Last active
October 31, 2023 18:32
-
-
Save Rugby-Ball/f4ed6ca45350db78a722c8a63ec97ff4 to your computer and use it in GitHub Desktop.
Pulls a lit of all AWS EC2 Windows that are running, and compiles a list of Local User accounts for each server across all AWS regions. (note: Windows Domain Controllers do not have local accounts.) #Inventory #AWS #Windows #Utility #Public #Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AWS-Running-Windows-servers-Local-User-Accounts-list.ps1 | |
| <# | |
| Description: Pulls a lit of all AWS EC2 Windows that are running, and compiles a list of Local User accounts for each server across all AWS regions. (note: Windows Domain Controllers do not have local accounts.) | |
| Written: Ed Walsh | |
| PowerShell.Core tested: Yes | |
| MS-Graph: No | |
| Version: 1.0.1 | |
| Create Date: 10/31/2023 | |
| Revised Date: 10/31/2023 | |
| #> | |
| # Install-Module -name AWSPowerShell #Only need to do once to install the module, then not needed again. You can also install AWSPowerShell.NetCore module instead of AWSPowerShell. | |
| Import-Module -name AWSPowerShell | |
| $timestamp = get-date -format yyyyMMddHHmmss | |
| $subfolder = if (($PSVersionTable.PSEdition) -eq "Core") { if ( $True -eq $iswindows ) { "\Documents\" } Else { "" } } Else { "\Documents\" } | |
| $mydocuments = $home + $subfolder | |
| $fileName = "AWS-Running-Windows-servers-Local-User-Accounts-list-" + [string]$timestamp + ".csv" | |
| $filePath = Join-Path $mydocuments $fileName | |
| $stopWatch = [System.Diagnostics.Stopwatch]::StartNew() | |
| $stopwatch.Start() | |
| $ErrorActionPreference= 'silentlycontinue' | |
| $Out = @() | |
| function Get-LocalUser ($Computername = $env:COMPUTERNAME) { | |
| Get-WmiObject -Query "Select * from Win32_UserAccount Where LocalAccount = 'True'" -ComputerName $ComputerName | | |
| Select-Object @{ n="Region";e= {$Region} },@{ n="EC2ID";e= {$computer.InstanceId} }, @{ n="EC2_Name";e= {($computer.tags | Where-Object -Property key -EQ 'Name').Value} } , @{n="HostName";e={$_.PSComputerName} }, Status, Caption, PasswordExpires, Disabled, Domain, name, FullName, LocalAccount, Lockout | |
| } | |
| Get-EC2Region -RegionToCall us-east-1 <# -RegionToCall used because of https://github.com/aws/aws-tools-for-powershell/issues/46 #> | Foreach-Object { | |
| $region = $_.RegionName | |
| $computers = (Get-EC2Instance -region $region -Filter @{name = 'instance-state-name'; values = 'running' }, @{name = 'platform'; values = 'windows' } ).instances | |
| foreach ($computer in $computers) { $Out += Get-LocalUser -ComputerName $computer.PrivateIpAddress } | |
| } #end Region | |
| #$Out | Out-GridView | |
| $Out | Export-Csv -NoTypeInformation -Path $filepath | |
| Write-Output "Exported to: $filePath" | |
| Write-Output "\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|||||||////////////////////////////////////" | |
| $stopwatch.Stop() | |
| $time = $stopwatch.Elapsed | |
| Write-Host "Script finished on $(Get-Date -f "MM-dd-yyyy hh:mm tt"), Elapsed time to run script (HH:MM:SS.MS): $Time" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment