Category Archives: PowerShell

Logon Script and PowerShell ADAssist Tool

In one of my first posts, I wrote about a monthly rolling log file which contains information about users’ activity; most importantly when and where each user logs on and logs off his or her computer. In addition, I’ve encouraged you to implement this or similar script in your organization to help you tackle tracking Logon / Logoff activity in your AD environment, which is somewhat a cumbersome process to do without the scripts.

PowerShell ADAssist Tool

Here I will show you an application I use to harness stats data produced by logon/logoff scripts created with PowerShell; my goal was to provide additional tools for smooth and efficient daily administration tasks.

Honestly, almost ten years ago I created an HTA application (see picture 01) with the exact same objective but never finalized the process of rendering all those VB scripts’ functions into PowerShell scripts.

Picture 01: my HTA application created in late 2008.

Instead, in this post I’ve decided to use an idea presented on TechNet script gallery under name “LazyWinAdmin”. The result is “PowerShell ADAssist” as shown in the picture 02.

Picture 02: newly created ADAssist tool

ADAssist is a PowerShell script that generates Windows Forms (WinForms) and provides the following features:

Computer component (as shown in picture 03):

  • Verifies the connectivity and general information for selected computer
  • Provides information regarding computer’s operating system
  • Displays network configuration, update GPOs, list settings and ports
  • Queries and display services, process …

Picture 03: computer section of the ADAssist tool

User component (as shown in picture 04):

  • Displays basic user info
  • Provides list of the computer(s) used by selected user
  • Shows logon activity for selected user and selected log file
  • Launches a tool to display, manage and edit user’s attributes and membership in AD

Picture 04: user section of the ADAssist tool

It is important to note that this tool does not need stats data produced by logon/logoff scripts. You could simply type a computer’s name and click on one of the buttons displayed on the application’s tabs (General, Operating System, Network and Services-Processes). But, the option to harness logon/logoff stats data makes it an efficient Active Directory Management tool, with ability to search and manage your users and computers accounts; it is especially useful in an environment where computers exist with multiple users’ accounts and provides the following:

  • consistent and accurate view of the computers being used by the selected user
  • general information about logon sessions associated with users/computers
  • display status of computers and makes data associated with users’ profiles easily accessible

How you install/configure ADAssist?

No installation required; just download the compressed file from the download/application section of this site and extract it anywhere you want (in my example it is extracted inside C:\PSScript\AD-Assist folder).

Picture 05: Location of ADAssist application

Note the XML file named “ADassistConfigFile.xml” which is an integral part of this app. As shown in picture 06. ADAssist.ps1 script reads XML document and stores the elements’ content into the script’s variables.

Some nodes/elements (like ‘<PcOU>’) could be empty, but some, like user element ‘<UserOU>’ must have value – Distinguished Name of an OU in Active Directory that contains users’ accounts.

Picture 06: ADAssist XML configuration file

If the user element ‘<UserOU>’ in XML file is empty, upon launch of the ADAssist.ps1 script, the select OU windows form will show up to let you choose an organizational unit containing users’ accounts (see the picture 07). The selected OU’s DistinguishedName will be saved in ‘<UserOU>’ element of the ADassistConfigFile.xml file. To complete this step, once you’ve selected an OU, please click ‘OK’ button to close the form, and then on ADAssist form please click ‘Refresh User List’ button to populate drop-down users’ list.

Picture 07: this OU windows form lets you choose an OU containing users’ accounts.

Please click ’Select Log File’ button as shown in picture 08 to finalize configuration settings. In the ‘Select Logon File’ dialog box, either type the path to a file or click ‘Browse’ button to pick a folder holding a file with logon stats data and then by clicking ‘Select’ button, save the selection to the XML configuration file.

Picture 08: Select Logon file

I always use the most recent log file, actually the one being produced by logon script!!! When required to do some auditing related tasks, I use the other log files previously created by logon script.

Certainly, you can always open the ADassistConfigFile.xml file with Notepad and populate its elements with values that correspond to your Active Directory and network environment.

