Saturday, February 22, 2014

PowerShell: Downloading SCCM 2012 ReportServer Report CSV's

The SCCM 2012 Reports interface is cumbersome for quickly pulling information together.  Instead, I updated my SCCM 2007 SQL server web-reporting technique.  I found it worked great and now can download reports as CSV's and use them in PowerShell scripts.

Here's an example:

invoke-webrequest "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fAsset+Intelligence%2fSoftware+02E+-+Installed+software+on+a+specific+computer&Name=$ComputerName&rs:Command=Render&rs:Format=CSV&rc:Toolbar=False" -credential $creds -outfile $destination 

This will download a report about all of the software loaded on one computer and place it into a CSV file.  All you'd have to do is $software = import-csv $destination 

Another example reports about all the software that starts when the computer is powered on:
iwr "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fAsset+Intelligence%2fSoftware+04C+-+Software+configured+to+automatically+run+on+a+specific+computer&Name=$ComputerName&rs:Command=Render&rs:Format=CSV&rc:Toolbar=False" -credential $creds -outfile $autodestination

A third example reports about what computers and IPs are currently on a subnet:

iwr -credential $creds "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fNetwork%2fIP+-+Computers+in+a+specific+subnet&variable=192.168.0.0&rs:Command=Render&rc:toolbar=false&rs:Format=CSV" -outfile $oursubnet

Here I get the network card information for a computer:
iwr -credential $creds "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fHardware+-+Network+Adapter%2fNetwork+adapter+information+for+a+specific+computer&variable=$ComputerName&rs:Command=Render&rc:toolbar=false&rs:Format=CSV&quo t; -outfile $NICDestination

A report about the users of a certain computer:
iwr -credential $creds "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fAsset+Intelligence%2fHardware+05A+-+Console+users+on+a+specific+computer&Name=$ComputerName&rs:Comm and=Render&rc:toolbar=false&rs:Format=CSV" -outfile $cache

A computer hardware report about a certain computer:
iwr -credential $creds "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fHardware +-+General%2fComputer+information+for+a+specific+computer&variable=$ComputerName&rs:Command=Render&rc:toolbar=false&rs:Format=CSV" -outfile $HWDestination

Disk information report about a certain computer:

iwr -credential $creds "http://sccmserver/ReportServer?%2fConfigMgr_NR1%2fHardware +-+Disk%2fDisk+information+for+a+specific+computer+-+Physical+disks&variable=$ComputerName&rs:Command=Render&rc:toolbar=false&rs:Format=CSV" -outfile $diskdestination


Wednesday, February 19, 2014

PowerShell: Netstat Established Connections List

This is a script which you can adapt to your needs.  I wanted to find the "Established" foreign computers and the programs which are talking to them.  PowerShell doesn't have a native tool (not that I'm aware of) so most use NetStat.  Here is the script I made that finds the remote host FQDN and converts the Process ID into a program name.  When finished, it displays a table but you can easily out-gridview if you'd like.

$Netstats = netstat -aof|select-string "active connections","Proto","\[::","Can not obtain" -notmatch|select-string "establish"
$process = get-process|select id,name

foreach($n in $Netstats){
$temp = $n.line.split(' ',[System.StringSplitOptions]::RemoveEmptyEntries)
$p = ($process|?{$_.id -like $temp[4]}).Name
$outcsv += write ($temp[2] + "," + $p + "`n")}
$Final = $outcsv|convertfrom-csv -header RemotePort,Program
$Final|ft -autosize

I'm sure you'll find it doesn't fit all your needs but should give you some insight on how to manipulate NetStat's output.

Reference:
Netstat
Get-Networkstatistics

Friday, February 14, 2014

PowerShell: Find Current Remote User Mapped Drives

I thought it would be simple to find someone's current drive mappings using PowerShell.  This wasn't the case.  When I used my credentials to remotely access the computer, it looked for the mapped drives of the credentialed user, not the current user.  After much research and testing, I found a solution that you can customize to your environment.  This script was tested in a Windows 7 Enterprise Active Directory environment using PowerShell 4.0 on the script side and PowerShell 2.0 on the client side.  Here is the script with explanations:

$computer = "remotecomputername"
$creds = get-credential

#Find the remote computer's current user and cut off the 
#domain part of the username
$user = (gwmi win32_computersystem -computer $computer -credential $creds).username.split('\')[-1]
#Query Active Directory using $user to find the users SID

$sid = (get-aduser $user).sid.value

#Run a remote script while inputting the user SID (variable at bottom of script)
invoke-command -computer $computer -credential $creds -scriptblock {
#Remote HKCU & HKLM are only loaded.  
#We're adding the HKEY_USERS key so we can query against it

set-location registry::\HKEY_USERS
New-PSDrive HKU Registry HKEY_USERS
Set-Location HKU:

#Find all mapped drive letters in the \network key
$drives = (gci -Path Microsoft.PowerShell.Core\Registry::HKEY_USERS\$($args[0])\Network -recurse)
#Read the RemotePath key from each mapped drive
$driveresults = foreach ($d in $drives){$q = ("Microsoft.PowerShell.Core\Registry::HKEY_USERS\$($args[0])\Network\" + $d.pschildname);get-itemproperty -Path $q;}
#You can manipulate the output to your needs and assign this whole invoke-command script to a variable for further formatting
$driveresults|Format-Table PSChildName,RemotePath -autosize -hidetableheaders} -argumentlist $sid