These are some things i came up with to make my job easier. Each one outputs a text file. One lists all the installed hotfixes/updates (including what KB number they are.) The other two list installed server roles/features and installed software, respectively. I made a service account to run them under via task scheduler, and store them on a network share. I created a service account to do this, called DocumentationScripts, and gave it access to the folder the scripts reside in. That account also needs login rights to the servers in order to run. If you create the tasks via group policy, use "replace" for each one, so that any changes you make cause the whole task to be recreated. I also told it to end the existing instance if already running, and repeat up to 5 times if failed.
 
 In my environment, only signed powershell scripts can be run (set the execution policy to allsigned via GPO) that way no unsigned scripts can run, even locally, for security. If someone changes the files, they will fail to run because the hash won't match the one that was put on it after signing. You'll have to sign them if you have the same setup . In addition, any time you modify them you'll have to resign.
 
Here are complete signing instructions, including creating the CodeSigning certificate, signing the scripts with it, and creation of a policy to add to the trusted publishers store (required if you want to automate this.) It's a two part blog post on technet.
 
http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/16/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2.aspx
 
http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx
 
If you'd like to see the output it produces, I'm having mine run domain wide at 11 today. Let me know if you want to see it. I had a test run earlier but deleted those results in order to get the full domain at 11.
 

[Fitz]

# This script, when run as a scheduled task through GPO (or
# run manually from the server in question)
# will output a file to the directory the script is in called   
# "servername_hotfixes.txt" with all the installed hotfixes.

$computername = gc env:computername
$scriptpath = $MyInvocation.MyCommand.Path   #gets the full path to the script
$dir= Split-Path $scriptpath      #gets the path to the script, minus the script filename


#set filename to the dir the script was in, then servername_hotfixes.txt
$filename =  $dir + "\" + $computername + "_hotfixes.txt"     

#check if the filename exists, if so, remove it. We only care what's currently installed

if(Test-Path -Path $filename) {
   Remove-Item $filename
}



#get all the hotfix data, and one by one write the info to the file.

$colItems = get-wmiobject -class "Win32_QuickFixEngineering" -namespace "root\CIMV2" -computername $computername
 
foreach ($objItem in $colItems) {
      Write-Output "Caption: $($objItem.Caption)" | Out-File $filename -append
      Write-Output "Computer Name: $($objItem.CSName)"  | Out-File $filename -append
      Write-Output "Description: $($objItem.Description)" | Out-File $filename -append
      Write-Output "HotFix ID: $($objItem.HotFixID)" | Out-File $filename -append
      Write-Output "Installed On: $($objItem.InstalledOn)" | Out-File $filename -append
      Write-Output " " | Out-File $filename -append
      Write-Output " " | Out-File $filename -append
}
 

[Fitz]

# This script, when run as a scheduled task through GPO (or
# run manually from the server in question)
# will output a file to the directory the script is in called   
# "servername_software.txt" with all the installed software.
# it pulls from the registry, so there are duplicates sometimes.
# not sure how to fix this. Assume latest version numbers are valid
 
$computername = gc env:computername
$scriptpath = $MyInvocation.MyCommand.Path   #gets the full path to the script
$dir= Split-Path $scriptpath      #gets the path to the script, minus the script filename

#set filename to the dir the script was in, then servername_software.txt
$filename =  $dir + "\" + $computername + "_software.txt"     


#check if the filename exists, if so, remove it. We only care what's currently installed

if(Test-Path -Path $filename) {
   Remove-Item $filename
}



 
# Branch of the Registry 
$Branch='LocalMachine' 
 
# Main Sub Branch you need to open 
$SubBranch="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" 
 
$registry=[microsoft.win32.registrykey]::OpenRemoteBaseKey('Localmachine',$computername) 
$registrykey=$registry.OpenSubKey($Subbranch) 
$SubKeys=$registrykey.GetSubKeyNames() 
 
# Drill through each key from the list and pull out the value of 
# “DisplayName” – Write to the Host console the name of the computer 
# with the application beside it
 
Foreach ($key in $subkeys) 
{ 
    $exactkey=$key 
    $NewSubKey=$SubBranch+"\\"+$exactkey 
    $ReadUninstall=$registry.OpenSubKey($NewSubKey) 
    $Value=$ReadUninstall.GetValue("DisplayName") 
    $TheResult = $computername + " " + $Value
    $TheResult | Out-File $filename -append
 
}
 

[Fitz]

# This script, when run as a scheduled task through GPO (or
# run manually from the server in question)
# will output a file to the directory the script is in called   
# "servername_features.txt" with all the server roles/features.

$computername = gc env:computername
$scriptpath = $MyInvocation.MyCommand.Path   #gets the full path to the script
$dir= Split-Path $scriptpath      #gets the path to the script, minus the script filename


#set filename to the dir the script was in, then servername_features.txt
$filename =  $dir + "\" + $computername + "_features.txt"     

#check if the filename exists, if so, remove it. We only care what's currently installed

if(Test-Path -Path $filename) {
   Remove-Item $filename
}

Import-Module servermanager

get-windowsfeature > $filename