With these configuration settings completed, you enable ADAssist to harness stats data produced by logon/logoff scripts. The script will search the specified Log File for the selected User Name from the drop-down list and produce a list of computers used by a selected user for the period of time encompassed by a logon script.

With ADAssist you can use any log file in your environment, produced by powershell, VB script or a bat file; it is important that the log file has UserName and ComputerName combination.

For example, here is the monthly rolling Log File with name 2012-11.txt as presented in one of my posts; it is not a proper .csv file, but it has separate data fields delimited with a comma, and it does not have a header with a list of column names in the file:

LogDate, LogTime, UserName, ComputerName, Action [NOTE: column names do not exist]

2012-11-12, 11:28 AM, Alex, Halifax-01, Login

2012-11-12, 11:31 AM, Alex, Dartmouth-02, Login

2012-11-12, 11:32 AM, Alex, Halifax-01, Logoff

2012-11-12, 3:30 PM, David, Bedford-03, Logoff

2012-11-12, 3:33 PM, John, Dartmouth-04, Login

Another example could be a Log File named ‘logoninfo.txt’ which is a proper tab separated CSV file and looks as follows:

PCName                      UserName       Date

Bldg05-OC-L0208     Smith.A           2017:04:28:15:28:15

Bldg04-OA-L0081     Parker.F           2017:04:28:15:30:21

Bldg01-03-W0984      Miller.W          2017:04:28:15:30:24

Bldg05-OC-WP160    Trump.D          2017:04:28:15:32:49

To use different Log Files, you need to edit just a few lines of code in ADAssist (lines 230-238 to be specific). In the following paragraphs you can observe how script uses two cmdlets ‘Get-Content’ and ‘Import-CSV’ to  read and parse the above presented text/CSV files.

PowerShell comma delimited log file example (NOTE: this option is integrated in ADAssist):


$obj = New-Object -TypeName PSObject

Get-Content -Path $Script:logFile |

ForEach-Object {

$obj| Add-Member -Force -MemberType Noteproperty -Name "LogDate" -Value $_.Split(",")[0]

$obj| Add-Member -Force -MemberType Noteproperty -Name "LogTime" -Value $_.Split(",")[1]

$obj| Add-Member -Force -MemberType Noteproperty -Name "UserName" -Value $_.Split(",")[2]

$obj| Add-Member -Force -MemberType Noteproperty -Name "PCName" -Value $_.Split(",")[3]

$obj| Add-Member -Force -MemberType Noteproperty -Name "Action" -Value $_.Split(",")[4]

$obj| Where-Object {$_.UserName.Trim() -eq $DropDown.SelectedItem.SamAccountName}

} | Select-Object -Property PCName -Unique | 

VB Script tab separated CSV log file example:


$obj = New-Object -TypeName PSObject

Import-Csv -Delimiter "`t" -Path $Script:logFile -Header "PCName","UserName","Date"| 

Select -Property PCName, UserName, Date |

ForEach-Object {

$obj| Add-Member -Force -MemberType Noteproperty -Name "PCName" -Value $_.PCName

$obj| Add-Member -Force -MemberType Noteproperty -Name "UserName" -Value $_.UserName

$obj| Add-Member -Force -MemberType Noteproperty -Name "Date" -Value $_.Date

$obj| Where-Object {$_.UserName.Trim() -eq $DropDown.SelectedItem.SamAccountName}

} | Select-Object -Property PCName -Unique |

 How ADAssist works?

As previously stated, ADAssist app could be used just by typing a computer name in the ‘Optional – Type Computer Name’ text box and a click on one of the buttons displayed on the tool’s tabs (General, Operating System, Network and Services-Processes). The retrieved information is displayed in the RichTextbox where you have an option to copy it to the clip board or clear the content.

It is important to note that the typed-in computer’s name has precedence over a computer’s name selected in the grid view!

Most likely this tool will be used as shown in the picture 09.

Picture 09: usual ADAssist workflow

First, you will select a user name from drop-down list, then click on the ‘Run-Log File’ button to search the log file and display all computers used by a selected user for the period of time encompassed by logon stats data. If selected user has logged in and out of his/her system, the grid view will display all the computers recorded in the log file, along with their current network status and additional logon session information about other users.

