DanEdens/WinSystemSnapshot.ps1

## WinSystemSnapshot.ps1
# Define a directory for log files
$logDir = "$env:USERPROFILE\logs\"
$maxEvents = 500  # Number of most recent events to retrieve

if (-not (Test-Path $logDir)) {
    New-Item -Path $logDir -ItemType Directory
}


# Function to extract and log events
function LogEvents($logName) {
    $logFile = Join-Path $logDir "$logName.log"
    Get-WinEvent -LogName $logName -MaxEvents $maxEvents | Out-File $logFile
}

# Extract and log events for each category
LogEvents "System"
LogEvents "Application"
LogEvents "Security"
LogEvents "Setup"
LogEvents "ForwardedEvents"
LogEvents "Windows PowerShell"
LogEvents "HardwareEvents"
LogEvents "Internet Explorer"
LogEvents "Key Management Service"
LogEvents "OAlerts"
LogEvents "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
LogEvents "Microsoft-Windows-PrintService/Admin"
LogEvents "Microsoft-Windows-Kernel-PnP/Configuration"
LogEvents "Microsoft-Windows-DiskDiagnostic"
LogEvents "Microsoft-Windows-Kernel-Boot/Operational"
LogEvents "Ntfs"

# Print completion message
Write-Host "Event logs have been saved to $logDir" -ForegroundColor Green

# Display and Save Installed Programs
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |
Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
Out-File "$logDir\InstalledPrograms.log"

# Display and Save System Information
Get-ComputerInfo | Out-File "$logDir\SystemInformation.log"

# Display and Save Startup Programs
Get-CimInstance Win32_StartupCommand | Select-Object Name, command, Location, User |
Out-File "$logDir\StartupPrograms.log"

# Display and Save Running Services
Get-Service | Where-Object {$_.Status -eq 'Running'} |
Out-File "$logDir\RunningServices.log"

# Check and Save Disk Space
Get-PSDrive -PSProvider FileSystem | Select-Object Name, Used, Free |
Out-File "$logDir\DiskSpace.log"

# Save Network Information
Get-NetIPConfiguration | Where-Object { $_.IPv4DefaultGateway -ne $null } |
Out-File "$logDir\NetworkInformation.log"

# Save User Accounts
Get-LocalUser | Where-Object {$_.Enabled -eq $True} |
Out-File "$logDir\UserAccounts.log"

# Save Windows Update History
Get-HotFix | Out-File "$logDir\WindowsUpdateHistory.log"

# Save System Uptime
(Get-CimInstance Win32_OperatingSystem).LastBootUpTime |
Out-File "$logDir\SystemUptime.log"

# Save Chocolatey Log (last 50 lines)
Get-Content 'C:\ProgramData\chocolatey\logs\chocolatey.log' -Tail $maxEvents |
Out-File "$logDir\ChocolateyLast50Lines.log"

# Save Installed Chocolatey Packages
Invoke-Expression 'choco list' |
Out-File "$logDir\ChocolateyInstalledPackages.log"

# Print completion message
Write-Host "Logs saved to $logDir" -ForegroundColor Green

# Create a master log file
$masterLog = "$logDir\MasterLog.txt"

# System variables for the description
$systemDetails = @{
    ComputerName    = $env:COMPUTERNAME
    UserName        = $env:USERNAME
    DomainName      = $env:USERDOMAIN
    Date            = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    OS              = (Get-CimInstance Win32_OperatingSystem).Caption
    Architecture    = (Get-CimInstance Win32_OperatingSystem).OSArchitecture
}

# Write system details to the top of the master log
$description = @"
System Details:
---------------
Computer Name: $($systemDetails.ComputerName)
User Name:     $($systemDetails.UserName)
Domain Name:   $($systemDetails.DomainName)
Date:          $($systemDetails.Date)
OS:            $($systemDetails.OS)
Architecture:  $($systemDetails.Architecture)

Log Details:
------------
"@
$description | Out-File $masterLog

# Get all log files, sort by file size, and append them to the master log file
Get-ChildItem -Path $logDir -Filter "*.log" | Sort-Object Length | ForEach-Object {
    Add-Content $masterLog "`n------- Start of $($_.Name) -------"
    Get-Content $_.FullName | Add-Content $masterLog
    Add-Content $masterLog "`n------- End of $($_.Name) -------"
}

