-
-
Save dotps1/afdc76683e3eb5401ea0cd7226ad9aa0 to your computer and use it in GitHub Desktop.
#requires -module ActiveDirectory | |
# Input computers. | |
$threshold = (Get-Date).AddDays(-180) | |
$computers = Get-ADComputer -Filter { OperatingSystem -notlike "*server*" -and OperatingSystem -like "*windows*" -and PasswordLastSet -gt $threshold } | | |
Select-Object -ExpandProperty Name | | |
Sort-Object -Property Name | |
# Make sure there are not existing jobs. | |
Get-Job | | |
Remove-Job -Force | |
# Counters and settings | |
$throttle = 20 | |
$timeout = 10 | |
$jobs = @() | |
$count = 0 | |
# Start the jobs. | |
while ($count -lt $computers.Count) { | |
if ((Get-Job -State Running).Count -lt $throttle) { | |
$jobs += Start-Job -ScriptBlock { try { .\Get-EternalBlueVulnerabilityStatistics.ps1 -Name $args[0] -ErrorAction Stop } catch { throw $_ } } -Name $computers[$count] -ArgumentList @($computers[$count]) | |
Write-Progress -Activity "Gathering EternalBlue statistics accross $($computers.Count) systems. Jobs are throttled to $throttle concurrent jobs" -Status "Job started for $($computers[$count].ToString())" -PercentComplete ($jobs.Count / $computers.Count * 100) | |
$count++ | |
} | |
} | |
Write-Progress -Activity "Testing for WannaCry vulnerability accross $($computers.Count) systems" -Completed | |
# Wait for remaining jobs to finish. | |
while (($runningJobs = Get-Job -State Running).Count -ne 0) { | |
Write-Progress -Activity "Waiting for remaining jobs to finish" -Status "$($runningJobs.Count) jobs remaining" | |
foreach ($runningJob in $runningJobs) { | |
if ($runningJob.PSBeginTime -lt (Get-Date).AddMinutes(-$timeout)) { | |
Stop-Job -Job $runningJob | |
} | |
} | |
} | |
Write-Progress -Activity "Waiting for remaining jobs to finish" -Completed | |
# Clean up the jobs and export the results to CSVs. | |
foreach ($job in (Get-Job)) { | |
switch ($job.State) { | |
"Completed" { | |
$receivedJob = Receive-Job -Job $job | |
$completedOutput = [PSCustomObject]@{ | |
PSComputerName = $job.Name | |
OperatingSystemCaption = $receivedJob.OperatingSystemCaption | |
OperatingSystemVersion = $receivedJob.OperatingSystemVersion | |
LastBootUpTime = $receivedJob.LastBootUpTime | |
AppliedHotFixID = $receivedJob.AppliedHotFixID | |
SMB1FeatureEnabled = $receivedJob.SMB1FeatureEnabled | |
SMB1ProtocolEnabled = $receivedJob.SMB1ProtocolEnabled | |
Port139Enabled = $receivedJob.Port139Enabled | |
Port445Enabled = $receivedJob.Port445Enabled | |
} | |
Export-Csv -InputObject $completedOutput -Path .\WannaCryVulnerability_Servers.csv -Append -NoTypeInformation | |
Remove-Job -Job $job | |
} | |
"Failed" { | |
Receive-Job -Job $job -ErrorAction SilentlyContinue | |
$failedOutput = [PSCustomObject]@{ | |
PSComputerName = $job.Name | |
FailureReason = $Error[0].Exception.Message | |
} | |
Export-Csv -InputObject $failedOutput -Path .\WannaCryVulnerability_Servers_Failures.csv -Append -NoTypeInformation | |
Remove-Job -Job $job | |
} | |
default { continue } | |
} | |
} | |
im sorry your all running into this. hope this helps.
if you use Install-Script
from the PSGallery, it will append the path to your $env:Path
value, which is why after you Install a script you can call it from anywhere. IE PS C:\> Get-EternalBlueVlunerabiltiyStatistics
just works.
if you use Save-Script
this will do exactly as it sounds, and you will need to specify a path to save the script to. If you have Saved the script, rather then Installed the script. You will need to one of two things.
- Change you Working Directory to the path where the script is saved. Use
Set-Location -Path C:\Folder\
. - Change the path in the code above from
.\Get-EternalBlueVulnerabilityStatistics.ps1
toC:\Folder\Get-EternalBlueVulnerabilityStatistics.ps1
.
Okay, after adding Set-Location
and the absolute location it works. I noticed that if try { ."$pwd\Get-EternalBlueVulnerabilityStatistics.ps1"
is run, it sources My Documents instead of the working directory. It'd be nice to not have to hard code the location, but I'm glad it's functioning at least.
Thanks for all of your help @dotps1!
if you don't want to hardcode the location, then use Install-Script
. Not sure what else to tell you on that one. Its an external resource from this script, so it will need to know where its at. This script is just how i used Get-EternalBlueVulnerabilityStatistics
function i wrote to scan my environment. That function is separate from this script so you can use it however you want.
thanks.
Hey @dotps1, I'm running into the same issue as @blay2 and @hawkbox with calling
.\Get-EternalBlueVulnerabilityStatistics.ps1
. Running the script by itself works as well as sourcing it outside of the nestedif
loop. I've tried$PSScriptRoot
, no dot sourcing, and different levels of quotation. None have worked so far. It's not installed via the Gallery -- I'd prefer to run it as a standalone script.Thanks for writing it up -- you've saved myself and dozens of other IT guys quite a bit of leg work.