The next step is to select a computer from the grid view and click on one of the buttons laid out on four tabs.

If you have clients located in different OU, but you have the same logon script, you would just click on ‘Select OU’ button and finalize the process of selecting a different OU in your Active Directory. To replace current list of users in the drop-down list with the ones in newly selected OU, please click the ‘Refresh User List’ button.

In addition to the basic information displayed for the selected user account, you could search and obtain user’s logon activity by clicking on ‘User Logon Info’ button – see picture 10. Just type the path to a log file or click ‘Browse’ button to pick a folder holding a file with logon stats data and then click ‘Run’ button to obtain user’s logon activity information.

Picture 10: unfiltered logon activity from one log file

And if you want to view additional user’s attributes or to administer selected user account, you can click on ‘Display User’ button and launch a new Windows form as shown in picture 11.

Picture 11: Administer selected user account

The next post will elaborate more on administration of user accounts in Active Directory as shown in the picture above and the current status of this ‘AD – User Properties’ form is ‘work in progress’. I have more features on the road-map and I would welcome any feature ideas / suggestions.


 

Wireless Support WinRE 10 – Part Two

In my blog “Wireless Support WinRE 10 – Part One”, I explored an idea of using Windows 10 WinRE.wim image and an optional component (Feature Pack) called WinPE-WiFi-Package to provide support for adding wireless drivers to WinRE. My understanding is that WinRE.wim is just a modified version of a WinPE image, so I can use all the tolls and scripts available for customization of WinPE images.
Here, I will use PowerShell script to automate process of creating WinRE with wireless support.

How this script – Create-BootableWinReUSBDrive.ps1 automate process
1. You need to have Windows Assessment and Deployment Kit (Windows ADK) installed
2. Download WinRE-Wireless.zip package from the download section, under Application folder. After you download the file, please do the following:
3. Unzip the file (in my example C:\ WinRE-Wireless).
4. Connect your external USB Drive to your computer.
5. Find the PowerShell script named: Create-BootableWinReUSBDrive.ps1 (Important: there are two files: Create-BootableWinReUSBDrive.ps1 and WinRE-Build.ps1).
6. Ran as administrator the script named Create-BootableWinReUSBDrive.ps1, which opens a form as an interface to collect all necessary info for the second script named WinRE-Build.ps1 and create Media files that are necessary to make the external USB drive bootable.

Again, this is a two steps process, as described in my previous blogs and shown in the picture below:

Picture 01: in the first step you make your selections and start creating Bootable Media files.
During the first step, please make your selection: select the 32 or 64 Bit Architecture, custom (HTA or PowerShell) tool for WinRE boot option menus, the WinRE.wim file source folder, and the source folder named WinRE-Wireless by clicking ‘Browse Source’ button; once this folder is selected, please click ‘Start’ button to start creation of the Media files (i.e. the files and applications essential for booting USB drive). Important: do not close PowerShell Command line windows as shown below.

Picture 02: WinRE Wireless Media files being created, do not close command line window

Once all Media files are created, please proceed to the second step in order to make External USB Drive bootable. First click on ‘View Drive(s)’ button to display all available drives. Click the radio button to select the file system (FAT 32 or NTFS) to be used to format external USB drive(s). Finally, click ‘Run’ button to format selected USB drive(s) and copy all Media files.
Important: The column named ‘Partition Type’ with its green / red background color will help you distinguished the USB drive that reports itself as Fixed/Removable. The Removable USB drive should not be used with FAT32 option which creates two partitions.

Picture 03: Select a drive, click a radio button and finally click the ‘Run’ button to format the selected drive and copy Media files to the selected USB drive.

Finally, at the end of the second step, you will have a bootable USB drive with WinRE image, wireless support and custom menu option created. If you boot your computer using this USB drive you will see the menu option for Custom Tool (in my example HTA tool) and WinRE detecting Wi-Fi networks.

Picture 04: Custom menu option and Wi-Fi support

To download the WinRE-Wireless application, please go to the site’s download section, and expand the Application folder. In the compressed download file I’ve included a script to export WLAN profile(s).