# Print completion message
Write-Host "Master log created at $masterLog" -ForegroundColor Green
	# Define a directory for log files
	$logDir = "$env:USERPROFILE\logs\"
	$maxEvents = 500 # Number of most recent events to retrieve

	if (-not (Test-Path $logDir)) {
	New-Item -Path $logDir -ItemType Directory
	}


	# Function to extract and log events
	function LogEvents($logName) {
	$logFile = Join-Path $logDir "$logName.log"
	Get-WinEvent -LogName $logName -MaxEvents $maxEvents \| Out-File $logFile
	}

	# Extract and log events for each category
	LogEvents "System"
	LogEvents "Application"
	LogEvents "Security"
	LogEvents "Setup"
	LogEvents "ForwardedEvents"
	LogEvents "Windows PowerShell"
	LogEvents "HardwareEvents"
	LogEvents "Internet Explorer"
	LogEvents "Key Management Service"
	LogEvents "OAlerts"
	LogEvents "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
	LogEvents "Microsoft-Windows-PrintService/Admin"
	LogEvents "Microsoft-Windows-Kernel-PnP/Configuration"
	LogEvents "Microsoft-Windows-DiskDiagnostic"
	LogEvents "Microsoft-Windows-Kernel-Boot/Operational"
	LogEvents "Ntfs"

	# Print completion message
	Write-Host "Event logs have been saved to $logDir" -ForegroundColor Green

	# Display and Save Installed Programs
	Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* \|
	Select-Object DisplayName, DisplayVersion, Publisher, InstallDate \|
	Out-File "$logDir\InstalledPrograms.log"

	# Display and Save System Information
	Get-ComputerInfo \| Out-File "$logDir\SystemInformation.log"

	# Display and Save Startup Programs
	Get-CimInstance Win32_StartupCommand \| Select-Object Name, command, Location, User \|
	Out-File "$logDir\StartupPrograms.log"

	# Display and Save Running Services
	Get-Service \| Where-Object {$_.Status -eq 'Running'} \|
	Out-File "$logDir\RunningServices.log"

	# Check and Save Disk Space
	Get-PSDrive -PSProvider FileSystem \| Select-Object Name, Used, Free \|
	Out-File "$logDir\DiskSpace.log"

	# Save Network Information
	Get-NetIPConfiguration \| Where-Object { $_.IPv4DefaultGateway -ne $null } \|
	Out-File "$logDir\NetworkInformation.log"

	# Save User Accounts
	Get-LocalUser \| Where-Object {$_.Enabled -eq $True} \|
	Out-File "$logDir\UserAccounts.log"

	# Save Windows Update History
	Get-HotFix \| Out-File "$logDir\WindowsUpdateHistory.log"

	# Save System Uptime
	(Get-CimInstance Win32_OperatingSystem).LastBootUpTime \|
	Out-File "$logDir\SystemUptime.log"

	# Save Chocolatey Log (last 50 lines)
	Get-Content 'C:\ProgramData\chocolatey\logs\chocolatey.log' -Tail $maxEvents \|
	Out-File "$logDir\ChocolateyLast50Lines.log"

	# Save Installed Chocolatey Packages
	Invoke-Expression 'choco list' \|
	Out-File "$logDir\ChocolateyInstalledPackages.log"

	# Print completion message
	Write-Host "Logs saved to $logDir" -ForegroundColor Green

	# Create a master log file
	$masterLog = "$logDir\MasterLog.txt"

	# System variables for the description
	$systemDetails = @{
	ComputerName = $env:COMPUTERNAME
	UserName = $env:USERNAME
	DomainName = $env:USERDOMAIN
	Date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
	OS = (Get-CimInstance Win32_OperatingSystem).Caption
	Architecture = (Get-CimInstance Win32_OperatingSystem).OSArchitecture
	}

	# Write system details to the top of the master log
	$description = @"
	System Details:
	---------------
	Computer Name: $($systemDetails.ComputerName)
	User Name: $($systemDetails.UserName)
	Domain Name: $($systemDetails.DomainName)
	Date: $($systemDetails.Date)
	OS: $($systemDetails.OS)
	Architecture: $($systemDetails.Architecture)

	Log Details:
	------------
	"@
	$description \| Out-File $masterLog

	# Get all log files, sort by file size, and append them to the master log file
	Get-ChildItem -Path $logDir -Filter "*.log" \| Sort-Object Length \| ForEach-Object {
	Add-Content $masterLog "`n------- Start of $($_.Name) -------"
	Get-Content $_.FullName \| Add-Content $masterLog
	Add-Content $masterLog "`n------- End of $($_.Name) -------"
	}

	# Print completion message
	Write-Host "Master log created at $masterLog" -ForegroundColor Green