compwiz32/ClientHealthCheck.ps1

## ClientHealthCheck.ps1
Describe "Local Machine Health Check" {

    $date = Get-Date

    Context "Hardware Health Checks" {
        It "C Drive has more than 1 GB free" {
            $diskinfo = Get-CimInstance win32_volume | Where-Object { $_.driveletter -like 'c:' }
            $DiskFreeSpace = $([math]::round((($diskinfo.FreeSpace)/1GB),0))
            $DiskFreeSpace | Should BeGreaterThan 1
        }
    }

    Context "OS Patch Status" {
        It "Windows patches have been installed in last 60 days" {

            $PatchList = Get-HotFix | Sort-Object Installedon -Descending
            $LastInstallDate = $date - $PatchList[0].InstalledOn
            $LastInstallDate.days | Should BeLessThan 60
        }

        It "Client O/S is not pending reboot" {
            $RebootPending = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -ErrorAction Ignore
            $RebootPending | Should be $null

        }

        It "Client O/S does not have a reboot required" {

            $RebootRequired = gci 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired' -ErrorAction Ignore
            $RebootRequired | Should be $null
        }

        It "Client O/S does not have pending file rename operations" {
            $PendingFileRenameOperations = gci 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations' -ErrorAction Ignore
            $PendingFileRenameOperations | Should be $null

        }
    }

    Context "Windows Defender Status" {
        $DefenderInfo = Get-MpComputerStatus

        It "Antivirus is enabled" {
            $DefenderInfo.AntivirusEnabled | Should Be "True"
        }

        It "AntiSpyware is enabled" {
            $DefenderInfo.AntispywareEnabled | Should Be "True"
        }

        It "OnAccess Protection is enabled" {
            $DefenderInfo.OnAccessProtectionEnabled | Should Be "True"
        }

        It "Realtime Protection is enabled" {
            $DefenderInfo.RealTimeProtectionEnabled | Should Be "True"
        }

        It "Antivirus signature is less than than 4 days old" {
            $AVSignatureDate = (Get-MpComputerStatus).AntivirusSignatureLastUpdated
            $AntivirusSigDate = $date - $AVSignatureDate
            $AntivirusSigDate.days | Should BeLessThan 5
        }

        It "Antispyware signature is less than than 4 days old" {
            $SpywareSignatureDate = (Get-MpComputerStatus).AntispywareSignatureLastUpdated
            $AntiSpywareSigDate = $date - $SpywareSignatureDate
            $AntiSpywareSigDate.days | Should BeLessThan 5
        }
    }

    Context "Network Connectivity" {
        It "Client can reach home network gateway" {
            $ActiveInterface = Get-NetAdapter | Where-Object { $_.status -eq 'up' -and $_.InterfaceDescription -NotLike "PANGP*" }
            $HomeNetwork = Get-NetIPConfiguration -InterfaceIndex $activeInterface.ifindex
            $Up = Test-Connection $($HomeNetwork.ipv4Defaultgateway.nexthop) -Count 2 -Quiet
            $Up | Should Be "true"

            # $count = (Get-Service | Where-Object { $_.status -eq 'running' } | Measure-Object).Count
            # $count | Should -BeGreaterOrEqual "130"
        }
        It "Client can reach the internet" {
            $online = Test-Connection google.com -tcpport 443
            $online | Should Be "True"
        }

    }


    Context "Client VPN Client Status" {
        It "Client VPN Service is running" {
            $services = Get-Service -name "PanGPS"
            $services.Status | Should Be "Running"
        }

        It "Client VPN adaptor is connected" {
            $VPNAdaptor = Get-NetAdapter | Where-Object { $_.status -eq 'up' -and $_.InterfaceDescription -Like "PANGP*" }
            $VPNAdaptor.Status | Should Be "Up"
        }

        It "VPN Concentrator is online" {
            $AlignVPN = Test-Connection connect.aligntech.com -tcpport 443
            $AlignVPN | Should Be "True"
        }
    }

