nullbind/Get-DomainComputerWSMAN.ps1

## Get-DomainComputerWSMAN.ps1

# This script uses the ActiveDirectory module to enumerate live Windows system on the domain that support WMI/PS Remoting,
# and filters out win7 and 2k3
# Run on domain system or via 'runas /netonly /user:domain\user powershell.exe'

# Initial DC
$InitialDc = '10.4.222.205'

# Create connection to initial dc
Import-Module ActiveDirectory
New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $InitialDc | Out-Null
cd RemoteADS:

# Get list of domain controllers from inital DC using ADS provider
$DomainControllers = Get-ADGroupMember "Domain Controllers" | select @{name="ComputerName";expression={$_."name"}}
$DomainControllersCount = $DomainControllers | Measure-Object | Select-Object Count -ExpandProperty Count
Write-Output "$DomainControllersCount Domain controllers found."

# Get Domain
$DomainName = (Get-ADDomain).dnsroot

# Remove psdrive
cd c:
Remove-PSDrive RemoteADS

# Get a list of computers from each domain controller that (we do think because the lastlogon is not replicated between domain controllers
# - have logged in to the dc in the last 2 days
# - are enable
# - has an wsman spn (wmi/psremoting)
# - excluding windows 7 and Windows 2003
$Progress = 0
$DomainControllers |
ForEach-Object {

    # Format name
    $ComputerName = $_.ComputerName + '.' + $DomainName

    # Increase Count
    $Progress = $Progress + 1
    Write-Output "$ComputerName : $Progress of $DomainControllersCount"

    # Create ADS ps drive
    Write-Output "$ComputerName : Creating ADS provider"
    New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $ComputerName | Out-Null
    cd RemoteADS:

    # Get computer list from DC
    Write-Output "$ComputerName : Getting list of computers"
    $TwoDays=(get-date).AddDays(-2);
    $ComputerList += Get-ADComputer -Filter { serviceprincipalname -like "*WSMAN*" -and Enabled -eq $true -and LastLogonDate -gt $TwoDays -and OperatingSystem -ne "Windows 7 Enterprise" -and OperatingSystem -ne "Windows Server 2003"} -Properties dnshostname,OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix| select @{name="ComputerName";expression={$_."dnshostname"}},OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix

    # Add computers to master table
    Write-Output "$ComputerName : Adding computer list to master table"

    # Remove ADS ps drive
    Write-Output "$ComputerName : Removing ADS provider"
    cd c:
    Remove-PSDrive RemoteADS
}


# Remove duplicates - super slow, need a better way
Write-Output "Removing duplicates and sorting"
$ComputerList = $ComputerList | Sort-Object -Unique

# Count affected servers
Write-Output "Getting computer count"
$ComputerListCount = $ComputerList.rows.count
Write-Output "$ComputerListCount live computers with wsman found"

# Export and return results
Write-Output 'Exporting results to c:\temp\live-computers-wsman.csv and $ComputerList Variable'
$ComputerList | export-csv c:\temp\live-computers-wsman.csv -NoTypeInformation

# Create pssessions
Write-Output "Attempting to create psssessions"
$ComputerList | New-PSSession -ErrorAction SilentlyContinue
$SessionsCount = (Get-PSSession).count
Write-Output "$SessionsCount Found!"

# Get list of tasks from remote servers
Write-Output "Getting list of tasks from active pssessions"
$ScheduledTasks = Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-ScheduledTask} -ErrorAction SilentlyContinue
$ScheduledTasks | export-csv c:\temp\scheduledtasks.csv -NoTypeInformation


$author = $ScheduledTasks | where Author -NotLike "*$*" | where Author -NotLike "*Microsoft*" | where Author -NotLike "The major version*" | where Author -NotLike "" | Sort-Object Author

$author | where author -notlike ""

	# This script uses the ActiveDirectory module to enumerate live Windows system on the domain that support WMI/PS Remoting,
	# and filters out win7 and 2k3
	# Run on domain system or via 'runas /netonly /user:domain\user powershell.exe'

	# Initial DC
	$InitialDc = '10.4.222.205'

	# Create connection to initial dc
	Import-Module ActiveDirectory
	New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $InitialDc \| Out-Null
	cd RemoteADS:

	# Get list of domain controllers from inital DC using ADS provider
	$DomainControllers = Get-ADGroupMember "Domain Controllers" \| select @{name="ComputerName";expression={$_."name"}}
	$DomainControllersCount = $DomainControllers \| Measure-Object \| Select-Object Count -ExpandProperty Count
	Write-Output "$DomainControllersCount Domain controllers found."

	# Get Domain
	$DomainName = (Get-ADDomain).dnsroot

	# Remove psdrive
	cd c:
	Remove-PSDrive RemoteADS

	# Get a list of computers from each domain controller that (we do think because the lastlogon is not replicated between domain controllers
	# - have logged in to the dc in the last 2 days
	# - are enable
	# - has an wsman spn (wmi/psremoting)
	# - excluding windows 7 and Windows 2003
	$Progress = 0
	$DomainControllers \|
	ForEach-Object {

	# Format name
	$ComputerName = $_.ComputerName + '.' + $DomainName

	# Increase Count
	$Progress = $Progress + 1
	Write-Output "$ComputerName : $Progress of $DomainControllersCount"

	# Create ADS ps drive
	Write-Output "$ComputerName : Creating ADS provider"
	New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $ComputerName \| Out-Null
	cd RemoteADS:

	# Get computer list from DC
	Write-Output "$ComputerName : Getting list of computers"
	$TwoDays=(get-date).AddDays(-2);
	$ComputerList += Get-ADComputer -Filter { serviceprincipalname -like "WSMAN" -and Enabled -eq $true -and LastLogonDate -gt $TwoDays -and OperatingSystem -ne "Windows 7 Enterprise" -and OperatingSystem -ne "Windows Server 2003"} -Properties dnshostname,OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix\| select @{name="ComputerName";expression={$_."dnshostname"}},OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix

	# Add computers to master table
	Write-Output "$ComputerName : Adding computer list to master table"

	# Remove ADS ps drive
	Write-Output "$ComputerName : Removing ADS provider"
	cd c:
	Remove-PSDrive RemoteADS
	}


	# Remove duplicates - super slow, need a better way
	Write-Output "Removing duplicates and sorting"
	$ComputerList = $ComputerList \| Sort-Object -Unique

	# Count affected servers
	Write-Output "Getting computer count"
	$ComputerListCount = $ComputerList.rows.count
	Write-Output "$ComputerListCount live computers with wsman found"

	# Export and return results
	Write-Output 'Exporting results to c:\temp\live-computers-wsman.csv and $ComputerList Variable'
	$ComputerList \| export-csv c:\temp\live-computers-wsman.csv -NoTypeInformation

	# Create pssessions
	Write-Output "Attempting to create psssessions"
	$ComputerList \| New-PSSession -ErrorAction SilentlyContinue
	$SessionsCount = (Get-PSSession).count
	Write-Output "$SessionsCount Found!"

	# Get list of tasks from remote servers
	Write-Output "Getting list of tasks from active pssessions"
	$ScheduledTasks = Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-ScheduledTask} -ErrorAction SilentlyContinue
	$ScheduledTasks \| export-csv c:\temp\scheduledtasks.csv -NoTypeInformation


	$author = $ScheduledTasks \| where Author -NotLike "$" \| where Author -NotLike "Microsoft" \| where Author -NotLike "The major version*" \| where Author -NotLike "" \| Sort-Object Author

	$author \| where author -notlike ""