}
	Describe "Local Machine Health Check" {

	$date = Get-Date

	Context "Hardware Health Checks" {
	It "C Drive has more than 1 GB free" {
	$diskinfo = Get-CimInstance win32_volume \| Where-Object { $_.driveletter -like 'c:' }
	$DiskFreeSpace = $([math]::round((($diskinfo.FreeSpace)/1GB),0))
	$DiskFreeSpace \| Should BeGreaterThan 1
	}
	}

	Context "OS Patch Status" {
	It "Windows patches have been installed in last 60 days" {

	$PatchList = Get-HotFix \| Sort-Object Installedon -Descending
	$LastInstallDate = $date - $PatchList[0].InstalledOn
	$LastInstallDate.days \| Should BeLessThan 60
	}

	It "Client O/S is not pending reboot" {
	$RebootPending = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -ErrorAction Ignore
	$RebootPending \| Should be $null

	}

	It "Client O/S does not have a reboot required" {

	$RebootRequired = gci 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired' -ErrorAction Ignore
	$RebootRequired \| Should be $null
	}

	It "Client O/S does not have pending file rename operations" {
	$PendingFileRenameOperations = gci 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations' -ErrorAction Ignore
	$PendingFileRenameOperations \| Should be $null

	}
	}

	Context "Windows Defender Status" {
	$DefenderInfo = Get-MpComputerStatus

	It "Antivirus is enabled" {
	$DefenderInfo.AntivirusEnabled \| Should Be "True"
	}

	It "AntiSpyware is enabled" {
	$DefenderInfo.AntispywareEnabled \| Should Be "True"
	}

	It "OnAccess Protection is enabled" {
	$DefenderInfo.OnAccessProtectionEnabled \| Should Be "True"
	}

	It "Realtime Protection is enabled" {
	$DefenderInfo.RealTimeProtectionEnabled \| Should Be "True"
	}

	It "Antivirus signature is less than than 4 days old" {
	$AVSignatureDate = (Get-MpComputerStatus).AntivirusSignatureLastUpdated
	$AntivirusSigDate = $date - $AVSignatureDate
	$AntivirusSigDate.days \| Should BeLessThan 5
	}

	It "Antispyware signature is less than than 4 days old" {
	$SpywareSignatureDate = (Get-MpComputerStatus).AntispywareSignatureLastUpdated
	$AntiSpywareSigDate = $date - $SpywareSignatureDate
	$AntiSpywareSigDate.days \| Should BeLessThan 5
	}
	}

	Context "Network Connectivity" {
	It "Client can reach home network gateway" {
	$ActiveInterface = Get-NetAdapter \| Where-Object { $_.status -eq 'up' -and $_.InterfaceDescription -NotLike "PANGP*" }
	$HomeNetwork = Get-NetIPConfiguration -InterfaceIndex $activeInterface.ifindex
	$Up = Test-Connection $($HomeNetwork.ipv4Defaultgateway.nexthop) -Count 2 -Quiet
	$Up \| Should Be "true"

	# $count = (Get-Service \| Where-Object { $_.status -eq 'running' } \| Measure-Object).Count
	# $count \| Should -BeGreaterOrEqual "130"
	}
	It "Client can reach the internet" {
	$online = Test-Connection google.com -tcpport 443
	$online \| Should Be "True"
	}

	}


	Context "Client VPN Client Status" {
	It "Client VPN Service is running" {
	$services = Get-Service -name "PanGPS"
	$services.Status \| Should Be "Running"
	}

	It "Client VPN adaptor is connected" {
	$VPNAdaptor = Get-NetAdapter \| Where-Object { $_.status -eq 'up' -and $_.InterfaceDescription -Like "PANGP*" }
	$VPNAdaptor.Status \| Should Be "Up"
	}

	It "VPN Concentrator is online" {
	$AlignVPN = Test-Connection connect.aligntech.com -tcpport 443
	$AlignVPN \| Should Be "True"
	}
	}

	}